Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ec2_vpc_nacl: Associating subnets by name results in "changed" every time #568

Closed
srittau opened this issue May 6, 2021 · 1 comment
Closed

Comments

@srittau
Copy link

srittau commented May 6, 2021

SUMMARY

Associating subnets by name results in "changed" every time.

ISSUE TYPE
  • Bug Report
COMPONENT NAME

ec2_vpc_nacl

ANSIBLE VERSION
ansible 2.10.8
  config file = /home/srittau/[...]/ansible.cfg
  configured module search path = ['/home/srittau/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/srittau/.ansible-venv/lib/python3.7/site-packages/ansible
  executable location = /home/srittau/.bin/ansible
  python version = 3.7.3 (default, Jan 22 2021, 20:04:44) [GCC 8.3.0]
CONFIGURATION
COLLECTIONS_PATHS(/home/srittau/[...]/ansible.cfg) = ['/home/srittau/[...]']
DEFAULT_EXECUTABLE(/home/srittau/[...]/ansible.cfg) = /bin/bash
DEFAULT_HOST_LIST(/home/srittau/[...]/ansible.cfg) = ['/home/srittau/[...]/inventory.yml']
DEFAULT_ROLES_PATH(/home/srittau/[...]/ansible.cfg) = ['/home/srittau/[...]/roles']
DEFAULT_VAULT_PASSWORD_FILE(/home/srittau/[...]/ansible.cfg) = [...]
INTERPRETER_PYTHON(/home/srittau/[...]/ansible.cfg) = /usr/bin/python3
OS / ENVIRONMENT

Debian GNU/Linux 10 (buster)

STEPS TO REPRODUCE

Running the following step multiple times:

    - name: configure network ACL
      community.aws.ec2_vpc_nacl:
        # ...
        nacl_id: # ...
        vpc_id: # ...
        ingress: # ...
        egress: # ...
        subnets: ["foo", "bar"]
        state: present
EXPECTED RESULTS

Reporting "changed" for the first run and "ok" for subsequent runs.

ACTUAL RESULTS

Reports "changed" every run.

PROBABLE CAUSE AND FIX

It looks as if the module queries for existing subnets using the tag:Name filter. AWS uses a lower-case name tag in its frontend and it seems as if this filter is case-sensitive. Indeed changing both instance of tag:Name to tag:name in plugins/modules/ec2_vpc_nacl.py fixed the problem for me.

alinabuzachis pushed a commit to alinabuzachis/community.aws that referenced this issue May 25, 2022
…o.py (ansible-collections#568)

Move ec2_vol_info example from ec2_vol_info_module.rst to ec2_vol_info.py

SUMMARY
ansible-collections#561 put it in the wrong place and release prep overwrites it.
ISSUE TYPE

Docs Pull Request

COMPONENT NAME
ec2_vol_info
ADDITIONAL INFORMATION

Reviewed-by: Felix Fontein <None>
Reviewed-by: None <None>
@tremble
Copy link
Contributor

tremble commented Jul 10, 2022

Hi @srittau,

Sorry it's taken so long to get back to you.

I'm unable to reproduce this issue with the current version of this collection. Looking at our integration tests we also already have an integration test which checks for idempotency when associating NACLs to subnets by name. If you're able to reproduce the issue, then feel free to reopen the issue. However we'll need more detailed information. The best option would be if you could reproduce it using ansible-playbook -vvv and calling:

  • ec2_vpc_nacl
  • ec2_vpc_nacl_info
  • ec2_vpc_nacl
  • ec2_vpc_nacl_info

While I understand the desire not to expose Account / resource IDs / credentials, and you can redact them, it would be helpful to have as much information about how you're invoking the module as possible, your comments about tag:Name make me suspect there might be something related to tagging in the rest of the way you're invoking the module (possibly related to tagging which was cleaned up in #1189).

@tremble tremble closed this as completed Jul 10, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants