Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

A few questions about security groups with respect to RDS #632

Closed
mcandre opened this issue Jul 7, 2021 · 4 comments · Fixed by #663
Closed

A few questions about security groups with respect to RDS #632

mcandre opened this issue Jul 7, 2021 · 4 comments · Fixed by #663
Labels
feature This issue/PR relates to a feature request needs_info This issue requires further information. Please answer any outstanding questions needs_template This issue/PR has an incomplete description. Please fill in the proposed template correctly needs_triage

Comments

@mcandre
Copy link

mcandre commented Jul 7, 2021

What is the difference between the security_groups vs. vpc_security_groups parameters?

Can the RDS validator please do a better job of warning when security group associations are attempted to change? Because right now, it silently fails to apply security group association changes to RDS clusters. This appears to be the kind of change that requires a completely new RDS cluster, but the present validation never identifies this edge case.

@ansibullbot
Copy link

Files identified in the description:
None

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

@ansibullbot
Copy link

@mcandre: Greetings! Thanks for taking the time to open this issue. In order for the community to handle your issue effectively, we need a bit more information.

Here are the items we could not find in your description:

  • issue type
  • ansible version
  • component name

Please set the description of this issue with this template:
https://raw.githubusercontent.com/ansible/ansible/devel/.github/ISSUE_TEMPLATE/bug_report.md

click here for bot help

@tremble
Copy link
Contributor

tremble commented Jul 8, 2021

@mcandre,

Thanks for taking the time to open this issue.

It would be helpful if you could use the template that should be automatically pre-populated when you create a new issue through the web UI. It asks for various pieces of information which help us understand the issue you're seeing.

I'm guessing that you're referring to the community.aws.rds module (over in https://github.com/ansible-collections/community.aws/).

Taking a quick look at the code, the difference is related to whether or not your RDS instance is created inside a VPC or not (only 'EC2 Classic' accounts can create a DB outside of a VPC, this feature has been deprecated by Amazon). For VPC based RDS instances you'll need to use the vpc_security_groups parameter.

Unfortunately you didn't provide any examples, so it's difficult to tell if the issue you're reporting is related to a bug in the code or a problem with the way the module is being used.

Please note:
While the community.aws.rds module hasn't been officially deprecated it's based upon the old "boto" SDK rather than the more recent "boto3/botocore" SDK. Similar functionality should be available in the community.aws.rds_instance module which is based upon the boto3 SDK and I would recommend that you use the rds_instance module in preference to the rds module. The rds_instance module has a db_security_group option in place of the security_group option, which explicitly calls out that it's related to an 'EC2 Classic' feature.

@tremble tremble transferred this issue from ansible-collections/amazon.aws Jul 11, 2021
@ansibullbot ansibullbot added feature This issue/PR relates to a feature request needs_info This issue requires further information. Please answer any outstanding questions needs_template This issue/PR has an incomplete description. Please fill in the proposed template correctly needs_triage labels Jul 11, 2021
@mcandre
Copy link
Author

mcandre commented Jul 29, 2021

In that case, it would be tremendously helpful to officially, loudly deprecate the older module.

@tremble tremble linked a pull request Jul 30, 2021 that will close this issue
ansible-zuul bot added a commit that referenced this issue Aug 2, 2021
Formally start the rds deprecation process

SUMMARY
The rds module is based upon the deprecated boto (not boto3/botocore) SDK and its functionality has been replaced by the rds_instance, rds_snapshot and rds_instance_info modules.
ISSUE TYPE

Feature Pull Request

COMPONENT NAME
rds
ADDITIONAL INFORMATION
See also #632

Reviewed-by: Felix Fontein <None>
Reviewed-by: Markus Bergholz <[email protected]>
Reviewed-by: Jill R <None>
Reviewed-by: None <None>
alinabuzachis pushed a commit to alinabuzachis/community.aws that referenced this issue May 25, 2022
…le-collections#632)

Disable broken integration test - lookup_aws_account_attribute

SUMMARY
After going through the joys of bisecting recent changes ansible/ansible#75587 appears to have broken the test when running 'wantlist=False'
ISSUE TYPE

Feature Pull Request

COMPONENT NAME
aws_account_attribute
ADDITIONAL INFORMATION
TASK [lookup_aws_account_attribute : Fetch all account attributes (wantlist=False)] *******************************************************************************************************************************
task path: /root/ansible_collections/amazon/aws/tests/output/.tmp/integration/lookup_aws_account_attribute-bjtiq49h-ÅÑŚÌβŁÈ/tests/integration/targets/lookup_aws_account_attribute/tasks/main.yaml:50
The full traceback is:
Traceback (most recent call last):
  File "/root/ansible/lib/ansible/executor/task_executor.py", line 503, in _execute
    self._task.post_validate(templar=templar)
  File "/root/ansible/lib/ansible/playbook/task.py", line 283, in post_validate
    super(Task, self).post_validate(templar)
  File "/root/ansible/lib/ansible/playbook/base.py", line 650, in post_validate
    value = templar.template(getattr(self, name))
  File "/root/ansible/lib/ansible/template/__init__.py", line 874, in template
    d[k] = self.template(
  File "/root/ansible/lib/ansible/template/__init__.py", line 842, in template
    result = self.do_template(
  File "/root/ansible/lib/ansible/template/__init__.py", line 1101, in do_template
    res = ansible_concat(rf, convert_data, myenv.variable_start_string)
  File "/root/ansible/lib/ansible/template/native_helpers.py", line 60, in ansible_concat
    head = list(islice(nodes, 2))
  File "<template>", line 13, in root
  File "/usr/lib/python3.10/dist-packages/jinja2/runtime.py", line 349, in call
    return __obj(*args, **kwargs)
  File "/root/ansible/lib/ansible/template/__init__.py", line 1013, in _lookup
    if isinstance(ran[0], NativeJinjaText):
KeyError: 0
fatal: [testhost]: FAILED! => {
    "changed": false
}

Reviewed-by: Alina Buzachis <None>
Reviewed-by: None <None>
alinabuzachis pushed a commit to alinabuzachis/community.aws that referenced this issue May 25, 2022
ansible-collections#630)

[Breaking Change] Remove support for old boto SDK (not boto3/botocore)

SUMMARY
It is time.
It's almost 3 years since the last code commit to the original boto library.  We have deprecated and migrated.  With 4.0.0 it is time for the last boto module and the relevant support code to be retired.
Depends-On: ansible-collections#632
Depends-On: ansible-collections#639
ISSUE TYPE

Feature Pull Request

COMPONENT NAME
plugins/modules/ec2.py
plugins/module_utils/ec2.py
plugins/doc_fragments/aws.py
ADDITIONAL INFORMATION
IMO we should branch stable-3 sooner rather than later and start the cleanup work.
cc @jillr

Reviewed-by: Brian Scholer <None>
Reviewed-by: Jill R <None>
Reviewed-by: Mark Chappell <None>
Reviewed-by: Alina Buzachis <None>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature This issue/PR relates to a feature request needs_info This issue requires further information. Please answer any outstanding questions needs_template This issue/PR has an incomplete description. Please fill in the proposed template correctly needs_triage
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants