-
Notifications
You must be signed in to change notification settings - Fork 398
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
A few questions about security groups with respect to RDS #632
Comments
Files identified in the description: If these files are inaccurate, please update the |
@mcandre: Greetings! Thanks for taking the time to open this issue. In order for the community to handle your issue effectively, we need a bit more information. Here are the items we could not find in your description:
Please set the description of this issue with this template: |
Thanks for taking the time to open this issue. It would be helpful if you could use the template that should be automatically pre-populated when you create a new issue through the web UI. It asks for various pieces of information which help us understand the issue you're seeing. I'm guessing that you're referring to the community.aws.rds module (over in https://github.com/ansible-collections/community.aws/). Taking a quick look at the code, the difference is related to whether or not your RDS instance is created inside a VPC or not (only 'EC2 Classic' accounts can create a DB outside of a VPC, this feature has been deprecated by Amazon). For VPC based RDS instances you'll need to use the vpc_security_groups parameter. Unfortunately you didn't provide any examples, so it's difficult to tell if the issue you're reporting is related to a bug in the code or a problem with the way the module is being used. Please note: |
In that case, it would be tremendously helpful to officially, loudly deprecate the older module. |
Formally start the rds deprecation process SUMMARY The rds module is based upon the deprecated boto (not boto3/botocore) SDK and its functionality has been replaced by the rds_instance, rds_snapshot and rds_instance_info modules. ISSUE TYPE Feature Pull Request COMPONENT NAME rds ADDITIONAL INFORMATION See also #632 Reviewed-by: Felix Fontein <None> Reviewed-by: Markus Bergholz <[email protected]> Reviewed-by: Jill R <None> Reviewed-by: None <None>
…le-collections#632) Disable broken integration test - lookup_aws_account_attribute SUMMARY After going through the joys of bisecting recent changes ansible/ansible#75587 appears to have broken the test when running 'wantlist=False' ISSUE TYPE Feature Pull Request COMPONENT NAME aws_account_attribute ADDITIONAL INFORMATION TASK [lookup_aws_account_attribute : Fetch all account attributes (wantlist=False)] ******************************************************************************************************************************* task path: /root/ansible_collections/amazon/aws/tests/output/.tmp/integration/lookup_aws_account_attribute-bjtiq49h-ÅÑŚÌβŁÈ/tests/integration/targets/lookup_aws_account_attribute/tasks/main.yaml:50 The full traceback is: Traceback (most recent call last): File "/root/ansible/lib/ansible/executor/task_executor.py", line 503, in _execute self._task.post_validate(templar=templar) File "/root/ansible/lib/ansible/playbook/task.py", line 283, in post_validate super(Task, self).post_validate(templar) File "/root/ansible/lib/ansible/playbook/base.py", line 650, in post_validate value = templar.template(getattr(self, name)) File "/root/ansible/lib/ansible/template/__init__.py", line 874, in template d[k] = self.template( File "/root/ansible/lib/ansible/template/__init__.py", line 842, in template result = self.do_template( File "/root/ansible/lib/ansible/template/__init__.py", line 1101, in do_template res = ansible_concat(rf, convert_data, myenv.variable_start_string) File "/root/ansible/lib/ansible/template/native_helpers.py", line 60, in ansible_concat head = list(islice(nodes, 2)) File "<template>", line 13, in root File "/usr/lib/python3.10/dist-packages/jinja2/runtime.py", line 349, in call return __obj(*args, **kwargs) File "/root/ansible/lib/ansible/template/__init__.py", line 1013, in _lookup if isinstance(ran[0], NativeJinjaText): KeyError: 0 fatal: [testhost]: FAILED! => { "changed": false } Reviewed-by: Alina Buzachis <None> Reviewed-by: None <None>
ansible-collections#630) [Breaking Change] Remove support for old boto SDK (not boto3/botocore) SUMMARY It is time. It's almost 3 years since the last code commit to the original boto library. We have deprecated and migrated. With 4.0.0 it is time for the last boto module and the relevant support code to be retired. Depends-On: ansible-collections#632 Depends-On: ansible-collections#639 ISSUE TYPE Feature Pull Request COMPONENT NAME plugins/modules/ec2.py plugins/module_utils/ec2.py plugins/doc_fragments/aws.py ADDITIONAL INFORMATION IMO we should branch stable-3 sooner rather than later and start the cleanup work. cc @jillr Reviewed-by: Brian Scholer <None> Reviewed-by: Jill R <None> Reviewed-by: Mark Chappell <None> Reviewed-by: Alina Buzachis <None>
What is the difference between the
security_groups
vs.vpc_security_groups
parameters?Can the RDS validator please do a better job of warning when security group associations are attempted to change? Because right now, it silently fails to apply security group association changes to RDS clusters. This appears to be the kind of change that requires a completely new RDS cluster, but the present validation never identifies this edge case.
The text was updated successfully, but these errors were encountered: