Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ec2_vpc_net: Doesn't honour check_mode when updating CIDR #62678

Closed
tremble opened this issue Sep 20, 2019 · 5 comments
Closed

ec2_vpc_net: Doesn't honour check_mode when updating CIDR #62678

tremble opened this issue Sep 20, 2019 · 5 comments
Labels
affects_2.10 This issue/PR affects Ansible v2.10 aws bot_closed bug This issue/PR relates to a bug. cloud collection:amazon.aws collection Related to Ansible Collections work module This issue/PR relates to a module. needs_collection_redirect https://github.com/ansible/ansibullbot/blob/master/docs/collection_migration.md support:community This issue/PR relates to code supported by the Ansible community.

Comments

@tremble
Copy link
Contributor

tremble commented Sep 20, 2019

SUMMARY

Updating a VPC to add additional CIDRs while using check_mode still results in the CIDRs being updated.

Found while working on #62649

ISSUE TYPE
  • Bug Report
COMPONENT NAME

lib/ansible/modules/cloud/amazon/ec2_vpc_net.py

ANSIBLE VERSION
ansible 2.10.0.dev0
CONFIGURATION

N/A (ansible-test docker-container)

OS / ENVIRONMENT

N/A (ansible-test docker-container)

STEPS TO REPRODUCE
    - name: create a VPC
      ec2_vpc_net:
        state: present
        cidr_block: "{{ vpc_cidr }}"
        name: "{{ resource_prefix }}"
      register: result

    - name: modify CIDR (check mode)
      ec2_vpc_net:
        state: present
        cidr_block:
        - "{{ vpc_cidr }}"
        - "{{ vpc_cidr_a }}"
        name: "{{ resource_prefix }}"
      check_mode: true
      register: result
    - ec2_vpc_net_info:
        filters:
          "tag:Name": "{{ resource_prefix }}"
      register: vpc_info

    - name: Check the CIDRs weren't changed
      assert:
        that:
          - result is successful
          - result is changed

    - name: modify CIDR
      ec2_vpc_net:
        state: present
        cidr_block:
        - "{{ vpc_cidr }}"
        - "{{ vpc_cidr_a }}"
        name: "{{ resource_prefix }}"
      register: result
    - ec2_vpc_net_info:
        filters:
          "tag:Name": "{{ resource_prefix }}"
      register: vpc_info

    - name: assert the CIDRs changed
      assert:
        that:
          - result is successful
          - result is changed
EXPECTED RESULTS

Assertions pass, changes only occur when not running with "check_mode: yes"

ACTUAL RESULTS

Changes occur when running in check_mode

TASK [ec2_vpc_net : modify CIDR (check mode)] **********************************
task path: /root/.ansible/test/tmp/ec2_vpc_net-vqzsxkuq-ÅÑŚÌβŁÈ/test/integration/targets/ec2_vpc_net/tasks/main.yml:740
<testhost> ESTABLISH LOCAL CONNECTION FOR USER: root
<testhost> EXEC /bin/sh -c 'echo ~root && sleep 0'
<testhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-tmp-1569008607.6726809-132338659643665 `" && echo ansible-tmp-1569008607.6726809-132338659643665="` echo /root/.ansible/tmp/ansible-tmp-1569008607.6726809-132338659643665 `" ) && sleep 0'
Using module file /root/ansible/lib/ansible/modules/cloud/amazon/ec2_vpc_net.py
<testhost> PUT /root/.ansible/tmp/ansible-local-12439hnae7i/tmplz8xujeu TO /root/.ansible/tmp/ansible-tmp-1569008607.6726809-132338659643665/AnsiballZ_ec2_vpc_net.py
<testhost> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1569008607.6726809-132338659643665/ /root/.ansible/tmp/ansible-tmp-1569008607.6726809-132338659643665/AnsiballZ_ec2_vpc_net.py && sleep 0'
<testhost> EXEC /bin/sh -c 'ANSIBLE_DEBUG_BOTOCORE_LOGS=True /tmp/python-7ctv_uz6-ansible/python /root/.ansible/tmp/ansible-tmp-1569008607.6726809-132338659643665/AnsiballZ_ec2_vpc_net.py && sleep 0'
<testhost> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1569008607.6726809-132338659643665/ > /dev/null 2>&1 && sleep 0'
changed: [testhost] => {
    "changed": true,
    "invocation": {
        "module_args": {
            "aws_access_key": "REDACTED",
            "aws_secret_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "cidr_block": [
                "10.47.0.0/24",
                "10.47.1.0/24"
            ],
            "debug_botocore_endpoint_logs": true,
            "dhcp_opts_id": null,
            "dns_hostnames": true,
            "dns_support": true,
            "ec2_url": null,
            "ipv6_cidr": false,
            "multi_ok": false,
            "name": "ansible-test-mchappel-73215498",
            "profile": null,
            "purge_cidrs": false,
            "region": "us-west-2",
            "security_token": null,
            "state": "present",
            "tags": null,
            "tenancy": "default",
            "validate_certs": true
        }
    },
    "resource_actions": [
        "ec2:DescribeVpcs",
        "ec2:DescribeVpcClassicLink",
        "ec2:DescribeTags",
        "ec2:DescribeVpcAttribute",
        "ec2:AssociateVpcCidrBlock"
    ],
    "vpc": {
        "cidr_block": "10.47.0.0/24",
        "cidr_block_association_set": [
            {
                "association_id": "vpc-cidr-assoc-0b150b12ec7c698ac",
                "cidr_block": "10.47.0.0/24",
                "cidr_block_state": {
                    "state": "associated"
                }
            },
            {
                "association_id": "vpc-cidr-assoc-0fd91a06ea587c51e",
                "cidr_block": "10.47.1.0/24",
                "cidr_block_state": {
                    "state": "associated"
                }
            }
        ],
        "classic_link_enabled": false,
        "dhcp_options_id": "dopt-0b7a1610fee581ccf",
        "id": "vpc-06ba2aecc854f7ed3",
        "instance_tenancy": "default",
        "ipv6_cidr_block_association_set": [
            {
                "association_id": "vpc-cidr-assoc-05c685e888db71066",
                "ipv6_cidr_block": "2600:1f14:155:7100::/56",
                "ipv6_cidr_block_state": {
                    "state": "associated"
                }
            }
        ],
        "is_default": false,
        "owner_id": "000285366142",
        "state": "available",
        "tags": {
            "Ansible": "Test",
            "Name": "ansible-test-mchappel-73215498"
        }
    }
}

TASK [ec2_vpc_net : ec2_vpc_net_info] ******************************************
task path: /root/.ansible/test/tmp/ec2_vpc_net-vqzsxkuq-ÅÑŚÌβŁÈ/test/integration/targets/ec2_vpc_net/tasks/main.yml:749
<testhost> ESTABLISH LOCAL CONNECTION FOR USER: root
<testhost> EXEC /bin/sh -c 'echo ~root && sleep 0'
<testhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-tmp-1569008612.5818107-35002912459140 `" && echo ansible-tmp-1569008612.5818107-35002912459140="` echo /root/.ansible/tmp/ansible-tmp-1569008612.5818107-35002912459140 `" ) && sleep 0'
Using module file /root/ansible/lib/ansible/modules/cloud/amazon/ec2_vpc_net_info.py
<testhost> PUT /root/.ansible/tmp/ansible-local-12439hnae7i/tmp4ptve31s TO /root/.ansible/tmp/ansible-tmp-1569008612.5818107-35002912459140/AnsiballZ_ec2_vpc_net_info.py
<testhost> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1569008612.5818107-35002912459140/ /root/.ansible/tmp/ansible-tmp-1569008612.5818107-35002912459140/AnsiballZ_ec2_vpc_net_info.py && sleep 0'
<testhost> EXEC /bin/sh -c 'ANSIBLE_DEBUG_BOTOCORE_LOGS=True /tmp/python-7ctv_uz6-ansible/python /root/.ansible/tmp/ansible-tmp-1569008612.5818107-35002912459140/AnsiballZ_ec2_vpc_net_info.py && sleep 0'
<testhost> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1569008612.5818107-35002912459140/ > /dev/null 2>&1 && sleep 0'
ok: [testhost] => {
    "changed": false,
    "invocation": {
        "module_args": {
            "aws_access_key": "REDACTED",
            "aws_secret_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "debug_botocore_endpoint_logs": true,
            "ec2_url": null,
            "filters": {
                "tag:Name": "ansible-test-mchappel-73215498"
            },
            "profile": null,
            "region": "us-west-2",
            "security_token": null,
            "validate_certs": true,
            "vpc_ids": []
        }
    },
    "vpcs": [
        {
            "cidr_block": "10.47.0.0/24",
            "cidr_block_association_set": [
                {
                    "association_id": "vpc-cidr-assoc-0b150b12ec7c698ac",
                    "cidr_block": "10.47.0.0/24",
                    "cidr_block_state": {
                        "state": "associated"
                    }
                },
                {
                    "association_id": "vpc-cidr-assoc-0fd91a06ea587c51e",
                    "cidr_block": "10.47.1.0/24",
                    "cidr_block_state": {
                        "state": "associated"
                    }
                }
            ],
            "classic_link_dns_supported": false,
            "classic_link_enabled": false,
            "dhcp_options_id": "dopt-0b7a1610fee581ccf",
            "enable_dns_hostnames": true,
            "enable_dns_support": true,
            "id": "vpc-06ba2aecc854f7ed3",
            "instance_tenancy": "default",
            "ipv6_cidr_block_association_set": [
                {
                    "association_id": "vpc-cidr-assoc-05c685e888db71066",
                    "ipv6_cidr_block": "2600:1f14:155:7100::/56",
                    "ipv6_cidr_block_state": {
                        "state": "associated"
                    }
                }
            ],
            "is_default": false,
            "owner_id": "000285366142",
            "state": "available",
            "tags": {
                "Ansible": "Test",
                "Name": "ansible-test-mchappel-73215498"
            },
            "vpc_id": "vpc-06ba2aecc854f7ed3"
        }
    ]
}

TASK [ec2_vpc_net : Check the CIDRs weren't changed] ***************************
task path: /root/.ansible/test/tmp/ec2_vpc_net-vqzsxkuq-ÅÑŚÌβŁÈ/test/integration/targets/ec2_vpc_net/tasks/main.yml:754
ok: [testhost] => {
    "changed": false,
    "msg": "All assertions passed"
}

TASK [ec2_vpc_net : modify CIDR] ***********************************************
task path: /root/.ansible/test/tmp/ec2_vpc_net-vqzsxkuq-ÅÑŚÌβŁÈ/test/integration/targets/ec2_vpc_net/tasks/main.yml:760
<testhost> ESTABLISH LOCAL CONNECTION FOR USER: root
<testhost> EXEC /bin/sh -c 'echo ~root && sleep 0'
<testhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-tmp-1569008615.6728761-149363458930412 `" && echo ansible-tmp-1569008615.6728761-149363458930412="` echo /root/.ansible/tmp/ansible-tmp-1569008615.6728761-149363458930412 `" ) && sleep 0'
Using module file /root/ansible/lib/ansible/modules/cloud/amazon/ec2_vpc_net.py
<testhost> PUT /root/.ansible/tmp/ansible-local-12439hnae7i/tmpb4te9q2a TO /root/.ansible/tmp/ansible-tmp-1569008615.6728761-149363458930412/AnsiballZ_ec2_vpc_net.py
<testhost> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1569008615.6728761-149363458930412/ /root/.ansible/tmp/ansible-tmp-1569008615.6728761-149363458930412/AnsiballZ_ec2_vpc_net.py && sleep 0'
<testhost> EXEC /bin/sh -c 'ANSIBLE_DEBUG_BOTOCORE_LOGS=True /tmp/python-7ctv_uz6-ansible/python /root/.ansible/tmp/ansible-tmp-1569008615.6728761-149363458930412/AnsiballZ_ec2_vpc_net.py && sleep 0'
<testhost> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1569008615.6728761-149363458930412/ > /dev/null 2>&1 && sleep 0'
ok: [testhost] => {
    "changed": false,
    "invocation": {
        "module_args": {
            "aws_access_key": "REDACTED",
            "aws_secret_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "cidr_block": [
                "10.47.0.0/24",
                "10.47.1.0/24"
            ],
            "debug_botocore_endpoint_logs": true,
            "dhcp_opts_id": null,
            "dns_hostnames": true,
            "dns_support": true,
            "ec2_url": null,
            "ipv6_cidr": false,
            "multi_ok": false,
            "name": "ansible-test-mchappel-73215498",
            "profile": null,
            "purge_cidrs": false,
            "region": "us-west-2",
            "security_token": null,
            "state": "present",
            "tags": null,
            "tenancy": "default",
            "validate_certs": true
        }
    },
    "resource_actions": [
        "ec2:DescribeVpcClassicLink",
        "ec2:DescribeVpcAttribute",
        "ec2:DescribeTags",
        "ec2:DescribeVpcs"
    ],
    "vpc": {
        "cidr_block": "10.47.0.0/24",
        "cidr_block_association_set": [
            {
                "association_id": "vpc-cidr-assoc-0b150b12ec7c698ac",
                "cidr_block": "10.47.0.0/24",
                "cidr_block_state": {
                    "state": "associated"
                }
            },
            {
                "association_id": "vpc-cidr-assoc-0fd91a06ea587c51e",
                "cidr_block": "10.47.1.0/24",
                "cidr_block_state": {
                    "state": "associated"
                }
            }
        ],
        "classic_link_enabled": false,
        "dhcp_options_id": "dopt-0b7a1610fee581ccf",
        "id": "vpc-06ba2aecc854f7ed3",
        "instance_tenancy": "default",
        "ipv6_cidr_block_association_set": [
            {
                "association_id": "vpc-cidr-assoc-05c685e888db71066",
                "ipv6_cidr_block": "2600:1f14:155:7100::/56",
                "ipv6_cidr_block_state": {
                    "state": "associated"
                }
            }
        ],
        "is_default": false,
        "owner_id": "000285366142",
        "state": "available",
        "tags": {
            "Ansible": "Test",
            "Name": "ansible-test-mchappel-73215498"
        }
    }
}

TASK [ec2_vpc_net : ec2_vpc_net_info] ******************************************
task path: /root/.ansible/test/tmp/ec2_vpc_net-vqzsxkuq-ÅÑŚÌβŁÈ/test/integration/targets/ec2_vpc_net/tasks/main.yml:768
<testhost> ESTABLISH LOCAL CONNECTION FOR USER: root
<testhost> EXEC /bin/sh -c 'echo ~root && sleep 0'
<testhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-tmp-1569008619.7883456-183185654256984 `" && echo ansible-tmp-1569008619.7883456-183185654256984="` echo /root/.ansible/tmp/ansible-tmp-1569008619.7883456-183185654256984 `" ) && sleep 0'
Using module file /root/ansible/lib/ansible/modules/cloud/amazon/ec2_vpc_net_info.py
<testhost> PUT /root/.ansible/tmp/ansible-local-12439hnae7i/tmpm4npgb0u TO /root/.ansible/tmp/ansible-tmp-1569008619.7883456-183185654256984/AnsiballZ_ec2_vpc_net_info.py
<testhost> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1569008619.7883456-183185654256984/ /root/.ansible/tmp/ansible-tmp-1569008619.7883456-183185654256984/AnsiballZ_ec2_vpc_net_info.py && sleep 0'
<testhost> EXEC /bin/sh -c 'ANSIBLE_DEBUG_BOTOCORE_LOGS=True /tmp/python-7ctv_uz6-ansible/python /root/.ansible/tmp/ansible-tmp-1569008619.7883456-183185654256984/AnsiballZ_ec2_vpc_net_info.py && sleep 0'
<testhost> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1569008619.7883456-183185654256984/ > /dev/null 2>&1 && sleep 0'
ok: [testhost] => {
    "changed": false,
    "invocation": {
        "module_args": {
            "aws_access_key": "REDACTED",
            "aws_secret_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "debug_botocore_endpoint_logs": true,
            "ec2_url": null,
            "filters": {
                "tag:Name": "ansible-test-mchappel-73215498"
            },
            "profile": null,
            "region": "us-west-2",
            "security_token": null,
            "validate_certs": true,
            "vpc_ids": []
        }
    },
    "vpcs": [
        {
            "cidr_block": "10.47.0.0/24",
            "cidr_block_association_set": [
                {
                    "association_id": "vpc-cidr-assoc-0b150b12ec7c698ac",
                    "cidr_block": "10.47.0.0/24",
                    "cidr_block_state": {
                        "state": "associated"
                    }
                },
                {
                    "association_id": "vpc-cidr-assoc-0fd91a06ea587c51e",
                    "cidr_block": "10.47.1.0/24",
                    "cidr_block_state": {
                        "state": "associated"
                    }
                }
            ],
            "classic_link_dns_supported": false,
            "classic_link_enabled": false,
            "dhcp_options_id": "dopt-0b7a1610fee581ccf",
            "enable_dns_hostnames": true,
            "enable_dns_support": true,
            "id": "vpc-06ba2aecc854f7ed3",
            "instance_tenancy": "default",
            "ipv6_cidr_block_association_set": [
                {
                    "association_id": "vpc-cidr-assoc-05c685e888db71066",
                    "ipv6_cidr_block": "2600:1f14:155:7100::/56",
                    "ipv6_cidr_block_state": {
                        "state": "associated"
                    }
                }
            ],
            "is_default": false,
            "owner_id": "000285366142",
            "state": "available",
            "tags": {
                "Ansible": "Test",
                "Name": "ansible-test-mchappel-73215498"
            },
            "vpc_id": "vpc-06ba2aecc854f7ed3"
        }
    ]
}

TASK [ec2_vpc_net : assert the CIDRs changed] **********************************
task path: /root/.ansible/test/tmp/ec2_vpc_net-vqzsxkuq-ÅÑŚÌβŁÈ/test/integration/targets/ec2_vpc_net/tasks/main.yml:773
fatal: [testhost]: FAILED! => {
    "assertion": "result is changed",
    "changed": false,
    "evaluated_to": false,
    "msg": "Assertion failed"
}
@ansibot
Copy link
Contributor

ansibot commented Sep 23, 2019

Files identified in the description:

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

@ansibot
Copy link
Contributor

ansibot commented Sep 23, 2019

cc @defionscode @s-hertel
click here for bot help

@ansibot
Copy link
Contributor

ansibot commented Sep 23, 2019

@tremble, just so you are aware we have a dedicated Working Group for aws.
You can find other people interested in this in #ansible-aws on Freenode IRC
For more information about communities, meetings and agendas see https://github.com/ansible/community

click here for bot help

@ansibot ansibot added affects_2.10 This issue/PR affects Ansible v2.10 aws bug This issue/PR relates to a bug. cloud module This issue/PR relates to a module. needs_triage Needs a first human triage before being processed. support:core This issue/PR relates to code supported by the Ansible Engineering Team. labels Sep 23, 2019
@samdoran samdoran removed the needs_triage Needs a first human triage before being processed. label Oct 1, 2019
@ansibot
Copy link
Contributor

ansibot commented Jan 29, 2020

cc @jillr
click here for bot help

@ansibot ansibot added collection Related to Ansible Collections work collection:amazon.aws needs_collection_redirect https://github.com/ansible/ansibullbot/blob/master/docs/collection_migration.md support:community This issue/PR relates to code supported by the Ansible community. and removed support:core This issue/PR relates to code supported by the Ansible Engineering Team. labels Apr 29, 2020
@ansibot
Copy link
Contributor

ansibot commented Aug 16, 2020

Thank you very much for your interest in Ansible. Ansible has migrated much of the content into separate repositories to allow for more rapid, independent development. We are closing this issue/PR because this content has been moved to one or more collection repositories.

For further information, please see:
https://github.com/ansible/ansibullbot/blob/master/docs/collection_migration.md

@ansibot ansibot closed this as completed Aug 16, 2020
@ansible ansible locked and limited conversation to collaborators Sep 13, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
affects_2.10 This issue/PR affects Ansible v2.10 aws bot_closed bug This issue/PR relates to a bug. cloud collection:amazon.aws collection Related to Ansible Collections work module This issue/PR relates to a module. needs_collection_redirect https://github.com/ansible/ansibullbot/blob/master/docs/collection_migration.md support:community This issue/PR relates to code supported by the Ansible community.
Projects
None yet
Development

No branches or pull requests

3 participants