elb_classic_lb - failed to create https listener #686

anjo-swe · 2022-02-18T03:25:23Z

Summary

When i try to create a classic ELB it fails to add a HTTPS listener even if i provide ssl_certificate_id

Locally i fixed the issue by updating https://github.com/ansible-collections/amazon.aws/blob/main/plugins/modules/elb_classic_lb.py#L903

From: return snake_dict_to_camel_dict(listener, True)
To: return formatted_listener (already converted & has SSLCertificateId)

Issue Type

Bug Report

Component Name

elb_classic_lb

Ansible Version

$ ansible --version

ansible [core 2.12.0]
  config file = /Users/<USER>/Source/dataintelligence-ansible/ansible.cfg
  configured module search path = ['/Users/<USER>/Source/dataintelligence-ansible/library']
  ansible python module location = /Users/<USER>/Source/dataintelligence-ansible/.runtime/.pyvenv/lib/python3.9/site-packages/ansible
  ansible collection location = /Users/<USER>/.ansible/collections:/usr/share/ansible/collections
  executable location = /Users/<USER>/Source/dataintelligence-ansible/.runtime/.pyvenv/bin/ansible
  python version = 3.9.8 (main, Nov 18 2021, 16:08:04) [Clang 12.0.5 (clang-1205.0.22.9)]
  jinja version = 3.0.3
  libyaml = True

Collection Versions

$ ansible-galaxy collection list

# /Users/<USER>/Source/dataintelligence-ansible/.runtime/.pyvenv/lib/python3.9/site-packages/ansible_collections
Collection                    Version
----------------------------- -------
amazon.aws                    2.1.0
ansible.netcommon             2.4.0
ansible.posix                 1.3.0
ansible.utils                 2.4.2
ansible.windows               1.8.0
arista.eos                    3.1.0
awx.awx                       19.4.0
azure.azcollection            1.10.0
check_point.mgmt              2.1.1
chocolatey.chocolatey         1.1.0
cisco.aci                     2.1.0
cisco.asa                     2.1.0
cisco.intersight              1.0.17
cisco.ios                     2.5.0
cisco.iosxr                   2.5.0
cisco.ise                     1.2.1
cisco.meraki                  2.5.0
cisco.mso                     1.2.0
cisco.nso                     1.0.3
cisco.nxos                    2.7.1
cisco.ucs                     1.6.0
cloud.common                  2.1.0
cloudscale_ch.cloud           2.2.0
community.aws                 2.1.0
community.azure               1.1.0
community.ciscosmb            1.0.4
community.crypto              2.0.1
community.digitalocean        1.12.0
community.dns                 2.0.3
community.docker              2.0.1
community.fortios             1.0.0
community.general             4.0.2
community.google              1.0.0
community.grafana             1.2.3
community.hashi_vault         2.0.0
community.hrobot              1.2.1
community.kubernetes          2.0.1
community.kubevirt            1.0.0
community.libvirt             1.0.2
community.mongodb             1.3.2
community.mysql               2.3.1
community.network             3.0.0
community.okd                 2.1.0
community.postgresql          1.5.0
community.proxysql            1.3.0
community.rabbitmq            1.1.0
community.routeros            2.0.0
community.skydive             1.0.0
community.sops                1.2.0
community.vmware              1.16.0
community.windows             1.8.0
community.zabbix              1.5.0
containers.podman             1.8.2
cyberark.conjur               1.1.0
cyberark.pas                  1.0.13
dellemc.enterprise_sonic      1.1.0
dellemc.openmanage            4.2.0
dellemc.os10                  1.1.1
dellemc.os6                   1.0.7
dellemc.os9                   1.0.4
f5networks.f5_modules         1.12.0
fortinet.fortimanager         2.1.4
fortinet.fortios              2.1.3
frr.frr                       1.0.3
gluster.gluster               1.0.2
google.cloud                  1.0.2
hetzner.hcloud                1.6.0
hpe.nimble                    1.1.3
ibm.qradar                    1.0.3
infinidat.infinibox           1.3.0
infoblox.nios_modules         1.1.2
inspur.sm                     1.3.0
junipernetworks.junos         2.6.0
kubernetes.core               2.2.1
mellanox.onyx                 1.0.0
netapp.aws                    21.7.0
netapp.azure                  21.10.0
netapp.cloudmanager           21.12.0
netapp.elementsw              21.7.0
netapp.ontap                  21.13.1
netapp.storagegrid            21.7.0
netapp.um_info                21.8.0
netapp_eseries.santricity     1.2.13
netbox.netbox                 3.3.0
ngine_io.cloudstack           2.2.2
ngine_io.exoscale             1.0.0
ngine_io.vultr                1.1.0
openstack.cloud               1.5.3
openvswitch.openvswitch       2.0.2
ovirt.ovirt                   1.6.5
purestorage.flasharray        1.11.0
purestorage.flashblade        1.8.1
sensu.sensu_go                1.12.0
servicenow.servicenow         1.0.6
splunk.es                     1.0.2
t_systems_mms.icinga_director 1.24.0
theforeman.foreman            2.2.0
vyos.vyos                     2.6.0
wti.remote                    1.0.3

AWS SDK versions

$ pip show boto boto3 botocore

Name: boto
Version: 2.49.0
Summary: Amazon Web Services Library
Home-page: https://github.com/boto/boto/
Author: Mitch Garnaat
Author-email: [email protected]
License: MIT
Location: /Users/<USER>/Source/dataintelligence-ansible/.runtime/.pyvenv/lib/python3.9/site-packages
Requires:
Required-by:
---
Name: boto3
Version: 1.20.11
Summary: The AWS SDK for Python
Home-page: https://github.com/boto/boto3
Author: Amazon Web Services
Author-email:
License: Apache License 2.0
Location: /Users/<USER>/Source/dataintelligence-ansible/.runtime/.pyvenv/lib/python3.9/site-packages
Requires: botocore, jmespath, s3transfer
Required-by:
---
Name: botocore
Version: 1.23.11
Summary: Low-level, data-driven core of boto 3.
Home-page: https://github.com/boto/botocore
Author: Amazon Web Services
Author-email:
License: Apache License 2.0
Location: /Users/<USER>/Source/dataintelligence-ansible/.runtime/.pyvenv/lib/python3.9/site-packages
Requires: jmespath, python-dateutil, urllib3
Required-by: boto3, s3transfer

Configuration

$ ansible-config dump --only-changed

DEFAULT_CALLBACK_PLUGIN_PATH(/Users/<USER>/Source/dataintelligence-ansible/ansible.cfg) = ['/Users/<USER>/Source/dataintelligence-ansible/plugins/callbacks']
DEFAULT_FILTER_PLUGIN_PATH(/Users/<USER>/Source/dataintelligence-ansible/ansible.cfg) = ['/Users/<USER>/Source/dataintelligence-ansible/plugins/filters']
DEFAULT_FORKS(/Users/<USER>/Source/dataintelligence-ansible/ansible.cfg) = 55
DEFAULT_HOST_LIST(/Users/<USER>/Source/dataintelligence-ansible/ansible.cfg) = ['/Users/<USER>/Source/dataintelligence-ansible/inventory/dev']
DEFAULT_INVENTORY_PLUGIN_PATH(/Users/<USER>/Source/dataintelligence-ansible/ansible.cfg) = ['/Users/<USER>/Source/dataintelligence-ansible/plugins/inventory']
DEFAULT_JINJA2_EXTENSIONS(/Users/<USER>/Source/dataintelligence-ansible/ansible.cfg) = jinja2.ext.do
DEFAULT_LOOKUP_PLUGIN_PATH(/Users/<USER>/Source/dataintelligence-ansible/ansible.cfg) = ['/Users/<USER>/Source/dataintelligence-ansible/plugins/lookups']
DEFAULT_MANAGED_STR(/Users/<USER>/Source/dataintelligence-ansible/ansible.cfg) = WARNING!!!! This file is managed by Ansible. Any changes will be overwritten.
DEFAULT_MODULE_PATH(/Users/<USER>/Source/dataintelligence-ansible/ansible.cfg) = ['/Users/<USER>/Source/dataintelligence-ansible/library']
DEFAULT_ROLES_PATH(/Users/<USER>/Source/dataintelligence-ansible/ansible.cfg) = ['/Users/<USER>/Source/dataintelligence-ansible/roles']
DEFAULT_STDOUT_CALLBACK(/Users/<USER>/Source/dataintelligence-ansible/ansible.cfg) = yaml
DEFAULT_TEST_PLUGIN_PATH(/Users/<USER>/Source/dataintelligence-ansible/ansible.cfg) = ['/Users/<USER>/Source/dataintelligence-ansible/plugins/tests']
DEFAULT_TIMEOUT(/Users/<USER>/Source/dataintelligence-ansible/ansible.cfg) = 30
HOST_KEY_CHECKING(/Users/<USER>/Source/dataintelligence-ansible/ansible.cfg) = False
INVENTORY_ANY_UNPARSED_IS_FAILED(/Users/<USER>/Source/dataintelligence-ansible/ansible.cfg) = True
INVENTORY_ENABLED(/Users/<USER>/Source/dataintelligence-ansible/ansible.cfg) = ['host_list', 'script', 'meta']
TRANSFORM_INVALID_GROUP_CHARS(/Users/<USER>/Source/dataintelligence-ansible/ansible.cfg) = ignore

OS / Environment

macOS 11.6

Steps to Reproduce

---
- name: test playbook
  hosts: localhost
  gather_facts: false
  vars:
    elb_definition:
      connection_draining_timeout: 5
      health_check:
        healthy_threshold: 5
        interval: 5
        ping_path: /verify/service/name/service-name
        ping_port: 8599
        ping_protocol: http
        response_timeout: 3
        unhealthy_threshold: 2
      listeners:
        - instance_port: 8080
          instance_protocol: http
          load_balancer_port: 443
          protocol: https
          ssl_certificate_id: arn:aws:acm:us-east-1:1234...
      name: dev-service-name
      region: us-east-1
      security_group_names:
        - sec-dev-admin
        - sec-dev
      state: present
      subnets:
        - subnet-...
        - subnet-...
      tags:
        CreatedBy: <USER>
        Lifecycle: dev
        Service: service-name

  tasks:
    - name: Create load balancer
      amazon.aws.elb_classic_lb: "{{ elb_definition }}"
      register: created_load_balancer

Expected Results

Classic ELB named dev-service-name with a HTTPS listener

Actual Results

TASK [Create load balancer] ****************************************************
[WARNING]: Using a variable for a task's 'args' is unsafe in some situations
(see
https://docs.ansible.com/ansible/devel/reference_appendices/faq.html#argsplat-
unsafe)
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: botocore.exceptions.ClientError: An error occurred (ValidationError) when calling the CreateLoadBalancer operation: Secure Listeners need to specify a SSLCertificateId
fatal: [localhost -> 127.0.0.1]: FAILED! => changed=false 
  boto3_version: 1.20.48
  botocore_version: 1.23.48
  error:
    code: ValidationError
    message: Secure Listeners need to specify a SSLCertificateId
    type: Sender
  msg: 'Failed to create load balancer: An error occurred (ValidationError) when calling the CreateLoadBalancer operation: Secure Listeners need to specify a SSLCertificateId'
  response_metadata:
    http_headers:
      connection: close
      content-length: '314'
      content-type: text/xml
      date: Fri, 18 Feb 2022 00:43:23 GMT
      x-amzn-requestid: 28d50f62-85a3-4cf7-8977-fd5e96ee1b2d
    http_status_code: 400
    request_id: 28d50f62-85a3-4cf7-8977-fd5e96ee1b2d
    retry_attempts: 0

Code of Conduct

I agree to follow the Ansible Code of Conduct

The text was updated successfully, but these errors were encountered:

ansibullbot · 2022-02-18T03:28:56Z

Files identified in the description:

[plugins/modules/elb_classic_lb.py](https://github.com/['ansible-collections/amazon.aws', 'ansible-collections/community.aws', 'ansible-collections/community.vmware']/blob/main/plugins/modules/elb_classic_lb.py)

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

ansibullbot · 2022-02-18T03:28:56Z

cc @jillr @jsdalton @s-hertel @tremble
click here for bot help

alinabuzachis · 2022-02-23T10:34:17Z

@anjo-swe Thank you for raising this. Would you be willing to open a pull request with your patch and add an integration test for it (if it's not already covered)? In addition, you also should add a changelog fragment.

…lude SSLCertificateId (#860) [WIP] elb_classic_lb: fix return value _format_listener method to include SSLCertificateId SUMMARY Fixes #686. Current return value of _format_listener method does not include SSLCertificateId even if it is provided in the playbook, causing the failure as reported in above mentioned issue. Sample return value: {'InstancePort': 8080, 'InstanceProtocol': 'HTTP', 'LoadBalancerPort': 443, 'Protocol': 'HTTPS'} This can be fixed by modifying the return value of _format_listener method to formatted_listener, which includes SSLCertificateId if provided in the playbook. Sample return Value: {'InstancePort': 8080, 'InstanceProtocol': 'HTTP', 'LoadBalancerPort': 443, 'Protocol': 'HTTPS', 'SSLCertificateId': 'arn:aws:acm:us-east-1:1234...'} ISSUE TYPE Bugfix Pull Request COMPONENT NAME elb_classic_lb Reviewed-by: Mark Chappell <None>

…s3_bucket_info aws_s3_bucket_info - Add a check for botocore>='1.18.11' when pulling bucket_ownership_controls SUMMARY Fetching bucket_ownership_controls requires botocore>='1.18.11' add a check and update the tests to explicitly require this version of botocore when testing accessing bucket_ownership_controls ISSUE TYPE Bugfix Pull Request COMPONENT NAME aws_s3_bucket_info ADDITIONAL INFORMATION Depends-On: ansible-collections#686 Reviewed-by: Alina Buzachis <None> Reviewed-by: None <None>

…letion_idempotency aws_secret - fix deletion idempotency when not using instant deletion SUMMARY If you try to delete a secret that's already pending deletion the aws_secret threw an exception because result hadn't been defined. Also enables basic tests for aws_secret. note: "something" is broken with the rotation tests, so these are skipped for now. Better that we have partial test coverage than none. ISSUE TYPE Bugfix Pull Request COMPONENT NAME aws_secret ADDITIONAL INFORMATION An exception occurred during task execution. To see the full traceback, use -vvv. The error was: UnboundLocalError: local variable 'result' referenced before assignment fatal: [testhost]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/root/.ansible/tmp/ansible-tmp-1628676235.3853-364-73867477372190/AnsiballZ_aws_secret.py\", line 114, in <module>\n _ansiballz_main()\n File \"/root/.ansible/tmp/ansible-tmp-1628676235.3853-364-73867477372190/AnsiballZ_aws_secret.py\", line 106, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/root/.ansible/tmp/ansible-tmp-1628676235.3853-364-73867477372190/AnsiballZ_aws_secret.py\", line 54, in invoke_module\n runpy.run_module(mod_name='ansible_collections.community.aws.plugins.modules.aws_secret', init_globals=dict(_module_fqn='ansible_collections.community.aws.plugins.modules.aws_secret', _modlib_path=modlib_path),\n File \"/usr/lib/python3.9/runpy.py\", line 210, in run_module\n return _run_module_code(code, init_globals, run_name, mod_spec)\n File \"/usr/lib/python3.9/runpy.py\", line 97, in _run_module_code\n _run_code(code, mod_globals, init_globals,\n File \"/usr/lib/python3.9/runpy.py\", line 87, in _run_code\n exec(code, run_globals)\n File \"/tmp/ansible_aws_secret_payload_6xlyxr1u/ansible_aws_secret_payload.zip/ansible_collections/community/aws/plugins/modules/aws_secret.py\", line 401, in <module>\n File \"/tmp/ansible_aws_secret_payload_6xlyxr1u/ansible_aws_secret_payload.zip/ansible_collections/community/aws/plugins/modules/aws_secret.py\", line 397, in main\nUnboundLocalError: local variable 'result' referenced before assignment\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error Depends-On: ansible-collections#686 Reviewed-by: Alina Buzachis <None> Reviewed-by: None <None>

Fixup / ignore new pylint 2.9.3 issues SUMMARY The devel containers have been updated to include a new version of pylint ( ansible-collections/overview#45 (comment) ) fixup arguments-renamed fixup unused-import ignore pylint:use-a-generator (Should be an easy fix but not worth blocking gating) ISSUE TYPE Bugfix Pull Request COMPONENT NAME plugins/modules/ec2_vpc_vgw.py plugins/modules/ec2_vpc_vpn.py plugins/modules/ecs_task.py tests/sanity/ignore-2.10.txt tests/sanity/ignore-2.11.txt tests/sanity/ignore-2.12.txt tests/unit/mock/loader.py ADDITIONAL INFORMATION Reviewed-by: Felix Fontein <None> Reviewed-by: None <None>

…s3_bucket_info aws_s3_bucket_info - Add a check for botocore>='1.18.11' when pulling bucket_ownership_controls SUMMARY Fetching bucket_ownership_controls requires botocore>='1.18.11' add a check and update the tests to explicitly require this version of botocore when testing accessing bucket_ownership_controls ISSUE TYPE Bugfix Pull Request COMPONENT NAME aws_s3_bucket_info ADDITIONAL INFORMATION Depends-On: ansible-collections#686 Reviewed-by: Alina Buzachis <None> Reviewed-by: None <None>

…letion_idempotency aws_secret - fix deletion idempotency when not using instant deletion SUMMARY If you try to delete a secret that's already pending deletion the aws_secret threw an exception because result hadn't been defined. Also enables basic tests for aws_secret. note: "something" is broken with the rotation tests, so these are skipped for now. Better that we have partial test coverage than none. ISSUE TYPE Bugfix Pull Request COMPONENT NAME aws_secret ADDITIONAL INFORMATION An exception occurred during task execution. To see the full traceback, use -vvv. The error was: UnboundLocalError: local variable 'result' referenced before assignment fatal: [testhost]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/root/.ansible/tmp/ansible-tmp-1628676235.3853-364-73867477372190/AnsiballZ_aws_secret.py\", line 114, in <module>\n _ansiballz_main()\n File \"/root/.ansible/tmp/ansible-tmp-1628676235.3853-364-73867477372190/AnsiballZ_aws_secret.py\", line 106, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/root/.ansible/tmp/ansible-tmp-1628676235.3853-364-73867477372190/AnsiballZ_aws_secret.py\", line 54, in invoke_module\n runpy.run_module(mod_name='ansible_collections.community.aws.plugins.modules.aws_secret', init_globals=dict(_module_fqn='ansible_collections.community.aws.plugins.modules.aws_secret', _modlib_path=modlib_path),\n File \"/usr/lib/python3.9/runpy.py\", line 210, in run_module\n return _run_module_code(code, init_globals, run_name, mod_spec)\n File \"/usr/lib/python3.9/runpy.py\", line 97, in _run_module_code\n _run_code(code, mod_globals, init_globals,\n File \"/usr/lib/python3.9/runpy.py\", line 87, in _run_code\n exec(code, run_globals)\n File \"/tmp/ansible_aws_secret_payload_6xlyxr1u/ansible_aws_secret_payload.zip/ansible_collections/community/aws/plugins/modules/aws_secret.py\", line 401, in <module>\n File \"/tmp/ansible_aws_secret_payload_6xlyxr1u/ansible_aws_secret_payload.zip/ansible_collections/community/aws/plugins/modules/aws_secret.py\", line 397, in main\nUnboundLocalError: local variable 'result' referenced before assignment\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error Depends-On: ansible-collections#686 Reviewed-by: Alina Buzachis <None> Reviewed-by: None <None>

ansibullbot added bug This issue/PR relates to a bug module module needs_triage plugins plugin (any type) python3 traceback labels Feb 18, 2022

alinabuzachis added jira and removed needs_triage labels Feb 23, 2022

mandar242 mentioned this issue Jun 3, 2022

elb_classic_lb: fix return value _format_listener method to include SSLCertificateId #860

Merged

softwarefactory-project-zuul bot closed this as completed in #860 Jun 3, 2022

mandar242 mentioned this issue Jun 6, 2022

elb_classic_lb: Add integration tests for - fix return value _format_listener method to include SSLCertificateId #864

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

elb_classic_lb - failed to create https listener #686

elb_classic_lb - failed to create https listener #686

anjo-swe commented Feb 18, 2022

ansibullbot commented Feb 18, 2022

ansibullbot commented Feb 18, 2022

alinabuzachis commented Feb 23, 2022 •

edited

Loading

elb_classic_lb - failed to create https listener #686

elb_classic_lb - failed to create https listener #686

Comments

anjo-swe commented Feb 18, 2022

Summary

Issue Type

Component Name

Ansible Version

Collection Versions

AWS SDK versions

Configuration

OS / Environment

Steps to Reproduce

Expected Results

Actual Results

Code of Conduct

ansibullbot commented Feb 18, 2022

ansibullbot commented Feb 18, 2022

alinabuzachis commented Feb 23, 2022 • edited Loading

alinabuzachis commented Feb 23, 2022 •

edited

Loading