Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws_secret (lookup) - Add support for handling secrets marked for deletion #455

Merged
merged 1 commit into from
Aug 12, 2021
Merged

aws_secret (lookup) - Add support for handling secrets marked for deletion #455

merged 1 commit into from
Aug 12, 2021

Conversation

tremble
Copy link
Contributor

@tremble tremble commented Aug 11, 2021
edited
Loading

SUMMARY

Currently if you try to lookup a secret that's been marked for deletion it throws an uncaught exception.

ISSUE TYPE
  • Feature Pull Request
COMPONENT NAME

plugins/lookup/aws_secret.py

ADDITIONAL INFORMATION

Lack of support for this triggered a test failure

https://dashboard.zuul.ansible.com/t/ansible/build/69abfb39df9b4f71bc9b32aed8a2529b/log/job-output.txt

2021-08-11 09:04:12.324178 | fedora-34 | TASK [lookup_aws_secret : lookup missing secret] *******************************
2021-08-11 09:04:12.324419 | fedora-34 | task path: /home/zuul/.ansible/collections/ansible_collections/amazon/aws/tests/integration/targets/lookup_aws_secret/tasks/main.yaml:25
2021-08-11 09:04:12.807198 | fedora-34 | exception during Jinja2 execution: Traceback (most recent call last):
2021-08-11 09:04:12.807287 | fedora-34 |   File "/home/zuul/.ansible/collections/ansible_collections/amazon/aws/plugins/lookup/aws_secret.py", line 244, in get_secret_value
2021-08-11 09:04:12.807301 | fedora-34 |     response = client.get_secret_value(**params)
2021-08-11 09:04:12.807311 | fedora-34 |   File "/home/zuul/venv/lib/python3.6/site-packages/botocore/client.py", line 386, in _api_call
2021-08-11 09:04:12.807321 | fedora-34 |     return self._make_api_call(operation_name, kwargs)
2021-08-11 09:04:12.807330 | fedora-34 |   File "/home/zuul/venv/lib/python3.6/site-packages/botocore/client.py", line 705, in _make_api_call
2021-08-11 09:04:12.807339 | fedora-34 |     raise error_class(parsed_response, operation_name)
2021-08-11 09:04:12.807349 | fedora-34 | botocore.errorfactory.InvalidRequestException: An error occurred (InvalidRequestException) when calling the GetSecretValue operation: You can't perform this operation on the secret because it was marked for deletion.
2021-08-11 09:04:12.807359 | fedora-34 |
2021-08-11 09:04:12.807368 | fedora-34 | During handling of the above exception, another exception occurred:
2021-08-11 09:04:12.807377 | fedora-34 |
2021-08-11 09:04:12.807386 | fedora-34 | Traceback (most recent call last):
2021-08-11 09:04:12.807395 | fedora-34 |   File "/tmp/ansible-test-k5oaalo2/ansible/template/__init__.py", line 1014, in _lookup
2021-08-11 09:04:12.807404 | fedora-34 |     ran = instance.run(loop_terms, variables=self._available_variables, **kwargs)
2021-08-11 09:04:12.807413 | fedora-34 |   File "/home/zuul/.ansible/collections/ansible_collections/amazon/aws/plugins/lookup/aws_secret.py", line 220, in run
2021-08-11 09:04:12.807422 | fedora-34 |     on_missing=missing, on_denied=denied, nested=nested)
2021-08-11 09:04:12.807431 | fedora-34 |   File "/home/zuul/.ansible/collections/ansible_collections/amazon/aws/plugins/lookup/aws_secret.py", line 272, in get_secret_value
2021-08-11 09:04:12.807440 | fedora-34 |     raise AnsibleError("Failed to retrieve secret: %s" % to_native(e))
2021-08-11 09:04:12.807449 | fedora-34 | ansible.errors.AnsibleError: Failed to retrieve secret: An error occurred (InvalidRequestException) when calling the GetSecretValue operation: You can't perform this operation on the secret because it was marked for deletion.
2021-08-11 09:04:12.814937 | fedora-34 | fatal: [testhost]: FAILED! => {
2021-08-11 09:04:12.814987 | fedora-34 |     "msg": "An unhandled exception occurred while running the lookup plugin 'amazon.aws.aws_secret'. Error was a <class 'ansible.errors.AnsibleError'>, original message: Failed to retrieve secret: An error occurred (InvalidRequestException) when calling the GetSecretValue operation: You can't perform this operation on the secret because it was marked for deletion.. Failed to retrieve secret: An error occurred (InvalidRequestException) when calling the GetSecretValue operation: You can't perform this operation on the secret because it was marked for deletion."
2021-08-11 09:04:12.815002 | fedora-34 | }
2021-08-11 09:04:12.829452 | fedora-34 |

Depends-On: #460

@ansibullbot ansibullbot added community_review feature This issue/PR relates to a feature request integration tests/integration lookup lookup plugin needs_triage plugins plugin (any type) python3 tests tests traceback labels Aug 11, 2021
@tremble tremble requested review from alinabuzachis and markuman and removed request for markuman August 11, 2021 10:32
@tremble tremble force-pushed the aws_secret/deleted branch 3 times, most recently from 0c02d1b to 0eca30a Compare August 11, 2021 10:42
alinabuzachis
alinabuzachis reviewed Aug 11, 2021
View reviewed changes
Copy link
Contributor

@alinabuzachis alinabuzachis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tremble LGTM! There seems to be a pylint error.

ERROR: Found 1 pylint issue(s) which need to be resolved: ERROR: plugins/lookup/aws_secret.py:283:15: duplicate-except: Catching previously caught exception type ClientError

@tremble tremble added the gate label Aug 12, 2021
ansible-zuul[bot]
ansible-zuul bot approved these changes Aug 12, 2021
View reviewed changes
Copy link
Contributor

@ansible-zuul ansible-zuul bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@tremble
Copy link
Contributor Author

tremble commented Aug 12, 2021

gating based on @alinabuzachis' "LGTM" pylint issue is a known false positive

@tremble tremble mentioned this pull request Aug 12, 2021
Merged
@tremble
Copy link
Contributor Author

tremble commented Aug 12, 2021

recheck

@ansible-zuul ansible-zuul bot merged commit 54d313b into ansible-collections:main Aug 12, 2021
@tremble tremble deleted the aws_secret/deleted branch November 26, 2021 12:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alinabuzachis alinabuzachis alinabuzachis left review comments

@ansible-zuul ansible-zuul[bot] ansible-zuul approved these changes

Assignees
No one assigned
Labels
community_review feature This issue/PR relates to a feature request integration tests/integration lookup lookup plugin needs_triage plugins plugin (any type) python3 tests tests traceback
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@tremble @alinabuzachis @ansibullbot