route53 sending wrong request to AWS API when handling aliases

[mszumilak]

SUMMARY

After upgrading community.aws to 1.4.0 route53 module alias requests are rejected by AWS API with message:

Invalid request: Expected exactly one of [AliasTarget, all of [TTL, and ResourceRecords], or TrafficPolicyInstanceId], but found more than one in Change with [Action=UPSERT, Name=myapp.mydomain.com., Type=A, SetIdentifier=null]

ISSUE TYPE

• Bug Report

COMPONENT NAME

route53

ANSIBLE VERSION

ansible 2.10.6
  config file = /home/sz/repos/ansible/ansible.cfg
  configured module search path = ['/home/sz/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/sz/venvs/ansible/lib/python3.8/site-packages/ansible
  executable location = /home/sz/venvs/ansible/bin/ansible
  python version = 3.8.5 (default, Jul 28 2020, 12:59:40) [GCC 9.3.0]

CONFIGURATION

COLLECTIONS_PATHS(/home/sz/repos/ansible/ansible.cfg) = ['/home/sz/.ansible/aws/collections']
DEFAULT_CALLBACK_WHITELIST(/home/sz/repos/ansible/ansible.cfg) = ['profile_tasks']
DEFAULT_HOST_LIST(/home/sz/repos/ansible/ansible.cfg) = ['/dev/null']
LOCALHOST_WARNING(/home/sz/repos/ansible/ansible.cfg) = False
RETRY_FILES_ENABLED(/home/sz/repos/ansible/ansible.cfg) = False

OS / ENVIRONMENT

N/A, tested on various operating systems

STEPS TO REPRODUCE

Try to create or update an alias in Route53

- name: Create public name entry in private zone
  route53:
    alias: True
    alias_hosted_zone_id: "{{ alb_info.load_balancers.0.canonical_hosted_zone_id }}"
    record: "mytestapp.mydomain.com"
    type: A
    value: "{{ alb_info.load_balancers.0.dns_name }}"
    zone: mydomain.com
    private_zone: True
    overwrite: True
    state: present

EXPECTED RESULTS

Module creates or updates existing entry in Route53.

ACTUAL RESULTS

Module fails and informs about reason of rejected request

The full traceback is:
Traceback (most recent call last):
  File "/tmp/ansible_route53_payload_ukn0ppc0/ansible_route53_payload.zip/ansible_collections/community/aws/plugins/modules/route53.py", line 585, in main
  File "/tmp/ansible_route53_payload_ukn0ppc0/ansible_route53_payload.zip/ansible_collections/amazon/aws/plugins/module_utils/core.py", line 287, in deciding_wrapper
    return retrying_wrapper(*args, **kwargs)
  File "/tmp/ansible_route53_payload_ukn0ppc0/ansible_route53_payload.zip/ansible_collections/amazon/aws/plugins/module_utils/cloud.py", line 153, in retry_func
    raise e
  File "/tmp/ansible_route53_payload_ukn0ppc0/ansible_route53_payload.zip/ansible_collections/amazon/aws/plugins/module_utils/cloud.py", line 143, in retry_func
    return f(*args, **kwargs)
  File "/home/sz/venvs/ansible/lib/python3.8/site-packages/botocore/client.py", line 357, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/home/sz/venvs/ansible/lib/python3.8/site-packages/botocore/client.py", line 676, in _make_api_call
    raise error_class(parsed_response, operation_name)
botocore.errorfactory.InvalidInput: An error occurred (InvalidInput) when calling the ChangeResourceRecordSets operation: Invalid request: Expected exactly one of [AliasTarget, all of [TTL, and ResourceRecords], or TrafficPolicyInstanceId], but found more than one in Chan
ge with [Action=UPSERT, Name=mytestapp.mydomain.com., Type=A, SetIdentifier=null]
fatal: [localhost]: FAILED! => {
    "boto3_version": "1.17.12",
    "botocore_version": "1.20.12",
    "changed": false,
    "error": {
        "code": "InvalidInput",
        "message": "Invalid request: Expected exactly one of [AliasTarget, all of [TTL, and ResourceRecords], or TrafficPolicyInstanceId], but found more than one in Change with [Action=UPSERT, Name=mytestapp.mydomain.com., Type=A, SetIdentifier=null]",
        "type": "Sender"
    },
    "invocation": {
        "module_args": {
            "alias": true,
            "alias_evaluate_target_health": false,
            "alias_hosted_zone_id": "Z215JAAAAAABB5",
            "aws_access_key": "ASIAUAEWE6L3BFMNOOVC",
            "aws_ca_bundle": null,
            "aws_config": null,
            "aws_secret_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "debug_botocore_endpoint_logs": false,
            "ec2_url": null,
            "failover": null,
            "health_check": null,
            "hosted_zone_id": null,
            "identifier": null,
            "overwrite": true,
            "private_zone": true,
            "profile": null,
            "record": "mytestapp.mydomain.com",
            "region": null,
            "retry_interval": 500,
            "security_token": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "state": "present",
            "ttl": 3600,
            "type": "A",
            "validate_certs": true,
            "value": [
                "myelbzone.eu-central-1.elb.amazonaws.com"
            ],
            "vpc_id": null,
            "wait": false,
            "wait_timeout": 300,
            "weight": null,
            "zone": "mydomai.com"
        }
    },
    "msg": "Failed to update records: An error occurred (InvalidInput) when calling the ChangeResourceRecordSets operation: Invalid request: Expected exactly one of [AliasTarget, all of [TTL, and ResourceRecords], or TrafficPolicyInstanceId], but found more than one in Ch
ange with [Action=UPSERT, Name=mytestapp.mydomain.com., Type=A, SetIdentifier=null]",
    "response_metadata": {
        "http_headers": {
            "connection": "close",
            "content-length": "488",
            "content-type": "text/xml",
            "date": "Sun, 21 Feb 2021 20:04:13 GMT",
            "x-amzn-requestid": "abcdef12-abcd-ef12-cdef-abcdef102345"
        },
        "http_status_code": 400,
        "request_id": "abcdef12-abcd-ef12-cdef-abcdef102345",
        "retry_attempts": 0
    }
}

aws.community==1.3.0 is not affected. Downgrade works as a temporary workaround.

[ansibullbot]

Files identified in the description:
None

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

[mszumilak]

!component route53

[ansibullbot]

Files identified in the description:

• plugins/modules/route53.py

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

[ansibullbot]

cc @jillr @jimbydamonk @s-hertel @tremble @wimnat
click here for bot help

[nerijus]

Same here, downgrading to community.aws:==1.3.0 helped:

ansible-galaxy collection install --force-with-deps community.aws:==1.3.0

[tremble]

This issue should be fixed by #502 and will be available when community.aws 1.5.0 is released.