-
Notifications
You must be signed in to change notification settings - Fork 23.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add boto3 and boto3_wait modules #21336
Add boto3 and boto3_wait modules #21336
Conversation
Migrated from ansible/ansible-modules-extras#2205 |
@mmochan @michaeljs1990 @wimnat @willthames @jarv @steynovich @ryansydnor @simplesteph @Java1Guy @rmorlok @pwnall @naslanidis @pjodouin @RickMendes @amir343 @linuxdynasty @timmahoney @tedder @jsdalton @jmenga @tastychutney @scottanderson42 @mjschultz @bpennypacker @brandond @joelthompson @alachaum @TomBamford @ @j-carl @fiunchinho @Etherdaemon @bekelchik @minichate @MichaelBaydoun @loia @akazakov @Zeekin @silviud @whiter As a maintainer of a module in the same namespace this new module has been submitted to, your vote counts for shipits. Please review this module and add |
There seems to be a lot missing here compared to standard modules - you're not making use of The reason we have those is so that all of our AWS modules work correctly in unusual environments without additional further effort on the part of module authors (particularly profile and security token handling) |
@willthames Thank you for your feedback. I updated the code accordingly. Cheers, |
554b68b
to
d2ff3f6
Compare
d2ff3f6
to
7e4e67f
Compare
Hey @ericcitaire. It's clear you've spent time and energy on this, but I don’t think it will be able to be merged. There’s a lot of error handling that needs to happen and Ansible is not a programming language. I imagine this would be impossible or a nightmare to support. |
Hi @s-hertel. Thank you for your comment. I don't see how error handling would be worst with Most of AWS functionality is not covered by official Ansible AWS modules and will never be (but I could be wrong). Developing a module for every AWS API call is virtually impossible. I think that making use of the AWS API via boto3 is an elegant alternative to plain AWS CLI. Boto3 is well documented and has pretty good support. Just try to create an EMR cluster with |
@ericcitaire Thanks for your thoughts. I can see why this is helpful and would be a more manageable alternative to using shell/command. That being said, getting an error like
doesn't provide anything helpful and it means I would end up debugging/trying to tell what is an issue with boto3 and what is user error without a lot to go on. What is your process for determining everything required for a task to run? This also requires the user to add their own logic. Any time they run the boto3 module changed will be True. What would your process be for determining if the task should run? If the user wants a resource to be present they can just check if it exists yet, but what if they are updating an attribute (or many)? How would you validate parameters for this? I am able to literally set the subnet id of your example above as 'subnet-xxxxxxx', and the task completes successfully (although there is no matching subnet). |
@s-hertel I am faced with such errors on a daily basis from AWS boto-based modules and have no problem finding the issues, most being caused by updated AWS services with no equivalent support in boto. This, in my opinion, is sufficient reason to justify the need for a "generic" API module which can bridge the gap between a broken module and its re-write (in the case it was written in boto) or provide functionality to new services such as ELBv2 long before a module is developed. For example, if you want to use Target Groups with the autoscaling module (ec2_asg), forget it! I've written my own API style Ansible module (https://github.com/pjodouin/ansible-boto3) such as this one and have been using it in many production playbooks, directly or in roles and it works as expected. With Ansible's conditional statements, it's not hard to create roles that are idempotent and handle CRUD properly. So, I definitely support the inclusion of an API-style module such as this one from @ericcitaire. Despite the downsides raised by @s-hertel, I still think such a module would be a useful addition to the Ansible toolkit. The speed at which AWS releases new services and updates existing ones, it's impossible to have custom modules that give complete coverage. (For example, what is the timeline for updating all boto-based modules to boto3?) |
@pjodouin Good points. Random side note- you should now be able to use Target Groups with ec2_asg since it has been ported to Boto3. :) |
@s-hertel That's music to my ears! Thanks!! Understanding the need for standardizing module behaviour, might it be possible to 'classify' this module under say Utilities? Currently there's Helper and Logic subcategories. Could you not add API and include the boto3 modules there? This would allow you to maintain your standards for custom cloud modules while providing low level API access via a Utilities module. |
@s-hertel this module would definitely help bridging so many gaps. I think ansible should focus on creating high value modules for AWS, those who can return important information and have good error handling. But many AWS API calls are so straightforward they do not need a module for it. This would bridge the gap. People who know boto3 will know the errors encountered and just won't be afraid of them |
This module will get (over) used like |
The problem with a |
This doesn't appear to have support for handling paginated responses, which is a big show stopper |
@mixja : You can handle pagination. For example, to list S3 bucket objects with boto3, you can use |
@ericcitaire - you can, but what if you want a number of results that requires pagination on the boto3 side? A problem if you attempted to solve this is that boto3 is not consistent on pagination between different services. I agree with @ryansb that using the AWS CLI is actually not that bad of an option, the JMESPath queries are very powerful (generally eliminates the requirement for jq), JSON is a first class citizen from an output perspective and all of these edge cases are dealt with for you. I don't see any net gain of using the AWS CLI vs this module, rather the AWS CLI is more functional, well maintained and well tested. |
@ericcitaire this PR contains more than one new module. Please submit only one new module per pullrequest. For further explanation, please read grouped module documentation |
These 2 modules are closely related. It doesn't make sense to have them in separate PRs. |
@mattclay Can you please comment on the This PR was submitted in May 2016, then was migrated from ansible-modules-extras in February (4 participants were left behind in the process). Now it needs to be split in 2... What's next? |
Per earlier discussion, the official stance here is that AWSCLI + json_path is recommended, and handles more cases (like pagination and retries) than a boto API wrapper can. |
@ericcitaire The use of that tag is for cases where the bot is malfunctioning and needs to be stopped to avoid causing problems, like comment spamming, etc. Setting it in other scenarios only complicates the review and merge process, often causing PRs to be overlooked since we rely heavily on the tag management the bot provides. |
+1 for this, too bad it wasn't accepted... |
ISSUE TYPE
COMPONENT NAME
boto3 and boto3_wait
ANSIBLE VERSION
SUMMARY
These two modules make AWS API calls using boto3. The general idea is to avoid using AWS CLI when Ansible does not provide a dedicated Ansible module, especiallly for new services (ie. Lambda, Kinesis, etc.).
EXAMPLE