New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add logic to handle multiple actions in an ALB listener rule, Fixes #41861 #41975

Open
wants to merge 8 commits into
base: devel
from

Conversation

Projects
None yet
4 participants
@jeevers

jeevers commented Jun 26, 2018

SUMMARY

Recently AWS added support for authentication at the ALB (Application Load Balancer) layer using Cognito and OpenID which involves additional Listener rule actions.

Currently the 'elb_application_lb' module can create the ALB with these additional rule actions, however updates fail with a KeyError exception as the module expects to be able to access a 'TargetGroupArn' key in the first element in either the 'DefaultActions' keys of the listener or the 'Actions' key of the listener rule.

In this change, the modules checks to see if the lists of actions are equivalent and then updates the actions accordingly. For situations where there are multiple actions, the lists are sorted by the Order key of each element and then compared.

ISSUE TYPE
  • Bugfix Pull Request
COMPONENT NAME

elb_application_lb

ANSIBLE VERSION
ansible 2.7.0.dev0 (devel 15ce7c5bab) last updated 2018/06/26 14:19:56 (GMT -400)
  config file = None
  configured module search path = [u'/home/jevers/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /home/jevers/misc_dev/ansible/lib/ansible
  executable location = /home/jevers/misc_dev/ansible/bin/ansible
  python version = 2.7.15 (default, May 16 2018, 17:50:09) [GCC 8.1.1 20180502 (Red Hat 8.1.1-1)]
ADDITIONAL INFORMATION

@ansibot

This comment has been minimized.

Contributor

ansibot commented Jun 26, 2018

@ansibot

This comment has been minimized.

Contributor

ansibot commented Jun 26, 2018

The test ansible-test sanity --test pylint [explain] failed with 2 errors:

lib/ansible/module_utils/aws/elbv2.py:529:0: trailing-whitespace Trailing whitespace
lib/ansible/module_utils/aws/elbv2.py:675:0: trailing-whitespace Trailing whitespace

The test ansible-test sanity --test pep8 [explain] failed with 3 errors:

lib/ansible/module_utils/aws/elbv2.py:529:84: W291 trailing whitespace
lib/ansible/module_utils/aws/elbv2.py:675:84: W291 trailing whitespace
lib/ansible/modules/cloud/amazon/elb_application_lb.py:143:38: W291 trailing whitespace

click here for bot help

Jesse Evers
@willthames

This comment has been minimized.

Contributor

willthames commented Jun 27, 2018

It looks like the AuthenticateCognitoConfig change requires botocore >= 1.10.30. It might be worth catching exceptions associated with having an older botocore and trying to use this functionality

The elb_application_lb module has a test suite in test/integration/targets - as such, this feature request must have an associated test. A test that checks both older and newer botocore versions would be appreciated (the ecs_cluster test suite has an example of this type of test - see runme.sh)

@jeevers

This comment has been minimized.

jeevers commented Jun 29, 2018

Currently the new authentication actions require the listener be configured for HTTPS, which in turn requires an ACM certificate be associated with the ALB. The authenticate-cognito action also requires a valid Cognito user pool. Ansible does not have modules for creating ACM certs or Cognito User Pools, so I would not be able to test these additional actions.
Would it be acceptable to use the command (or shell) module to make the necessary awscli call to create these resources? Are there any guidelines I should keep in mind when creating these tests?

@ansibot ansibot added the test label Jul 5, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment