New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adds support for rate-based rules in AWS WAF #49379

Open
wants to merge 1 commit into
base: devel
from

Conversation

Projects
None yet
3 participants
@pierreant-p

pierreant-p commented Nov 30, 2018

SUMMARY

Rate-based rules are available in the AWS API for the Web Application Firewall (WAF), but where not supported in ansible.

ISSUE TYPE
  • Feature Pull Request
COMPONENT NAME

aws_waf_web_acl
aws_waf_rule

@pierreant-p pierreant-p force-pushed the pierreant-p:feature/add-rate-base-rules-to-aws-waf branch from bb51fe0 to 2bd8b3a Nov 30, 2018

@ansibot

This comment has been minimized.

Contributor

ansibot commented Nov 30, 2018

Hi @pierreant-p, thank you for submitting this pull-request!

click here for bot help

@ansibot

This comment has been minimized.

Contributor

ansibot commented Nov 30, 2018

@pierreant-p, just so you are aware we have a dedicated Working Group for aws.
You can find other people interested in this in #ansible-aws on Freenode IRC
For more information about communities, meetings and agendas see https://github.com/ansible/community

click here for bot help

@ansibot

This comment has been minimized.

Contributor

ansibot commented Nov 30, 2018

The test ansible-test sanity --test ansible-doc --python 2.6 [explain] failed with 1 error:

lib/ansible/modules/cloud/amazon/aws_waf_rule.py:0:0: has a documentation error formatting or is missing documentation.

The test ansible-test sanity --test ansible-doc --python 2.7 [explain] failed with 1 error:

lib/ansible/modules/cloud/amazon/aws_waf_rule.py:0:0: has a documentation error formatting or is missing documentation.

The test ansible-test sanity --test ansible-doc --python 3.5 [explain] failed with 1 error:

lib/ansible/modules/cloud/amazon/aws_waf_rule.py:0:0: has a documentation error formatting or is missing documentation.

The test ansible-test sanity --test ansible-doc --python 3.6 [explain] failed with 1 error:

lib/ansible/modules/cloud/amazon/aws_waf_rule.py:0:0: has a documentation error formatting or is missing documentation.

The test ansible-test sanity --test ansible-doc --python 3.7 [explain] failed with 1 error:

lib/ansible/modules/cloud/amazon/aws_waf_rule.py:0:0: has a documentation error formatting or is missing documentation.

The test ansible-test sanity --test docs-build [explain] failed with the error:

Command "/usr/bin/python test/sanity/code-smell/docs-build.py" returned exit status 1.
>>> Standard Error
Command 'make singlehtmldocs' failed with status code: 2
--> Standard Output
cat _themes/srtd/static/css/theme.css | sed -e 's/^[ 	]*//g; s/[ 	]*$//g; s/\([:{;,]\) /\1/g; s/ {/{/g; s/\/\*.*\*\///g; /^$/d' | sed -e :a -e '$!N; s/\n\(.\)/\1/; ta' > _themes/srtd/static/css/theme.min.css
PYTHONPATH=../../lib ../bin/dump_config.py --template-file=../templates/config.rst.j2 --output-dir=rst/reference_appendices/ -d ../../lib/ansible/config/base.yml
mkdir -p rst/cli
PYTHONPATH=../../lib ../bin/generate_man.py --template-file=../templates/cli_rst.j2 --output-dir=rst/cli/ --output-format rst ../../lib/ansible/cli/*.py
PYTHONPATH=../../lib ../bin/dump_keywords.py --template-dir=../templates --output-dir=rst/reference_appendices/ -d ./keyword_desc.yml
PYTHONPATH=../../lib ../bin/plugin_formatter.py -t rst --template-dir=../templates --module-dir=../../lib/ansible/modules -o rst/modules/ 
Makefile:93: recipe for target 'modules' failed
--> Standard Error
Traceback (most recent call last):
  File "../bin/plugin_formatter.py", line 720, in <module>
    main()
  File "../bin/plugin_formatter.py", line 678, in main
    plugin_info, categories = get_plugin_info(options.module_dir, limit_to=options.limit_to, verbose=(options.verbosity > 0))
  File "../bin/plugin_formatter.py", line 269, in get_plugin_info
    doc, examples, returndocs, metadata = plugin_docs.get_docstring(module_path, fragment_loader, verbose=verbose)
  File "/root/ansible/lib/ansible/utils/plugin_docs.py", line 96, in get_docstring
    data = read_docstring(filename, verbose=verbose, ignore_errors=ignore_errors)
  File "/root/ansible/lib/ansible/parsing/plugin_docs.py", line 59, in read_docstring
    data[varkey] = AnsibleLoader(child.value.s, file_name=filename).get_single_data()
  File "/usr/local/lib/python3.6/dist-packages/yaml/constructor.py", line 35, in get_single_data
    node = self.get_single_node()
  File "/usr/local/lib/python3.6/dist-packages/yaml/composer.py", line 36, in get_single_node
    document = self.compose_document()
  File "/usr/local/lib/python3.6/dist-packages/yaml/composer.py", line 55, in compose_document
    node = self.compose_node(None, None)
  File "/usr/local/lib/python3.6/dist-packages/yaml/composer.py", line 84, in compose_node
    node = self.compose_mapping_node(anchor)
  File "/usr/local/lib/python3.6/dist-packages/yaml/composer.py", line 133, in compose_mapping_node
    item_value = self.compose_node(node, item_key)
  File "/usr/local/lib/python3.6/dist-packages/yaml/composer.py", line 84, in compose_node
    node = self.compose_mapping_node(anchor)
  File "/usr/local/lib/python3.6/dist-packages/yaml/composer.py", line 133, in compose_mapping_node
    item_value = self.compose_node(node, item_key)
  File "/usr/local/lib/python3.6/dist-packages/yaml/composer.py", line 84, in compose_node
    node = self.compose_mapping_node(anchor)
  File "/usr/local/lib/python3.6/dist-packages/yaml/composer.py", line 133, in compose_mapping_node
    item_value = self.compose_node(node, item_key)
  File "/usr/local/lib/python3.6/dist-packages/yaml/composer.py", line 82, in compose_node
    node = self.compose_sequence_node(anchor)
  File "/usr/local/lib/python3.6/dist-packages/yaml/composer.py", line 110, in compose_sequence_node
    while not self.check_event(SequenceEndEvent):
  File "/usr/local/lib/python3.6/dist-packages/yaml/parser.py", line 98, in check_event
    self.current_event = self.state()
  File "/usr/local/lib/python3.6/dist-packages/yaml/parser.py", line 393, in parse_block_sequence_entry
    "expected <block end>, but found %r" % token.id, token.start_mark)
yaml.parser.ParserError: while parsing a block collection
  in "<unicode string>", line 27, column 11:
              - 'regular' or 'rate_based'
              ^
expected <block end>, but found '<scalar>'
  in "<unicode string>", line 27, column 23:
              - 'regular' or 'rate_based'
                          ^
make: *** [modules] Error 1

The test ansible-test sanity --test validate-modules [explain] failed with 8 errors:

lib/ansible/modules/cloud/amazon/aws_waf_rule.py:0:0: E324 Value for "default" from the argument_spec ('2000') for "rate_limit" does not match the documentation (None)
lib/ansible/modules/cloud/amazon/aws_waf_rule.py:0:0: E324 Value for "default" from the argument_spec ('present') for "state" does not match the documentation (None)
lib/ansible/modules/cloud/amazon/aws_waf_rule.py:0:0: E324 Value for "default" from the argument_spec ('regular') for "type" does not match the documentation (None)
lib/ansible/modules/cloud/amazon/aws_waf_rule.py:0:0: E324 Value for "default" from the argument_spec (True) for "validate_certs" does not match the documentation (False)
lib/ansible/modules/cloud/amazon/aws_waf_rule.py:0:0: E325 argument_spec for "purge_conditions" defines type="bool" but documentation does not
lib/ansible/modules/cloud/amazon/aws_waf_rule.py:0:0: E325 argument_spec for "validate_certs" defines type="bool" but documentation does not
lib/ansible/modules/cloud/amazon/aws_waf_rule.py:0:0: E326 Value for "choices" from the argument_spec (['present', 'absent']) for "state" does not match the documentation ([])
lib/ansible/modules/cloud/amazon/aws_waf_rule.py:36:23: E302 DOCUMENTATION is not valid YAML

The test ansible-test sanity --test yamllint [explain] failed with 1 error:

lib/ansible/modules/cloud/amazon/aws_waf_rule.py:36:23: error DOCUMENTATION: syntax error: expected <block end>, but found '<scalar>'

click here for bot help

- Defaults to the same as name with disallowed characters removed
type:
description:
- 'regular' or 'rate_based'

This comment has been minimized.

@gundalow

gundalow Dec 3, 2018

Contributor

I believe the use of quotes here is confusing the YAML parser. Also, you can document the choices

Suggested change Beta
- 'regular' or 'rate_based'
- Which rule set to use.
choices:
- regular
- rate_based

This comment has been minimized.

@pierreant-p

pierreant-p Dec 3, 2018

Thanks for the feedback, I will try to fix that.
Also, I think I would need to push a fix to the aws_waf_facts module, because it dosesn't work either with rate-based rules :(

@@ -295,6 +336,8 @@ def main():
dict(
name=dict(required=True),
metric_name=dict(),
type=dict(default='regular'),

This comment has been minimized.

@gundalow

gundalow Dec 3, 2018

Contributor

If there are only two valid options you can do:

Suggested change Beta
type=dict(default='regular'),
type=dict(default='regular', choices=['rate_based', 'regular']),

This comment has been minimized.

@pierreant-p

pierreant-p Dec 3, 2018

Thanks, I will fix that.

@ansibot ansibot removed the needs_triage label Dec 3, 2018

@ansibot

This comment has been minimized.

Contributor

ansibot commented Dec 11, 2018

@ansibot ansibot added the stale_ci label Dec 11, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment