Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

boto_secgroup.preset cannot create security group rule referencing a security group in another vpc #44290

Closed
mwerickso opened this issue Oct 25, 2017 · 9 comments
Closed

boto_secgroup.preset cannot create security group rule referencing a security group in another vpc #44290

mwerickso opened this issue Oct 25, 2017 · 9 comments
Labels
Bug broken, incorrect, or confusing behavior fixed-pls-verify fix is linked, bug author to confirm fix P3 Priority 3 severity-medium 3rd level, incorrect or bad functionality, confusing and lacks a work around
Milestone
Approved

Comments

@mwerickso
Copy link
Contributor

Description of Issue/Question

I am trying to create a security group using the boto_secgroup state that allows inbound traffic from a security group in another VPC.

Setup

I have the following debug state with source_group_group_id:

Ensure Security Group test exists:
  boto_secgroup.present:
    - name: test
    - description: 'test'
    - vpc_name: myNewVpc
    - rules:
      - ip_protocol: tcp
        from_port: 80
        to_port: 80
        source_group_group_id:
          - sg-d1dc17a
    - region: us-east-1

or the following state with source_group_name:

Ensure Security Group test exists:
  boto_secgroup.present:
    - name: test
    - description: 'test'
    - vpc_name: myNewVpc
    - rules:
      - ip_protocol: tcp
        from_port: 80
        to_port: 80
        source_group_name:
          - myOtherSecurityGroup
    - region: us-east-1

and I get the following error when running either one:

----------
          ID: Ensure Security Group test exists
    Function: boto_secgroup.present
        Name: test
      Result: False
     Comment: Security group test created.  Failed to create rules on test security group.
     Started: 19:43:43.679027
    Duration: 1047.309 ms
     Changes:   
              ----------
              new:
                  ----------
                  rules:
                  secgroup:
                      ----------
                      description:
                          test
                      group_id:
                          sg-6ce9af1e
                      name:
                          test
                      owner_id:
                          594080488221
                      rules:
                      rules_egress:
                          |_
                            ----------
                            cidr_ip:
                                0.0.0.0/0
                            from_port:
                                None
                            ip_protocol:
                                -1
                            to_port:
                                None
              old:
                  ----------
                  rules:
                  secgroup:
                      None
                  tags:
                      ----------

Summary for mySaltMaster
------------
Succeeded: 0 (changed=1)
Failed:    1
------------

Steps to Reproduce Issue

I am able to create security groups without issues when the referenced source_group_name is in the same VPC as the new security group. This issue is only when the source group is in a different VPC. I am not familiar with the code enough to know where to fix the assumption that the source group is in the same VPC (if that is the issue).

Versions Report

Salt Version:
           Salt: 2017.7.2
 
Dependency Versions:
           cffi: 1.5.2
       cherrypy: 3.5.0
       dateutil: 2.6.1
      docker-py: Not Installed
          gitdb: 0.6.4
      gitpython: 1.0.1
          ioflo: Not Installed
         Jinja2: 2.8
        libgit2: 0.24.0
        libnacl: Not Installed
       M2Crypto: Not Installed
           Mako: 1.0.3
   msgpack-pure: Not Installed
 msgpack-python: 0.4.6
   mysql-python: Not Installed
      pycparser: 2.14
       pycrypto: 2.6.1
   pycryptodome: Not Installed
         pygit2: 0.24.0
         Python: 2.7.12 (default, Nov 19 2016, 06:48:10)
   python-gnupg: Not Installed
         PyYAML: 3.11
          PyZMQ: 15.2.0
           RAET: Not Installed
          smmap: 0.9.0
        timelib: Not Installed
        Tornado: 4.2.1
            ZMQ: 4.1.4
 
System Versions:
           dist: Ubuntu 16.04 xenial
         locale: UTF-8
        machine: x86_64
        release: 4.4.0-96-generic
         system: Linux
        version: Ubuntu 16.04 xenial
@gtmanfred
Copy link
Contributor

@saltstack/team-boto can yall take a look at this?

I am not sure if this should work or not.

Thanks,
Daniel

@gtmanfred gtmanfred added Pending-Discussion The issue or pull request needs more discussion before it can be closed or merged team-boto labels Oct 27, 2017
@gtmanfred gtmanfred added this to the Blocked milestone Oct 27, 2017
@mwerickso
Copy link
Contributor Author

If it "should not work", can you provide a reason why you do not want this logic in the module?

@ryan-lane
Copy link
Contributor

Do you have the VPCs peered? You can only add secgroups cross-vpc, if they're peered.

@mwerickso
Copy link
Contributor Author

Definitely my bad, I wrote the vpc-peering state but did not run it. So in fact, the peering was not created on these new vpcs.

I am getting an issue with boto_vpc.accept_vpc_peering_connection as shown below.

When I go to run the following debug state:

Ensure VPC Peering connection mypeeringconnection is requested: 
  boto_vpc.request_vpc_peering_connection: 
    - requester_vpc_name: myRquesterVPC
    - peer_vpc_name: myPeeringVPC
    - conn_name: mypeeringconnection
    - region: us-east-1

Ensure VPC Peering connection mypeeringconnection is accepted: 
  boto_vpc.accept_vpc_peering_connection: 
    - conn_name: mypeeringconnection
    - region: us-east-1

I get the following returner:

----------
          ID: Ensure VPC Peering connection mypeeringconnection is requested
    Function: boto_vpc.request_vpc_peering_connection
      Result: True
     Comment: VPC peering connection already exists, nothing to be done.
     Started: 17:19:43.958939
    Duration: 192.59 ms
     Changes:   
----------
          ID: Ensure VPC Peering connection mypeeringconnection is accepted
    Function: boto_vpc.accept_vpc_peering_connection
      Result: False
     Comment: An exception occurred in this state: Traceback (most recent call last):
                File "/usr/lib/python2.7/dist-packages/salt/state.py", line 1837, in call
                  **cdata['kwargs'])
                File "/usr/lib/python2.7/dist-packages/salt/loader.py", line 1794, in wrapper
                  return f(*args, **kwargs)
                File "/usr/lib/python2.7/dist-packages/salt/states/boto_vpc.py", line 1514, in accept_vpc_peering_connection
                  if not pending['exists']:
              TypeError: 'bool' object has no attribute '__getitem__'
     Started: 17:19:44.151776
    Duration: 25.177 ms
     Changes:   

Summary for local
------------
Succeeded: 1
Failed:    1
------------

The request state runs and I see the new "pending" connection on the account in the AWS console. But the "accept" connection is having an issue.

This is the debug:

[INFO    ] Running state [Ensure VPC Peering connectionmypeeringconnection is requested] at time 17:19:43.958939
[INFO    ] Executing state boto_vpc.request_vpc_peering_connection for [Ensure VPC Peering connection mypeeringconnection is requested]
[DEBUG   ] Called state to request VPC peering connection
[DEBUG   ] Setting config variable for region to 'us-east-1'
[DEBUG   ] Loading variable profile from defaults.
[DEBUG   ] Loading variable config_file from defaults.
[DEBUG   ] Loading variable credentials_file from defaults.
[DEBUG   ] Loading variable data_path from defaults.
[DEBUG   ] Loading variable region from instance vars with value 'us-east-1'.
[DEBUG   ] Loading variable profile from defaults.
[DEBUG   ] Loading variable ca_bundle from defaults.
[DEBUG   ] Loading variable profile from defaults.
[DEBUG   ] Loading variable api_versions from defaults.
[DEBUG   ] Loading variable profile from defaults.
[DEBUG   ] Loading variable credentials_file from defaults.
[DEBUG   ] Loading variable config_file from defaults.
[DEBUG   ] Loading variable profile from defaults.
[DEBUG   ] Loading variable metadata_service_timeout from defaults.
[DEBUG   ] Loading variable profile from defaults.
[DEBUG   ] Loading variable metadata_service_num_attempts from defaults.
[DEBUG   ] Loading variable profile from defaults.
[DEBUG   ] Looking for credentials via: env
[DEBUG   ] Looking for credentials via: assume-role
[DEBUG   ] Looking for credentials via: shared-credentials-file
[DEBUG   ] Looking for credentials via: config-file
[DEBUG   ] Looking for credentials via: ec2-credentials-file
[DEBUG   ] Looking for credentials via: boto-config
[DEBUG   ] Looking for credentials via: container-role
[DEBUG   ] Looking for credentials via: iam-role
[INFO    ] Starting new HTTP connection (1): 169.254.169.254
[DEBUG   ] "GET /latest/meta-data/iam/security-credentials/ HTTP/1.1" 200 4
[INFO    ] Starting new HTTP connection (1): 169.254.169.254
[DEBUG   ] "GET /latest/meta-data/iam/security-credentials/salt HTTP/1.1" 200 894
[DEBUG   ] Found credentials from IAM Role: salt
[DEBUG   ] Loading JSON file: /usr/local/lib/python2.7/dist-packages/botocore/data/endpoints.json
[DEBUG   ] Loading variable profile from defaults.
[DEBUG   ] Loading JSON file: /usr/local/lib/python2.7/dist-packages/botocore/data/ec2/2016-11-15/service-2.json
[DEBUG   ] Event creating-client-class.ec2: calling handler <function add_generate_presigned_url at 0x7f1686d6a230>
[DEBUG   ] The s3 config key is not a dictionary type, ignoring its value of: None
[DEBUG   ] Setting ec2 timeout as (60, 60)
[DEBUG   ] Loading JSON file: /usr/local/lib/python2.7/dist-packages/botocore/data/_retry.json
[DEBUG   ] Registering retry handlers for service: ec2
[DEBUG   ] Event before-parameter-build.ec2.DescribeVpcPeeringConnections: calling handler <bound method ParameterAlias.alias_parameter_in_call of <botocore.handlers.ParameterAlias object at 0x7f1686d96bd0>>
[DEBUG   ] Event before-parameter-build.ec2.DescribeVpcPeeringConnections: calling handler <function generate_idempotent_uuid at 0x7f1686d9b9b0>
[DEBUG   ] Making request for OperationModel(name=DescribeVpcPeeringConnections) (verify_ssl=True) with params: {'body': {u'Filter.1.Name': 'tag:Name', u'Filter.2.Value.1': 'active', u'Filter.2.Value.3': 'provisioning', u'Filter.2.Value.2': 'pending-acceptance', u'Filter.2.Name': 'status-code', 'Version': u'2016-11-15', 'Action': u'DescribeVpcPeeringConnections', u'Filter.1.Value.1': 'mypeeringconnection'}, 'url': u'https://ec2.us-east-1.amazonaws.com/', 'headers': {'Content-Type': 'application/x-www-form-urlencoded; charset=utf-8', 'User-Agent': 'Boto3/1.4.7 Python/2.7.12 Linux/4.4.0-97-generic Botocore/1.7.35'}, 'context': {'auth_type': None, 'client_region': 'us-east-1', 'has_streaming_input': False, 'client_config': <botocore.config.Config object at 0x7f16861b2090>}, 'query_string': '', 'url_path': '/', 'method': u'POST'}
[DEBUG   ] Event request-created.ec2.DescribeVpcPeeringConnections: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x7f16861a5fd0>>
[DEBUG   ] Event choose-signer.ec2.DescribeVpcPeeringConnections: calling handler <function set_operation_specific_signer at 0x7f1686d9b8c0>
[DEBUG   ] Calculating signature using v4 auth.
[DEBUG   ] CanonicalRequest:
POST
/

content-type:application/x-www-form-urlencoded; charset=utf-8
host:ec2.us-east-1.amazonaws.com
x-amz-date:20171030T171944Z
x-amz-security-token:<token>

content-type;host;x-amz-date;x-amz-security-token
<token>
[DEBUG   ] StringToSign:
AWS4-HMAC-SHA256
20171030T171944Z
20171030/us-east-1/ec2/aws4_request
<request>
[DEBUG   ] Signature:
<sig>
[DEBUG   ] Sending http request: <PreparedRequest [POST]>
[INFO    ] Starting new HTTPS connection (1): ec2.us-east-1.amazonaws.com
[DEBUG   ] "POST / HTTP/1.1" 200 None
[DEBUG   ] Response headers: {'transfer-encoding': 'chunked', 'vary': 'Accept-Encoding', 'server': 'AmazonEC2', 'content-type': 'text/xml;charset=UTF-8', 'date': 'Mon, 30 Oct 2017 17:19:43 GMT'}
[DEBUG   ] Response body:
<?xml version="1.0" encoding="UTF-8"?>
<DescribeVpcPeeringConnectionsResponse xmlns="http://ec2.amazonaws.com/doc/2016-11-15/">
    <requestId>67e6a201-0387-46af-bfcd-56f82a35a03a</requestId>
    <vpcPeeringConnectionSet>
        <item>
            <vpcPeeringConnectionId>pcx-032800</vpcPeeringConnectionId>
            <requesterVpcInfo>
                <ownerId><account></ownerId>
                <vpcId>vpc-6633ed</vpcId>
                <cidrBlock>10.0.32.0/20</cidrBlock>
                <cidrBlockSet>
                    <item>
                        <cidrBlock>10.0.32.0/20</cidrBlock>
                    </item>
                </cidrBlockSet>
                <peeringOptions>
                    <allowEgressFromLocalClassicLinkToRemoteVpc>false</allowEgressFromLocalClassicLinkToRemoteVpc>
                    <allowEgressFromLocalVpcToRemoteClassicLink>false</allowEgressFromLocalVpcToRemoteClassicLink>
                    <allowDnsResolutionFromRemoteVpc>false</allowDnsResolutionFromRemoteVpc>
                </peeringOptions>
            </requesterVpcInfo>
            <accepterVpcInfo>
                <ownerId><account></ownerId>
                <vpcId>vpc-55445c</vpcId>
            </accepterVpcInfo>
            <status>
                <code>**pending-acceptance**</code>
                <message>Pending Acceptance by <account></message>
            </status>
            <expirationTime>2017-11-04T14:36:34.000Z</expirationTime>
            <tagSet>
                <item>
                    <key>Name</key>
                    <value>mypeeringconnection</value>
                </item>
            </tagSet>
        </item>
    </vpcPeeringConnectionSet>
</DescribeVpcPeeringConnectionsResponse>
[DEBUG   ] Event needs-retry.ec2.DescribeVpcPeeringConnections: calling handler <botocore.retryhandler.RetryHandler object at 0x7f168617c150>
[DEBUG   ] No retry needed.
[INFO    ] VPC peering connection already exists, nothing to be done.
[INFO    ] Completed state [Ensure VPC Peering connection mypeeringconnection is requested] at time 17:19:44.151529 duration_in_ms=192.59
[INFO    ] Running state [Ensure VPC Peering connection mypeeringconnection is accepted] at time 17:19:44.151775
[INFO    ] Executing state boto_vpc.accept_vpc_peering_connection for [Ensure VPC Peering connection mypeeringconnection is accepted]
[DEBUG   ] Called state to accept VPC peering connection
[DEBUG   ] Event before-parameter-build.ec2.DescribeVpcPeeringConnections: calling handler <bound method ParameterAlias.alias_parameter_in_call of <botocore.handlers.ParameterAlias object at 0x7f1686d96bd0>>
[DEBUG   ] Event before-parameter-build.ec2.DescribeVpcPeeringConnections: calling handler <function generate_idempotent_uuid at 0x7f1686d9b9b0>
[DEBUG   ] Making request for OperationModel(name=DescribeVpcPeeringConnections) (verify_ssl=True) with params: {'body': {u'Filter.1.Name': 'tag:Name', u'Filter.2.Value.1': 'active', u'Filter.2.Value.3': 'provisioning', u'Filter.2.Value.2': 'pending-acceptance', u'Filter.2.Name': 'status-code', 'Version': u'2016-11-15', 'Action': u'DescribeVpcPeeringConnections', u'Filter.1.Value.1': 'mypeeringconnection'}, 'url': u'https://ec2.us-east-1.amazonaws.com/', 'headers': {'Content-Type': 'application/x-www-form-urlencoded; charset=utf-8', 'User-Agent': 'Boto3/1.4.7 Python/2.7.12 Linux/4.4.0-97-generic Botocore/1.7.35'}, 'context': {'auth_type': None, 'client_region': 'us-east-1', 'has_streaming_input': False, 'client_config': <botocore.config.Config object at 0x7f16861b2090>}, 'query_string': '', 'url_path': '/', 'method': u'POST'}
[DEBUG   ] Event request-created.ec2.DescribeVpcPeeringConnections: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x7f16861a5fd0>>
[DEBUG   ] Event choose-signer.ec2.DescribeVpcPeeringConnections: calling handler <function set_operation_specific_signer at 0x7f1686d9b8c0>
[DEBUG   ] Calculating signature using v4 auth.
[DEBUG   ] CanonicalRequest:
POST
/

content-type:application/x-www-form-urlencoded; charset=utf-8
host:ec2.us-east-1.amazonaws.com
x-amz-date:20171030T171944Z
x-amz-security-token:<token>

content-type;host;x-amz-date;x-amz-security-token
<token>
[DEBUG   ] StringToSign:
AWS4-HMAC-SHA256
20171030T171944Z
20171030/us-east-1/ec2/aws4_request
<request>
[DEBUG   ] Signature:
<sig>
[DEBUG   ] Sending http request: <PreparedRequest [POST]>
[DEBUG   ] "POST / HTTP/1.1" 200 None
[DEBUG   ] Response headers: {'transfer-encoding': 'chunked', 'vary': 'Accept-Encoding', 'server': 'AmazonEC2', 'content-type': 'text/xml;charset=UTF-8', 'date': 'Mon, 30 Oct 2017 17:19:43 GMT'}
[DEBUG   ] Response body:
<?xml version="1.0" encoding="UTF-8"?>
<DescribeVpcPeeringConnectionsResponse xmlns="http://ec2.amazonaws.com/doc/2016-11-15/">
    <requestId>dfb007e3-7075-4d91-b1fa-36ef24365aef</requestId>
    <vpcPeeringConnectionSet>
        <item>
            <vpcPeeringConnectionId>pcx-032800</vpcPeeringConnectionId>
            <requesterVpcInfo>
                <ownerId><account></ownerId>
                <vpcId>vpc-6633ed</vpcId>
                <cidrBlock>10.0.32.0/20</cidrBlock>
                <cidrBlockSet>
                    <item>
                        <cidrBlock>10.0.32.0/20</cidrBlock>
                    </item>
                </cidrBlockSet>
                <peeringOptions>
                    <allowEgressFromLocalClassicLinkToRemoteVpc>false</allowEgressFromLocalClassicLinkToRemoteVpc>
                    <allowEgressFromLocalVpcToRemoteClassicLink>false</allowEgressFromLocalVpcToRemoteClassicLink>
                    <allowDnsResolutionFromRemoteVpc>false</allowDnsResolutionFromRemoteVpc>
                </peeringOptions>
            </requesterVpcInfo>
            <accepterVpcInfo>
                <ownerId><account></ownerId>
                <vpcId>vpc-55445c</vpcId>
            </accepterVpcInfo>
            <status>
                <code>**pending-acceptance**</code>
                <message>Pending Acceptance by <account></message>
            </status>
            <expirationTime>2017-11-04T14:36:34.000Z</expirationTime>
            <tagSet>
                <item>
                    <key>Name</key>
                    <value>mypeeringconnection</value>
                </item>
            </tagSet>
        </item>
    </vpcPeeringConnectionSet>
</DescribeVpcPeeringConnectionsResponse>
[DEBUG   ] Event needs-retry.ec2.DescribeVpcPeeringConnections: calling handler <botocore.retryhandler.RetryHandler object at 0x7f168617c150>
[DEBUG   ] No retry needed.
[ERROR   ] An exception occurred in this state: Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/salt/state.py", line 1837, in call
    **cdata['kwargs'])
  File "/usr/lib/python2.7/dist-packages/salt/loader.py", line 1794, in wrapper
    return f(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/salt/states/boto_vpc.py", line 1514, in accept_vpc_peering_connection
    if not pending['exists']:
TypeError: 'bool' object has no attribute '__getitem__'

If you need me to create a new issue with this, I can. Then I can close out this issue once I have confirmed the secgroup state works properly with the vpc peering finished.

@ryan-lane
Copy link
Contributor

Ah. I haven't worked on that code, so I'm not super familar with it. It looks like there's a bug with accepting the request, so it's probably a good idea to open a ticket specific to that.

@tkwilliams is this a state you worked on?

@gtmanfred gtmanfred added Bug broken, incorrect, or confusing behavior severity-medium 3rd level, incorrect or bad functionality, confusing and lacks a work around P3 Priority 3 and removed Pending-Discussion The issue or pull request needs more discussion before it can be closed or merged labels Oct 30, 2017
@gtmanfred gtmanfred modified the milestones: Blocked, Approved Oct 30, 2017
@tkwilliams
Copy link
Contributor

@ryan-lane - yah, that one is mine for sure. I know that it worked at one time :) but since I neglected to write unit tests for the bits I added, it appears a regression has crept in.

It should be a quick fix if the only issue is a bool where it shouldn't be... I'll pop open the code after lunch and have a gander.

@tkwilliams
Copy link
Contributor

tkwilliams commented Nov 14, 2017
edited

@gtmanfred @ryan-lane Hooray, for a change this isn't my bug :)

Currently, I'm running 2017.7.0 (plus a ton of local patches, but none of which touch this module) for reasons I won't go into.

In my tree, I don't HAVE that buggy check -- mine is simply doing if not pending:, which works for bool or (presumably) dict return types. It would appear someone changed that line between 2017.7.0 and 2017.7.2.

Git blame on the code I'm running gives

099e224f765 (Aditya Kulkarni   2016-07-18 15:25:17 -0400 1509)     ret = {
099e224f765 (Aditya Kulkarni   2016-07-18 15:25:17 -0400 1510)         'name': name,
099e224f765 (Aditya Kulkarni   2016-07-18 15:25:17 -0400 1511)         'result': True,
099e224f765 (Aditya Kulkarni   2016-07-18 15:25:17 -0400 1512)         'changes': {},
099e224f765 (Aditya Kulkarni   2016-07-18 15:25:17 -0400 1513)         'comment': 'Boto VPC peering state'
099e224f765 (Aditya Kulkarni   2016-07-18 15:25:17 -0400 1514)     }
099e224f765 (Aditya Kulkarni   2016-07-18 15:25:17 -0400 1515)
0391490ee4e (Arthur Deschamps  2017-05-17 14:11:10 -0400 1516)     if not pending:
099e224f765 (Aditya Kulkarni   2016-07-18 15:25:17 -0400 1517)         ret['result'] = True
099e224f765 (Aditya Kulkarni   2016-07-18 15:25:17 -0400 1518)         ret['changes'].update({
099e224f765 (Aditya Kulkarni   2016-07-18 15:25:17 -0400 1519)             'old': 'No pending VPC peering connection found. '
099e224f765 (Aditya Kulkarni   2016-07-18 15:25:17 -0400 1520)                    'Nothing to be done.'
099e224f765 (Aditya Kulkarni   2016-07-18 15:25:17 -0400 1521)         })
099e224f765 (Aditya Kulkarni   2016-07-18 15:25:17 -0400 1522)         return ret
099e224f765 (Aditya Kulkarni   2016-07-18 15:25:17 -0400 1523)
099e224f765 (Aditya Kulkarni   2016-07-18 15:25:17 -0400 1524)     if __opts__['test']:
099e224f765 (Aditya Kulkarni   2016-07-18 15:25:17 -0400 1525)         ret['changes'].update({'old': 'Pending VPC peering connection found '
099e224f765 (Aditya Kulkarni   2016-07-18 15:25:17 -0400 1526)                                       'and can be accepted'})
0c2e16d60df (Tom Williams      2016-08-09 15:47:13 -0400 1527)         return ret

and looking at 2017.7.2 we see

099e224f765 (Aditya Kulkarni   2016-07-18 15:25:17 -0400 1507)     ret = {
099e224f765 (Aditya Kulkarni   2016-07-18 15:25:17 -0400 1508)         'name': name,
099e224f765 (Aditya Kulkarni   2016-07-18 15:25:17 -0400 1509)         'result': True,
099e224f765 (Aditya Kulkarni   2016-07-18 15:25:17 -0400 1510)         'changes': {},
099e224f765 (Aditya Kulkarni   2016-07-18 15:25:17 -0400 1511)         'comment': 'Boto VPC peering state'
099e224f765 (Aditya Kulkarni   2016-07-18 15:25:17 -0400 1512)     }
099e224f765 (Aditya Kulkarni   2016-07-18 15:25:17 -0400 1513)
099e224f765 (Aditya Kulkarni   2016-07-18 15:25:17 -0400 1514)     if not pending['exists']:
099e224f765 (Aditya Kulkarni   2016-07-18 15:25:17 -0400 1515)         ret['result'] = True
099e224f765 (Aditya Kulkarni   2016-07-18 15:25:17 -0400 1516)         ret['changes'].update({
099e224f765 (Aditya Kulkarni   2016-07-18 15:25:17 -0400 1517)             'old': 'No pending VPC peering connection found. '
099e224f765 (Aditya Kulkarni   2016-07-18 15:25:17 -0400 1518)                    'Nothing to be done.'
099e224f765 (Aditya Kulkarni   2016-07-18 15:25:17 -0400 1519)         })
099e224f765 (Aditya Kulkarni   2016-07-18 15:25:17 -0400 1520)         return ret
099e224f765 (Aditya Kulkarni   2016-07-18 15:25:17 -0400 1521)
099e224f765 (Aditya Kulkarni   2016-07-18 15:25:17 -0400 1522)     if __opts__['test']:
099e224f765 (Aditya Kulkarni   2016-07-18 15:25:17 -0400 1523)         ret['changes'].update({'old': 'Pending VPC peering connection found '
099e224f765 (Aditya Kulkarni   2016-07-18 15:25:17 -0400 1524)                                       'and can be accepted'})
0c2e16d60df (Tom Williams      2016-08-09 15:47:13 -0400 1525)         return ret

Which to be completely honest confuses the heck out of me...

That said, it appears to be a regression introduced by 099e224f765 (Aditya Kulkarni 2016-07-18 15:25:17 -0400 1514) if not pending['exists']:

tkwilliams added a commit to hotschedules/salt that referenced this issue Nov 14, 2017
@tkwilliams
INFRA-5978 - fix for saltstack#44290
c2210aa
This was referenced Nov 14, 2017
Closed
Merged
rallytime pushed a commit that referenced this issue Nov 17, 2017
Merge pull request #44528 from bodhi-space/infra5978
f84a2b5 
INFRA-5978 - fix for #44290
@tkwilliams
Copy link
Contributor

I guess we're leaving this open until @mwerickso can verify it fixes his error?

@gtmanfred
Copy link
Contributor

Nah, I am ok with closing it, but github will automatically close it the next time we do a forward merge from 2017.7 to develop. The github close issue from pr keywords only work when the commit makes it into the main branch of the repository.

https://help.github.com/articles/closing-issues-using-keywords/

for future reference.

@gtmanfred gtmanfred added the fixed-pls-verify fix is linked, bug author to confirm fix label Nov 17, 2017
@anitakrueger anitakrueger mentioned this issue Feb 16, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug broken, incorrect, or confusing behavior fixed-pls-verify fix is linked, bug author to confirm fix P3 Priority 3 severity-medium 3rd level, incorrect or bad functionality, confusing and lacks a work around
Projects
None yet
Milestone
Approved
Development

Successfully merging a pull request may close this issue.

INFRA-5978 - fix for https://github.com/saltstack/salt/issues/44290 hotschedules/salt
4 participants
@gtmanfred @ryan-lane @tkwilliams @mwerickso