search

ansible-collections / amazon.aws

Ansible Collection for Amazon AWS
GNU General Public License v3.0
309 stars 340 forks source link

cloudwatch_metric_alarm - Changes to alarms always report 'changed' due to dimensions #1750

Closed jmisset-cb closed 3 months ago

jmisset-cb commented 1 year ago

Summary

When running CloudWatch metric alarm playbooks, existing alarms without dimensions report 'changed' even when no changes have been made to the alarm settings/props.

After debugging the cloudwatch_metric_alarm module code, looks like there is an issue with the Dimensions field.

If the alarm does not contain dimenions, it returns "Dimensions": [] to the module. If dimensions is not present in the task, it is absent from the parameters. This causes the comparison in the module to return Changed.

Issue Type

Bug Report

Component Name

cloudwatch_metric_alarm

Ansible Version

ansible [core 2.15.0]
  config file = /home/jmisset/git/ca-host-config/ansible.cfg
  configured module search path = ['/home/jmisset/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/jmisset/git/ca-host-config/.venv/lib/python3.10/site-packages/ansible
  ansible collection location = /home/jmisset/git/ca-host-config/.venv/lib/python3.10/site-packages
  executable location = /home/jmisset/git/ca-host-config/.venv/bin/ansible
  python version = 3.10.12 (main, Jun 11 2023, 05:26:28) [GCC 11.4.0] (/home/jmisset/git/ca-host-config/.venv/bin/python)
  jinja version = 3.1.2
  libyaml = True

Collection Versions

# /home/jmisset/git/ca-host-config/.venv/lib/python3.10/site-packages/ansible_collections
Collection                    Version
----------------------------- -------
amazon.aws                    6.4.0  
ansible.netcommon             5.1.1  
ansible.posix                 1.5.4  
ansible.utils                 2.10.3 
ansible.windows               1.14.0 
arista.eos                    6.0.1  
awx.awx                       22.2.0 
azure.azcollection            1.15.0 
check_point.mgmt              5.0.0  
chocolatey.chocolatey         1.4.0  
cisco.aci                     2.6.0  
cisco.asa                     4.0.0  
cisco.dnac                    6.7.2  
cisco.intersight              1.0.27 
cisco.ios                     4.5.0  
cisco.iosxr                   5.0.2  
cisco.ise                     2.5.12 
cisco.meraki                  2.15.1 
cisco.mso                     2.4.0  
cisco.nso                     1.0.3  
cisco.nxos                    4.3.0  
cisco.ucs                     1.8.0  
cloud.common                  2.1.3  
cloudscale_ch.cloud           2.2.4  
community.aws                 6.3.0  
community.azure               2.0.0  
community.ciscosmb            1.0.5  
community.crypto              2.15.1 
community.digitalocean        1.23.0 
community.dns                 2.5.4  
community.docker              3.4.6  
community.fortios             1.0.0  
community.general             7.3.0  
community.google              1.0.0  
community.grafana             1.5.4  
community.hashi_vault         5.0.0  
community.hrobot              1.8.0  
community.libvirt             1.2.0  
community.mongodb             1.5.2  
community.mysql               3.7.1  
community.network             5.0.0  
community.okd                 2.3.0  
community.postgresql          2.4.1  
community.proxysql            1.5.1  
community.rabbitmq            1.2.3  
community.routeros            2.8.0  
community.sap                 1.0.0  
community.sap_libs            1.4.1  
community.skydive             1.0.0  
community.sops                1.6.1  
community.vmware              3.6.0  
community.windows             1.13.0 
community.zabbix              2.0.0  
containers.podman             1.10.1 
cyberark.conjur               1.2.0  
cyberark.pas                  1.0.19 
dellemc.enterprise_sonic      2.0.0  
dellemc.openmanage            7.5.0  
dellemc.powerflex             1.6.0  
dellemc.unity                 1.6.0  
devsec.hardening              8.7.0  
f5networks.f5_modules         1.24.0 
fortinet.fortimanager         2.1.7  
fortinet.fortios              2.2.3  
frr.frr                       2.0.2  
gluster.gluster               1.0.2  
google.cloud                  1.1.3  
grafana.grafana               2.0.0  
hetzner.hcloud                1.11.0 
hpe.nimble                    1.1.4  
ibm.qradar                    2.1.0  
ibm.spectrum_virtualize       1.12.0 
infinidat.infinibox           1.3.12 
infoblox.nios_modules         1.5.0  
inspur.ispim                  1.3.0  
inspur.sm                     2.3.0  
junipernetworks.junos         5.1.0  
kubernetes.core               2.4.0  
lowlydba.sqlserver            2.0.0  
microsoft.ad                  1.1.0  
netapp.aws                    21.7.0 
netapp.azure                  21.10.0
netapp.cloudmanager           21.22.0
netapp.elementsw              21.7.0 
netapp.ontap                  22.6.0 
netapp.storagegrid            21.11.1
netapp.um_info                21.8.0 
netapp_eseries.santricity     1.4.0  
netbox.netbox                 3.13.0 
ngine_io.cloudstack           2.3.0  
ngine_io.exoscale             1.0.0  
ngine_io.vultr                1.1.3  
openstack.cloud               2.1.0  
openvswitch.openvswitch       2.1.1  
ovirt.ovirt                   3.1.2  
purestorage.flasharray        1.18.0 
purestorage.flashblade        1.11.0 
purestorage.fusion            1.4.2  
sensu.sensu_go                1.13.2 
servicenow.servicenow         1.0.6  
splunk.es                     2.1.0  
t_systems_mms.icinga_director 1.32.2 
theforeman.foreman            3.10.0 
vmware.vmware_rest            2.3.1  
vultr.cloud                   1.7.1  
vyos.vyos                     4.0.2  
wti.remote                    1.0.4

AWS SDK versions

WARNING: Package(s) not found: boto
Name: boto3
Version: 1.28.43
Summary: The AWS SDK for Python
Home-page: https://github.com/boto/boto3
Author: Amazon Web Services
Author-email: 
License: Apache License 2.0
Location: /home/jmisset/git/ca-host-config/.venv/lib/python3.10/site-packages
Requires: botocore, jmespath, s3transfer
Required-by: 
---
Name: botocore
Version: 1.31.43
Summary: Low-level, data-driven core of boto 3.
Home-page: https://github.com/boto/botocore
Author: Amazon Web Services
Author-email: 
License: Apache License 2.0
Location: /home/jmisset/git/ca-host-config/.venv/lib/python3.10/site-packages
Requires: jmespath, python-dateutil, urllib3
Required-by: boto3, s3transfer

Configuration

ANSIBLE_PIPELINING(/home/jmisset/git/ca-host-config/ansible.cfg) = True
COLLECTIONS_PATHS(/home/jmisset/git/ca-host-config/ansible.cfg) = ['/home/jmisset/git/ca-host-config/.venv/lib/python3.10/site-packages']
CONFIG_FILE() = /home/jmisset/git/ca-host-config/ansible.cfg
DEFAULT_FORKS(/home/jmisset/git/ca-host-config/ansible.cfg) = 16
DEFAULT_ROLES_PATH(/home/jmisset/git/ca-host-config/ansible.cfg) = ['/home/jmisset/git/ca-host-config/.ansible']
DEFAULT_VAULT_PASSWORD_FILE(/home/jmisset/git/ca-host-config/ansible.cfg) = /home/jmisset/git/ca-host-config/vaultfile

OS / Environment

No response

Steps to Reproduce

---
- name: Create test alarm
  hosts: localhost
  become: false
  gather_facts: false
  connection: local
  tasks:
    - name: Create test alarm
      amazon.aws.cloudwatch_metric_alarm:
        profile: default
        state: present
        region: "eu-central-1"
        name: "test-alarm-always-changed"
        metric: "abcd"
        namespace: "LogMetrics"
        statistic: Sum
        comparison: GreaterThanOrEqualToThreshold
        threshold: "1"
        period: 300
        evaluation_periods: 3
        unit: "Count"
        description: "This alarm is always changed in ansible if dimensions is absent."
        # dimensions:
        #   InstanceId: i-0ab0ffee41dcf8a52
        alarm_actions: []
        ok_actions: []
        treat_missing_data: notBreaching

If you uncomment the dimensions and the key/value pair it contains, and run it more than once, it does not return Changed.

Expected Results

After the initial run of above playbook, future runs should report no changes (changed=0) unless settings/props are modified.

Actual Results

After initial playbook run, future playbook runs always report that changes are necessary and makes AWS call to create alarm again.

Code of Conduct

KamilBlaz commented 1 year ago

Hello, can I take this issue and open PR if necessary?

gravesm commented 1 year ago

@KamilBlaz yes, thank you for volunteering to help!

jmisset-cb commented 1 year ago

Hi @KamilBlaz, is this something you are still planning on picking up? I'm asking because I have also looked into this issue and found a possible solution.