Closed sebastien-rosset closed 2 years ago
Files identified in the description:
plugins/module_utils/acm.py
](https://github.com/['ansible-collections/amazon.aws', 'ansible-collections/community.aws', 'ansible-collections/community.vmware']/blob/main/plugins/module_utils/acm.py)If these files are inaccurate, please update the component name
section of the description or use the !component
bot command.
Summary
A
ResourceNotFoundException
may be raised when a ansible module invokes the get_certificates function defined in module_utils/acm.py. It looks like there is an intermittent timing issue:get_certificates
function gets all certificates defined in ACM using paginated queries.ResourceNotFoundException
.Issue Type
Bug Report
Component Name
acm in module_utils
Ansible Version
Collection Versions
AWS SDK versions
Configuration
OS / Environment
CentOS Linux release 7.9.2009 (Core) Linux 5ada6014185e 5.11.0-43-generic #47~20.04.2-Ubuntu SMP Mon Dec 13 11:06:56 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Steps to Reproduce
The issue occurs intermittently when running the integration tests for the
acm
module incommunity.aws
. Specifically when acommunity.aws.aws_acm
task deletes a cert, followed by thecommunity.aws.aws_acm_info
. TheResourceNotFoundException
occurs in theaws_acm_info
task.The problem occurs when a cert is removed from ACM while
acm.py:get_certificates
iterates a list of cert ARNs. The problem is more likely to occur if theacm.py:get_certificates
takes a long time to iterate over the certificate ARNs. For example this could happen if there are lots of certificates in ACM.If there are N certificates in ACM,
get_certificates
could send up to 1 + 3 * N requests to the AWS API, not counting the retries (for each cert,get_certificates
makes up to 2 or 3 AWS API calls depending on the cert status.)Expected Results
I was expecting
community.aws.aws_acm_info
to return a list of certificates successfully, even if certificates are being deleted while querying the certs. Internally theaws_acm_info
module invokes theamazon.aws:get_certificates
function which is defined in module_utils/acm.py. That function should skip certificates when aResourceNotFound
exception is raised. I.e. don't return certs that are being deleted. The problem exists in themain
branch.Actual Results
An exception is raised while executing the
aws_acm_info
task.Code of Conduct