When running the aws_waf_web_acl module with a list of rules that contain a mix of regular and rate_based rules, an error is returned when looking up the name of a rate_based rule.
# anonomised
Traceback (most recent call last):
File \"/root/.ansible/tmp/ansible-tmp-1663744496.6413488-455-280617290021228/AnsiballZ_aws_waf_web_acl.py\", line 107, in <module>
_ansiballz_main()
File \"/root/.ansible/tmp/ansible-tmp-1663744496.6413488-455-280617290021228/AnsiballZ_aws_waf_web_acl.py\", line 99, in _ansiballz_main
invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
File \"/root/.ansible/tmp/ansible-tmp-1663744496.6413488-455-280617290021228/AnsiballZ_aws_waf_web_acl.py\", line 47, in invoke_module
runpy.run_module(mod_name='ansible_collections.community.aws.plugins.modules.aws_waf_web_acl', init_globals=dict(_module_fqn='ansible_collections.community.aws.plugins.modules.aws_waf_web_acl', _modlib_path=modlib_path),
File \"/usr/lib64/python3.8/runpy.py\", line 207, in run_module
return _run_module_code(code, init_globals, run_name, mod_spec)
File \"/usr/lib64/python3.8/runpy.py\", line 97, in _run_module_code
_run_code(code, mod_globals, init_globals,
File \"/usr/lib64/python3.8/runpy.py\", line 87, in _run_code
exec(code, run_globals)
File \"/tmp/ansible_community.aws.aws_waf_web_acl_payload_57rh61yt/ansible_community.aws.aws_waf_web_acl_payload.zip/ansible_collections/community/aws/plugins/modules/aws_waf_web_acl.py\", line 361, in <module>
File \"/tmp/ansible_community.aws.aws_waf_web_acl_payload_57rh61yt/ansible_community.aws.aws_waf_web_acl_payload.zip/ansible_collections/community/aws/plugins/modules/aws_waf_web_acl.py\", line 353, in main
File \"/tmp/ansible_community.aws.aws_waf_web_acl_payload_57rh61yt/ansible_community.aws.aws_waf_web_acl_payload.zip/ansible_collections/community/aws/plugins/modules/aws_waf_web_acl.py\", line 307, in ensure_web_acl_present
File \"/tmp/ansible_community.aws.aws_waf_web_acl_payload_57rh61yt/ansible_community.aws.aws_waf_web_acl_payload.zip/ansible_collections/community/aws/plugins/modules/aws_waf_web_acl.py\", line 226, in find_and_update_web_acl
File \"/tmp/ansible_community.aws.aws_waf_web_acl_payload_57rh61yt/ansible_community.aws.aws_waf_web_acl_payload.zip/ansible_collections/community/aws/plugins/modules/aws_waf_web_acl.py\", line 226, in <listcomp>
KeyError: 'rule-9'
I can submit a PR for this, if the above fix / method is desired, though im not sure if the new list_rate_based_rules_with_backoff belongs here or in amazon.aws
Summary
When running the aws_waf_web_acl module with a list of rules that contain a mix of regular and rate_based rules, an error is returned when looking up the name of a rate_based rule.
Issue Type
Bug Report
Component Name
aws_waf_web_acl
Ansible Version
Collection Versions
AWS SDK versions
Configuration
OS / Environment
N/A
Steps to Reproduce
Expected Results
Rules are updated as per config
Actual Results
A stack trace is returned, stating that the key is not found.
I believe the root cause of the stack trace below is that this module consumes https://github.com/ansible-collections/community.aws/blob/main/plugins/modules/waf_web_acl.py#L176
Which in the amazon.aws collection, calls list_web_acls: https://github.com/ansible-collections/amazon.aws/blob/main/plugins/module_utils/waf.py#L182
I believe something needs to be changed here to call list_rate_based_rules in addition:
in this modle, this would be consumed here: https://github.com/ansible-collections/community.aws/blob/main/plugins/modules/waf_web_acl.py#L193 where the two dictionaries would need to be merged, before being returned
Code of Conduct