Failed to create a droplet and apply a firewall

[katefike]

SUMMARY

In my ansible playbook I create a firewall and it's successful. Then I create a droplet and apply the firewall to it, but it fails without a message. In Digital Ocean the droplet exists and is correctly configured with the firewall applied.

ISSUE TYPE

• Bug Report

COMPONENT NAME

• digital_ocean_droplet module
• digital_ocean_firewall

ANSIBLE VERSION

ansible [core 2.14.2]
  config file = None
  configured module search path = ['/home/kfike/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/kfike/Projects/sage/.venv/lib/python3.10/site-packages/ansible
  ansible collection location = /home/kfike/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/kfike/Projects/sage/.venv/bin/ansible
  python version = 3.10.6 (main, Nov 14 2022, 16:10:14) [GCC 11.3.0] (/home/kfike/Projects/sage/.venv/bin/python3)
  jinja version = 3.1.2
  libyaml = True

COLLECTION VERSION

# /home/kfike/Projects/sage/.venv/lib/python3.10/site-packages/ansible_collections
Collection             Version
---------------------- -------
community.digitalocean 1.23.0 

CONFIGURATION

CONFIG_FILE() = None

OS / ENVIRONMENT

• Local machine is running Ubuntu 22.04
• The playbook is being run in a python venv

STEPS TO REPRODUCE

My ansible playbook:

- hosts: localhost
  vars:
    digital_ocean_token: '{{ lookup("env", "DO_API_TOKEN") }}'
    droplet_size: s-1vcpu-1gb
    droplet_region: nyc1
    droplet_image: ubuntu-22-04-x64
  tasks:
  - name: Create firewall named "sage.test"
    community.digitalocean.digital_ocean_firewall:
      name: "sage.test"
      inbound_rules:
        - protocol: "tcp"
          ports: "22"
          sources:
            addresses: ["0.0.0.0/0", "::/0"]
      outbound_rules: 
        - protocol: "tcp"
          ports: "587"
          destinations:
            addresses: ["0.0.0.0/0", "::/0"]

  - name: Create a new Droplet
    digital_ocean_droplet:
      name: sage.prod
      oauth_token: "{{ digital_ocean_token }}"
      size: "{{ droplet_size }}"
      region: "{{ droplet_region }}"
      image: "{{ droplet_image }}"
      firewall: ['sage.test']
      wait_timeout: 600
      unique_name: yes
      state: present
    with_inventory_hostnames:
      - web
    register: droplet_result

EXPECTED RESULTS

I expect that either: a. If there is an "ok" response, then the droplet has been created with the firewall applied to it. b. If there is a "failed" response, then the droplet has not been created and there is an error message.

ACTUAL RESULTS

Command:

exec ansible-playbook -i inventory_prod.yml create_droplet_prod.yml --ask-become-pass -vvvv

Results:

ansible-playbook [core 2.14.2]
  config file = None
  configured module search path = ['/home/kfike/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/kfike/Projects/sage/.venv/lib/python3.10/site-packages/ansible
  ansible collection location = /home/kfike/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/kfike/Projects/sage/.venv/bin/ansible-playbook
  python version = 3.10.6 (main, Nov 14 2022, 16:10:14) [GCC 11.3.0] (/home/kfike/Projects/sage/.venv/bin/python3)
  jinja version = 3.1.2
  libyaml = True
No config file found; using defaults
BECOME password: 
setting up inventory plugins
host_list declined parsing /home/kfike/Projects/sage/ansible/inventory_ephemoral.yml as it did not pass its verify_file() method
script declined parsing /home/kfike/Projects/sage/ansible/inventory_ephemoral.yml as it did not pass its verify_file() method
Parsed /home/kfike/Projects/sage/ansible/inventory_ephemoral.yml inventory source with yaml plugin
redirecting (type: modules) ansible.builtin.digital_ocean_sshkey to community.digitalocean.digital_ocean_sshkey
Loading collection community.digitalocean from /home/kfike/Projects/sage/.venv/lib/python3.10/site-packages/ansible_collections/community/digitalocean
redirecting (type: modules) ansible.builtin.digital_ocean_droplet to community.digitalocean.digital_ocean_droplet
redirecting (type: modules) ansible.builtin.digital_ocean_droplet to community.digitalocean.digital_ocean_droplet
Loading callback plugin default of type stdout, v2.0 from /home/kfike/Projects/sage/.venv/lib/python3.10/site-packages/ansible/plugins/callback/default.py
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.

PLAYBOOK: create_droplet_prod.yml **********************************************************************************************************************************************************
Positional arguments: create_droplet_prod.yml
verbosity: 4
connection: smart
timeout: 10
become_method: sudo
become_ask_pass: True
tags: ('all',)
inventory: ('/home/kfike/Projects/sage/ansible/inventory_ephemoral.yml',)
forks: 5
1 plays in create_droplet_prod.yml

PLAY [localhost] ********************************************************************************************************************************************************************************

TASK [Gathering Facts] **************************************************************************************************************************************************************************
task path: /home/kfike/Projects/sage/ansible/create_droplet_prod.yml:1
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: kfike
<127.0.0.1> EXEC /bin/sh -c 'echo ~kfike && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/kfike/.ansible/tmp `"&& mkdir "` echo /home/kfike/.ansible/tmp/ansible-tmp-1676946664.4793735-843883-202959505704703 `" && echo ansible-tmp-1676946664.4793735-843883-202959505704703="` echo /home/kfike/.ansible/tmp/ansible-tmp-1676946664.4793735-843883-202959505704703 `" ) && sleep 0'
Using module file /home/kfike/Projects/sage/.venv/lib/python3.10/site-packages/ansible/modules/setup.py
<127.0.0.1> PUT /home/kfike/.ansible/tmp/ansible-local-843821fcyi2beg/tmpb2kwf43t TO /home/kfike/.ansible/tmp/ansible-tmp-1676946664.4793735-843883-202959505704703/AnsiballZ_setup.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /home/kfike/.ansible/tmp/ansible-tmp-1676946664.4793735-843883-202959505704703/ /home/kfike/.ansible/tmp/ansible-tmp-1676946664.4793735-843883-202959505704703/AnsiballZ_setup.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/home/kfike/Projects/sage/.venv/bin/python3 /home/kfike/.ansible/tmp/ansible-tmp-1676946664.4793735-843883-202959505704703/AnsiballZ_setup.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /home/kfike/.ansible/tmp/ansible-tmp-1676946664.4793735-843883-202959505704703/ > /dev/null 2>&1 && sleep 0'
ok: [localhost]
TASK [Create firewall named "sage.test"] ********************************************************************************************************************************************************
task path: /home/kfike/Projects/sage/ansible/create_droplet_prod.yml:19
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: kfike
<127.0.0.1> EXEC /bin/sh -c 'echo ~kfike && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/kfike/.ansible/tmp `"&& mkdir "` echo /home/kfike/.ansible/tmp/ansible-tmp-1676946667.2786705-844287-52719806372646 `" && echo ansible-tmp-1676946667.2786705-844287-52719806372646="` echo /home/kfike/.ansible/tmp/ansible-tmp-1676946667.2786705-844287-52719806372646 `" ) && sleep 0'
Using module file /home/kfike/Projects/sage/.venv/lib/python3.10/site-packages/ansible_collections/community/digitalocean/plugins/modules/digital_ocean_firewall.py
<127.0.0.1> PUT /home/kfike/.ansible/tmp/ansible-local-843821fcyi2beg/tmp8kx2yoq5 TO /home/kfike/.ansible/tmp/ansible-tmp-1676946667.2786705-844287-52719806372646/AnsiballZ_digital_ocean_firewall.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /home/kfike/.ansible/tmp/ansible-tmp-1676946667.2786705-844287-52719806372646/ /home/kfike/.ansible/tmp/ansible-tmp-1676946667.2786705-844287-52719806372646/AnsiballZ_digital_ocean_firewall.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/home/kfike/Projects/sage/.venv/bin/python3 /home/kfike/.ansible/tmp/ansible-tmp-1676946667.2786705-844287-52719806372646/AnsiballZ_digital_ocean_firewall.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /home/kfike/.ansible/tmp/ansible-tmp-1676946667.2786705-844287-52719806372646/ > /dev/null 2>&1 && sleep 0'
ok: [localhost] => {
    "changed": false,
    "data": {
        "created_at": "2023-02-19T16:55:21Z",
        "droplet_ids": [],
        "id": "12e94f3a-40ec-4431-a460-af2cd0866417",
        "inbound_rules": [
            {
                "ports": "22",
                "protocol": "tcp",
                "sources": {
                    "addresses": [
                        "40.142.183.33"
                    ],
                    "droplet_ids": [],
                    "load_balancer_uids": [],
                    "tags": []
                }
            }
        ],
        "name": "sage.test",
        "outbound_rules": [
            {
                "destinations": {
                    "addresses": [
                        "0.0.0.0/0",
                        "::/0"
                    ],
                    "droplet_ids": [],
                    "load_balancer_uids": [],
                    "tags": []
                },
                "ports": "587",
                "protocol": "tcp"
            }
        ],
        "pending_changes": [],
        "status": "succeeded",
        "tags": []
    },
    "invocation": {
        "module_args": {
            "baseurl": "https://api.digitalocean.com/v2",
            "droplet_ids": null,
            "inbound_rules": [
                {
                    "ports": "22",
                    "protocol": "tcp",
                    "sources": {
                        "addresses": [
                            "40.142.183.33"
                        ],
                        "droplet_ids": [],
                        "load_balancer_uids": [],
                        "tags": []
                    }
                }
            ],
            "name": "sage.test",
            "oauth_token": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "outbound_rules": [
                {
                    "destinations": {
                        "addresses": [
                            "0.0.0.0/0",
                            "::/0"
                        ],
                        "droplet_ids": [],
                        "load_balancer_uids": [],
                        "tags": []
                    },
                    "ports": "587",
                    "protocol": "tcp"
                }
            ],
            "state": "present",
            "tags": null,
            "timeout": 30,
            "validate_certs": true
        }
    }
}

TASK [Create a new Droplet] *********************************************************************************************************************************************************************
task path: /home/kfike/Projects/sage/ansible/create_droplet_prod.yml:41
redirecting (type: modules) ansible.builtin.digital_ocean_droplet to community.digitalocean.digital_ocean_droplet
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: kfike
<127.0.0.1> EXEC /bin/sh -c 'echo ~kfike && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/kfike/.ansible/tmp `"&& mkdir "` echo /home/kfike/.ansible/tmp/ansible-tmp-1676946668.6465716-844315-72107661445743 `" && echo ansible-tmp-1676946668.6465716-844315-72107661445743="` echo /home/kfike/.ansible/tmp/ansible-tmp-1676946668.6465716-844315-72107661445743 `" ) && sleep 0'
redirecting (type: modules) ansible.builtin.digital_ocean_droplet to community.digitalocean.digital_ocean_droplet
Using module file /home/kfike/Projects/sage/.venv/lib/python3.10/site-packages/ansible_collections/community/digitalocean/plugins/modules/digital_ocean_droplet.py
<127.0.0.1> PUT /home/kfike/.ansible/tmp/ansible-local-843821fcyi2beg/tmp19yjfhb5 TO /home/kfike/.ansible/tmp/ansible-tmp-1676946668.6465716-844315-72107661445743/AnsiballZ_digital_ocean_droplet.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /home/kfike/.ansible/tmp/ansible-tmp-1676946668.6465716-844315-72107661445743/ /home/kfike/.ansible/tmp/ansible-tmp-1676946668.6465716-844315-72107661445743/AnsiballZ_digital_ocean_droplet.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/home/kfike/Projects/sage/.venv/bin/python3 /home/kfike/.ansible/tmp/ansible-tmp-1676946668.6465716-844315-72107661445743/AnsiballZ_digital_ocean_droplet.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /home/kfike/.ansible/tmp/ansible-tmp-1676946668.6465716-844315-72107661445743/ > /dev/null 2>&1 && sleep 0'
failed: [localhost] (item=sage.epehemeral) => {
    "ansible_loop_var": "item",
    "changed": false,
    "data": {
        "droplet": {
            "backup_ids": [],
            "created_at": "2023-02-21T02:31:10Z",
            "disk": 25,
            "features": [
                "droplet_agent",
                "private_networking"
            ],
            "id": 341870383,
            "image": {
                "created_at": "2022-10-14T20:34:31Z",
                "description": "Ubuntu 22.04 (LTS) x64",
                "distribution": "Ubuntu",
                "id": 118857366,
                "min_disk_size": 7,
                "name": "22.04 (LTS) x64",
                "public": true,
                "regions": [
                    "nyc3",
                    "nyc1",
                    "sfo1",
                    "nyc2",
                    "ams2",
                    "sgp1",
                    "lon1",
                    "ams3",
                    "fra1",
                    "tor1",
                    "sfo2",
                    "blr1",
                    "sfo3",
                    "syd1"
                ],
                "size_gigabytes": 0.69,
                "slug": "ubuntu-22-04-x64",
                "status": "available",
                "tags": [],
                "type": "base"
            },
            "kernel": null,
            "locked": false,
            "memory": 1024,
            "name": "sage.prod",
            "networks": {
                "v4": [
                    {
                        "gateway": "68.183.112.1",
                        "ip_address": "68.183.115.205",
                        "netmask": "255.255.240.0",
                        "type": "public"
                    },
                    {
                        "gateway": "10.116.0.1",
                        "ip_address": "10.116.0.2",
                        "netmask": "255.255.240.0",
                        "type": "private"
                    }
                ],
                "v6": []
            },
            "next_backup_window": null,
            "region": {
                "available": true,
                "features": [
                    "backups",
                    "ipv6",
                    "metadata",
                    "install_agent",
                    "storage",
                    "image_transfer"
                ],
                "name": "New York 1",
                "sizes": [
                    "s-1vcpu-512mb-10gb",
                    "s-1vcpu-1gb",
                    "s-1vcpu-1gb-amd",
                    "s-1vcpu-1gb-intel",
                    "s-1vcpu-2gb",
                    "s-1vcpu-2gb-amd",
                    "s-1vcpu-2gb-intel",
                    "s-2vcpu-2gb",
                    "s-2vcpu-2gb-amd",
                    "s-2vcpu-2gb-intel",
                    "s-2vcpu-4gb",
                    "s-2vcpu-4gb-amd",
                    "s-2vcpu-4gb-intel",
                    "c-2",
                    "c2-2vcpu-4gb",
                    "s-4vcpu-8gb",
                    "s-4vcpu-8gb-amd",
                    "s-4vcpu-8gb-intel",
                    "g-2vcpu-8gb",
                    "gd-2vcpu-8gb",
                    "m-2vcpu-16gb",
                    "c-4",
                    "c2-4vcpu-8gb",
                    "s-8vcpu-16gb",
                    "m3-2vcpu-16gb",
                    "s-8vcpu-16gb-amd",
                    "s-8vcpu-16gb-intel",
                    "g-4vcpu-16gb",
                    "so-2vcpu-16gb",
                    "m6-2vcpu-16gb",
                    "gd-4vcpu-16gb",
                    "so1_5-2vcpu-16gb",
                    "m-4vcpu-32gb",
                    "c-8",
                    "c2-8vcpu-16gb",
                    "m3-4vcpu-32gb",
                    "g-8vcpu-32gb",
                    "so-4vcpu-32gb",
                    "m6-4vcpu-32gb",
                    "gd-8vcpu-32gb",
                    "so1_5-4vcpu-32gb",
                    "m-8vcpu-64gb",
                    "c-16",
                    "c2-16vcpu-32gb",
                    "m3-8vcpu-64gb",
                    "g-16vcpu-64gb",
                    "so-8vcpu-64gb",
                    "m6-8vcpu-64gb",
                    "gd-16vcpu-64gb",
                    "so1_5-8vcpu-64gb",
                    "m-16vcpu-128gb",
                    "c-32",
                    "c2-32vcpu-64gb",
                    "m3-16vcpu-128gb",
                    "c-48",
                    "m-24vcpu-192gb",
                    "g-32vcpu-128gb",
                    "so-16vcpu-128gb",
                    "m6-16vcpu-128gb",
                    "gd-32vcpu-128gb",
                    "c2-48vcpu-96gb",
                    "m3-24vcpu-192gb",
                    "g-40vcpu-160gb",
                    "so1_5-16vcpu-128gb",
                    "m-32vcpu-256gb",
                    "gd-40vcpu-160gb",
                    "so-24vcpu-192gb",
                    "m6-24vcpu-192gb",
                    "m3-32vcpu-256gb",
                    "so1_5-24vcpu-192gb",
                    "so-32vcpu-256gb",
                    "m6-32vcpu-256gb",
                    "so1_5-32vcpu-256gb"
                ],
                "slug": "nyc1"
            },
            "size": {
                "available": true,
                "description": "Basic",
                "disk": 25,
                "memory": 1024,
                "price_hourly": 0.00893,
                "price_monthly": 6.0,
                "regions": [
                    "ams3",
                    "blr1",
                    "fra1",
                    "lon1",
                    "nyc1",
                    "nyc3",
                    "sfo3",
                    "sgp1",
                    "syd1",
                    "tor1"
                ],
                "slug": "s-1vcpu-1gb",
                "transfer": 1.0,
                "vcpus": 1
            },
            "size_slug": "s-1vcpu-1gb",
            "snapshot_ids": [],
            "status": "active",
            "tags": [],
            "vcpus": 1,
            "volume_ids": [],
            "vpc_uuid": "3ac1f985-22b9-46cc-b43b-f9265c9c0f31"
        },
        "firewall": [
            null,
            true
        ]
    },
    "invocation": {
        "module_args": {
            "backups": false,
            "baseurl": "https://api.digitalocean.com/v2",
            "firewall": [
                "sage.test"
            ],
            "id": null,
            "image": "ubuntu-22-04-x64",
            "ipv6": false,
            "monitoring": false,
            "name": "sage.prod",
            "private_networking": false,
            "project_name": "",
            "region": "nyc1",
            "resize_disk": false,
            "size": "s-1vcpu-1gb",
            "ssh_keys": [
                "34685848"
            ],
            "tags": null,
            "timeout": 30,
            "user_data": null,
            "validate_certs": true,
            "volumes": null,
            "vpc_uuid": null
        }
    },
    "item": "sage.prod",
    "msg": [
        null,
        true
    ]
}

PLAY RECAP **************************************************************************************************************************************************************************************
localhost                  : ok=3    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0   

In Digital Ocean in the droplet's "Networking" page I can see that this firewall was applied.

[dulhaver]

@katefike

In my ansible playbook I create a firewall and it's successful. Then I create a droplet and apply the firewall to it, but it fails without a message. In Digital Ocean the droplet exists and is correctly configured with the firewall applied.

I don't quite get it, can you clarify whether ...

1. firewall and droplet are created. Firewall is applied to droplet, but it does not show in the ansible execution, or
2. firewall and droplet are created. Firewall is NOT applied to droplet

[damex]

firewall and droplet are created. Firewall is applied to droplet, but it does not show in the ansible execution, or

maybe this one? droplet is created and firewall is applied but task always returns failed condition. should be changed but returns changed: false

i tested latest ansible + digitalocean community collection and if i specify firewall during droplet creation - droplet creation task always endups in failure. if i omit firewall definition - task gets proper changed state and consequent runs with firewall definition work as expected.

all fails have

 "msg": [
        null,
        true
    ]

all consequent and/or successful runs does not have msg [ null, true ] in them.

does not matter if it is a string or array or firewalls (should be array of strings according to manual) it still fails.

to test just use simple droplet creation and specify firewall. it will always fail if droplet gonna be created for the first time.

[damex]

this is failed variant. just specified smallest droplet they offer and runned with firewall option. it failed and returned changed: false. it succeeds without firewall as explained above. returned message that ansible considers a failure:

{
  "changed": false,
  "data": {
    "droplet": {
      "backup_ids": [],
      "created_at": "2024-04-11T15:35:01Z",
      "disk": 10,
      "features": [
        "droplet_agent",
        "private_networking"
      ],
      "id": 412282114,
      "image": {
        "created_at": "2023-06-27T18:01:28Z",
        "description": "Debian 12 Image",
        "distribution": "Debian",
        "id": 135438931,
        "min_disk_size": 7,
        "name": "12 x64",
        "public": true,
        "regions": [
          "nyc3",
          "nyc1",
          "sfo1",
          "nyc2",
          "ams2",
          "sgp1",
          "lon1",
          "ams3",
          "fra1",
          "tor1",
          "sfo2",
          "blr1",
          "sfo3",
          "syd1"
        ],
        "size_gigabytes": 0.44,
        "slug": "debian-12-x64",
        "status": "available",
        "tags": [],
        "type": "base"
      },
      "kernel": null,
      "locked": false,
      "memory": 512,
      "name": "do1",
      "networks": {
        "v4": [
          {
            "gateway": "128.199.128.1",
            "ip_address": "128.199.164.169",
            "netmask": "255.255.192.0",
            "type": "public"
          },
          {
            "gateway": "10.0.2.241",
            "ip_address": "10.0.2.242",
            "netmask": "255.255.255.240",
            "type": "private"
          }
        ],
        "v6": []
      },
      "next_backup_window": null,
      "region": {
        "available": true,
        "features": [
          "backups",
          "ipv6",
          "metadata",
          "install_agent",
          "storage",
          "image_transfer"
        ],
        "name": "Singapore 1",
        "sizes": [
          "s-1vcpu-512mb-10gb",
          "s-1vcpu-1gb",
          "s-1vcpu-1gb-amd",
          "s-1vcpu-1gb-intel",
          "s-1vcpu-1gb-35gb-intel",
          "s-1vcpu-2gb",
          "s-1vcpu-2gb-amd",
          "s-1vcpu-2gb-intel",
          "s-1vcpu-2gb-70gb-intel",
          "s-2vcpu-2gb",
          "s-2vcpu-2gb-amd",
          "s-2vcpu-2gb-intel",
          "s-2vcpu-2gb-90gb-intel",
          "s-2vcpu-4gb",
          "s-2vcpu-4gb-amd",
          "s-2vcpu-4gb-intel",
          "s-2vcpu-4gb-120gb-intel",
          "c-2",
          "c2-2vcpu-4gb",
          "s-4vcpu-8gb",
          "s-4vcpu-8gb-amd",
          "s-4vcpu-8gb-intel",
          "g-2vcpu-8gb",
          "s-4vcpu-8gb-240gb-intel",
          "gd-2vcpu-8gb",
          "m-2vcpu-16gb",
          "c-4",
          "c2-4vcpu-8gb",
          "s-8vcpu-16gb",
          "m3-2vcpu-16gb",
          "s-8vcpu-16gb-amd",
          "s-8vcpu-16gb-intel",
          "g-4vcpu-16gb",
          "s-8vcpu-16gb-480gb-intel",
          "so-2vcpu-16gb",
          "m6-2vcpu-16gb",
          "gd-4vcpu-16gb",
          "so1_5-2vcpu-16gb",
          "m-4vcpu-32gb",
          "c-8",
          "c2-8vcpu-16gb",
          "m3-4vcpu-32gb",
          "g-8vcpu-32gb",
          "so-4vcpu-32gb",
          "m6-4vcpu-32gb",
          "gd-8vcpu-32gb",
          "so1_5-4vcpu-32gb",
          "m-8vcpu-64gb",
          "c-16",
          "c2-16vcpu-32gb",
          "m3-8vcpu-64gb",
          "g-16vcpu-64gb",
          "so-8vcpu-64gb",
          "m6-8vcpu-64gb",
          "gd-16vcpu-64gb",
          "so1_5-8vcpu-64gb",
          "m-16vcpu-128gb",
          "c-32",
          "c2-32vcpu-64gb",
          "m3-16vcpu-128gb",
          "c-48",
          "m-24vcpu-192gb",
          "g-32vcpu-128gb",
          "so-16vcpu-128gb",
          "m6-16vcpu-128gb",
          "gd-32vcpu-128gb",
          "c2-48vcpu-96gb",
          "m3-24vcpu-192gb",
          "g-40vcpu-160gb",
          "so1_5-16vcpu-128gb",
          "m-32vcpu-256gb",
          "gd-40vcpu-160gb",
          "so-24vcpu-192gb",
          "m6-24vcpu-192gb",
          "m3-32vcpu-256gb",
          "so1_5-24vcpu-192gb",
          "so-32vcpu-256gb",
          "m6-32vcpu-256gb",
          "so1_5-32vcpu-256gb"
        ],
        "slug": "sgp1"
      },
      "size": {
        "available": true,
        "description": "Basic",
        "disk": 10,
        "memory": 512,
        "networking_througput": 2000,
        "price_hourly": 0.00595,
        "price_monthly": 4,
        "regions": [
          "ams3",
          "fra1",
          "nyc1",
          "sfo3",
          "sgp1",
          "syd1"
        ],
        "slug": "s-1vcpu-512mb-10gb",
        "transfer": 0.5,
        "vcpus": 1
      },
      "size_slug": "s-1vcpu-512mb-10gb",
      "snapshot_ids": [],
      "status": "active",
      "tags": [],
      "vcpus": 1,
      "volume_ids": [],
      "vpc_uuid": "2531fec9-6fcb-4e9c-9979-517bf52e7baf"
    },
    "firewall": [
      null,
      true
    ]
  },
  "msg": [
    null,
    true
  ]
}

and this is successful creation of droplet without specifying firewall

{
  "changed": true,
  "data": {
    "droplet": {
      "backup_ids": [],
      "created_at": "2024-04-22T00:14:35Z",
      "disk": 10,
      "features": [
        "droplet_agent",
        "private_networking"
      ],
      "id": 414237389,
      "image": {
        "created_at": "2023-06-27T18:01:28Z",
        "description": "Debian 12 Image",
        "distribution": "Debian",
        "id": 135438931,
        "min_disk_size": 7,
        "name": "12 x64",
        "public": true,
        "regions": [
          "nyc3",
          "nyc1",
          "sfo1",
          "nyc2",
          "ams2",
          "sgp1",
          "lon1",
          "ams3",
          "fra1",
          "tor1",
          "sfo2",
          "blr1",
          "sfo3",
          "syd1"
        ],
        "size_gigabytes": 0.44,
        "slug": "debian-12-x64",
        "status": "available",
        "tags": [],
        "type": "base"
      },
      "kernel": null,
      "locked": false,
      "memory": 512,
      "name": "do1",
      "networks": {
        "v4": [
          {
            "gateway": "159.65.128.1",
            "ip_address": "159.65.137.188",
            "netmask": "255.255.240.0",
            "type": "public"
          },
          {
            "gateway": "10.0.2.241",
            "ip_address": "10.0.2.242",
            "netmask": "255.255.255.240",
            "type": "private"
          }
        ],
        "v6": []
      },
      "next_backup_window": null,
      "region": {
        "available": true,
        "features": [
          "backups",
          "ipv6",
          "metadata",
          "install_agent",
          "storage",
          "image_transfer"
        ],
        "name": "Singapore 1",
        "sizes": [
          "s-1vcpu-512mb-10gb",
          "s-1vcpu-1gb",
          "s-1vcpu-1gb-amd",
          "s-1vcpu-1gb-intel",
          "s-1vcpu-1gb-35gb-intel",
          "s-1vcpu-2gb",
          "s-1vcpu-2gb-amd",
          "s-1vcpu-2gb-intel",
          "s-1vcpu-2gb-70gb-intel",
          "s-2vcpu-2gb",
          "s-2vcpu-2gb-amd",
          "s-2vcpu-2gb-intel",
          "s-2vcpu-2gb-90gb-intel",
          "s-2vcpu-4gb",
          "s-2vcpu-4gb-amd",
          "s-2vcpu-4gb-intel",
          "s-2vcpu-4gb-120gb-intel",
          "c-2",
          "c2-2vcpu-4gb",
          "s-4vcpu-8gb",
          "s-4vcpu-8gb-amd",
          "s-4vcpu-8gb-intel",
          "g-2vcpu-8gb",
          "s-4vcpu-8gb-240gb-intel",
          "gd-2vcpu-8gb",
          "m-2vcpu-16gb",
          "c-4",
          "c2-4vcpu-8gb",
          "s-8vcpu-16gb",
          "m3-2vcpu-16gb",
          "s-8vcpu-16gb-amd",
          "s-8vcpu-16gb-intel",
          "g-4vcpu-16gb",
          "s-8vcpu-16gb-480gb-intel",
          "so-2vcpu-16gb",
          "m6-2vcpu-16gb",
          "gd-4vcpu-16gb",
          "so1_5-2vcpu-16gb",
          "m-4vcpu-32gb",
          "c-8",
          "c2-8vcpu-16gb",
          "s-8vcpu-32gb-640gb-intel",
          "m3-4vcpu-32gb",
          "g-8vcpu-32gb",
          "so-4vcpu-32gb",
          "m6-4vcpu-32gb",
          "gd-8vcpu-32gb",
          "so1_5-4vcpu-32gb",
          "m-8vcpu-64gb",
          "c-16",
          "c2-16vcpu-32gb",
          "m3-8vcpu-64gb",
          "g-16vcpu-64gb",
          "so-8vcpu-64gb",
          "m6-8vcpu-64gb",
          "gd-16vcpu-64gb",
          "so1_5-8vcpu-64gb",
          "m-16vcpu-128gb",
          "c-32",
          "c2-32vcpu-64gb",
          "m3-16vcpu-128gb",
          "c-48",
          "m-24vcpu-192gb",
          "g-32vcpu-128gb",
          "so-16vcpu-128gb",
          "m6-16vcpu-128gb",
          "gd-32vcpu-128gb",
          "c2-48vcpu-96gb",
          "m3-24vcpu-192gb",
          "g-40vcpu-160gb",
          "so1_5-16vcpu-128gb",
          "m-32vcpu-256gb",
          "gd-40vcpu-160gb",
          "so-24vcpu-192gb",
          "m6-24vcpu-192gb",
          "m3-32vcpu-256gb",
          "so1_5-24vcpu-192gb",
          "so-32vcpu-256gb",
          "m6-32vcpu-256gb",
          "so1_5-32vcpu-256gb"
        ],
        "slug": "sgp1"
      },
      "size": {
        "available": true,
        "description": "Basic",
        "disk": 10,
        "memory": 512,
        "networking_througput": 2000,
        "price_hourly": 0.00595,
        "price_monthly": 4,
        "regions": [
          "ams3",
          "fra1",
          "nyc1",
          "sfo3",
          "sgp1",
          "syd1"
        ],
        "slug": "s-1vcpu-512mb-10gb",
        "transfer": 0.5,
        "vcpus": 1
      },
      "size_slug": "s-1vcpu-512mb-10gb",
      "snapshot_ids": [],
      "status": "active",
      "tags": [
        "edge"
      ],
      "vcpus": 1,
      "volume_ids": [],
      "vpc_uuid": "2531fec9-6fcb-4e9c-9979-517bf52e7baf"
    }
  }
}