equinix / ansible-collection-equinix

Ansible content to help automate the management of Equinix resources
https://deploy.equinix.com/labs/ansible-collection-equinix/
GNU General Public License v3.0
1 stars 1 forks source link

metal_gateway module may not be idempotent #200

Closed ctreatma closed 3 weeks ago

ctreatma commented 4 months ago
SUMMARY

While reviewing an unrelated PR, I spotted this comment in the integration tests: https://github.com/equinix-labs/ansible-collection-equinix/blob/08b3ffdf8057f0a17dd2da68af346d6d4ea5c224/tests/integration/targets/metal_gateway/tasks/main.yml#L42-L43

# We can't check idempotent calls for metal_gateway from private IP range.
# There can be many of those.

If the metal_gateway module is indeed not idempotent, a parameter should be added to it to make it idempotent. If there is a description or label property, that should be used to enable idempotence in cases where the id is not specified in config; if those properties don't exist, then tags can be used in a pinch, with the caveat that using tags for idempotence means that tags cannot be updated via Ansible unless the id is specified in config.

If, for some reason, there is no way to make the metal_gateway module idempotent, then that risk should be called out more visibly than in a comment in a test file.

ISSUE TYPE
COMPONENT NAME
ANSIBLE VERSION
CONFIGURATION
OS / ENVIRONMENT
STEPS TO REPRODUCE
EXPECTED RESULTS
ACTUAL RESULTS
bersoare commented 4 months ago

looks like the tags field isn't passed by the LIST function in the api: https://developer.equinix.com/catalog/metalv1#operation/findMetalGatewaysByProject

while trying to retrieve it in the module, we get this:

    "msg": "Error in metal_gateway: attribute 'tags' (to map to 'tags') not found in response_dict:
bersoare commented 4 months ago

can confirm that even when using include=tags in the queries (for both listing and getting metal gateways) the tags field is not included in the response

- name: "Retrieve metal gateway"
  ansible.builtin.uri:
    url: https://api.equinix.com/metal/v1/metal-gateways/4f9f9082-68c8-4809-afe6-6ae56f680549?include=tags
    method: GET
    headers:
      x-auth-token: "{{ METAL_API_TOKEN }}"
    status_code: [200]

- name: "List metal gateways"
  ansible.builtin.uri:
    url: https://api.equinix.com/metal/v1/projects/{{ METAL_PROJECT_ID }}/metal-gateways?include=tags
    method: GET
    headers:
      x-auth-token: "{{ METAL_API_TOKEN }}"
    status_code: [200]

response:

// GET
    "json": {
        "created_at": "2024-07-22T11:25:19Z",
        "created_by": {
            "href": "abcd"
        },
        "href": "/metal/v1/metal-gateways/4f9f9082-68c8-4809-afe6-6ae56f680549",
        "id": "4f9f9082-68c8-4809-afe6-6ae56f680549",
        "ip_reservation": {
            "href": "abcd"
        },
        "project": {
            "href": "abcd"
        },
        "state": "active",
        "updated_at": "2024-07-22T11:25:26Z",
        "virtual_network": {
            "href": "abcd"
        }
    },
    "msg": "OK (531 bytes)",
    "redirected": false,
    "referrer_policy": "strict-origin-when-cross-origin",
    "status": 200,
    "strict_transport_security": "max-age=31536000; includeSubDomains",
    "url": "https://api.equinix.com/metal/v1/metal-gateways/4f9f9082-68c8-4809-afe6-6ae56f680549?include=tags",
// LIST

            {
                "created_at": "2024-07-22T11:25:19Z",
                "created_by": {
                    "href": "abcd"
                },
                "href": "/metal/v1/metal-gateways/4f9f9082-68c8-4809-afe6-6ae56f680549",
                "id": "4f9f9082-68c8-4809-afe6-6ae56f680549",
                "ip_reservation": {
                    "href": "abcd"
                },
                "project": {
                    "href": "abcd"
                },
                "state": "active",
                "updated_at": "2024-07-22T11:25:26Z",
                "virtual_network": {
                    "href": "abcd"
                }
            },