Description
Summary
The specific case is triggered when state = 'present' and no stack set or stack instances are about to be created or deleted, but rather when resources inside the stack instances are affected. For example, add or remove a cloudformation resource in the template.
Looking at the code, in main/plugins/modules/cloudformation_stack_set.py, I believe there's a missing else: for elif unspecified_stacks and module.params.get('purge_stack_instances'): so that the module never proceeds with the change when check_mode is set.
Issue Type
Bug Report
Component Name
cloudformation_stack_set
Ansible Version
$ ansible --version
ansible [core 2.13.1]
config file = None
configured module search path = ['/Users/.../.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/Cellar/ansible/6.0.0/libexec/lib/python3.10/site-packages/ansible
ansible collection location = /Users/.../.ansible/collections:/usr/share/ansible/collections
executable location = /usr/local/bin/ansible
python version = 3.10.5 (main, Jun 23 2022, 17:15:25) [Clang 13.1.6 (clang-1316.0.21.2.5)]
jinja version = 3.1.2
libyaml = TrueCollection Versions
$ ansible-galaxy collection list
# /usr/local/Cellar/ansible/6.0.0/libexec/lib/python3.10/site-packages/ansible_collections
Collection Version
----------------------------- -------
amazon.aws 3.2.0
ansible.netcommon 3.0.1
ansible.posix 1.4.0
ansible.utils 2.6.1
ansible.windows 1.10.0
arista.eos 5.0.1
awx.awx 21.0.0
azure.azcollection 1.12.0
check_point.mgmt 2.3.0
chocolatey.chocolatey 1.2.0
cisco.aci 2.2.0
cisco.asa 3.0.0
cisco.dnac 6.4.0
cisco.intersight 1.0.19
cisco.ios 3.0.0
cisco.iosxr 3.0.0
cisco.ise 2.4.1
cisco.meraki 2.6.2
cisco.mso 2.0.0
cisco.nso 1.0.3
cisco.nxos 3.0.0
cisco.ucs 1.8.0
cloud.common 2.1.1
cloudscale_ch.cloud 2.2.2
community.aws 3.2.1
community.azure 1.1.0
community.ciscosmb 1.0.5
community.crypto 2.3.2
community.digitalocean 1.19.0
community.dns 2.1.1
community.docker 2.6.0
community.fortios 1.0.0
community.general 5.0.2
community.google 1.0.0
community.grafana 1.4.0
community.hashi_vault 3.0.0
community.hrobot 1.3.1
community.libvirt 1.1.0
community.mongodb 1.4.0
community.mysql 3.2.1
community.network 4.0.1
community.okd 2.2.0
community.postgresql 2.1.5
community.proxysql 1.4.0
community.rabbitmq 1.2.1
community.routeros 2.1.0
community.sap 1.0.0
community.sap_libs 1.1.0
community.skydive 1.0.0
community.sops 1.2.2
community.vmware 2.5.0
community.windows 1.10.0
community.zabbix 1.7.0
containers.podman 1.9.3
cyberark.conjur 1.1.0
cyberark.pas 1.0.14
dellemc.enterprise_sonic 1.1.1
dellemc.openmanage 5.4.0
dellemc.os10 1.1.1
dellemc.os6 1.0.7
dellemc.os9 1.0.4
f5networks.f5_modules 1.17.0
fortinet.fortimanager 2.1.5
fortinet.fortios 2.1.6
frr.frr 2.0.0
gluster.gluster 1.0.2
google.cloud 1.0.2
hetzner.hcloud 1.6.0
hpe.nimble 1.1.4
ibm.qradar 2.0.0
infinidat.infinibox 1.3.3
infoblox.nios_modules 1.2.2
inspur.sm 2.0.0
junipernetworks.junos 3.0.1
kubernetes.core 2.3.1
mellanox.onyx 1.0.0
netapp.aws 21.7.0
netapp.azure 21.10.0
netapp.cloudmanager 21.17.0
netapp.elementsw 21.7.0
netapp.ontap 21.19.1
netapp.storagegrid 21.10.0
netapp.um_info 21.8.0
netapp_eseries.santricity 1.3.0
netbox.netbox 3.7.1
ngine_io.cloudstack 2.2.4
ngine_io.exoscale 1.0.0
ngine_io.vultr 1.1.1
openstack.cloud 1.8.0
openvswitch.openvswitch 2.1.0
ovirt.ovirt 2.0.4
purestorage.flasharray 1.13.0
purestorage.flashblade 1.9.0
sensu.sensu_go 1.13.1
servicenow.servicenow 1.0.6
splunk.es 2.0.0
t_systems_mms.icinga_director 1.29.0
theforeman.foreman 3.4.0
vmware.vmware_rest 2.1.5
vyos.vyos 3.0.1
wti.remote 1.0.3
# /Users/.../.ansible/collections/ansible_collections
Collection Version
-------------------- -------
amazon.aws 2.1.0
ansible.netcommon 1.0.0
ansible.posix 1.1.1
community.aws 1.0.0
community.general 1.2.0
community.kubernetes 1.1.1
google.cloud 1.0.1 Note: I originally run this role using a very old version of the library. Since then I've updated to 5.0.0 and behaviour remains the same. Also, my original analysis of the source code was of the latest version.
AWS SDK versions
$ pip show boto boto3 botocore
WARNING: Package(s) not found: boto
Name: boto3
Version: 1.19.0
Summary: The AWS SDK for Python
Home-page: https://github.com/boto/boto3
Author: Amazon Web Services
Author-email:
License: Apache License 2.0
Location: /usr/local/lib/python3.9/site-packages
Requires: botocore, jmespath, s3transfer
Required-by:
---
Name: botocore
Version: 1.22.0
Summary: Low-level, data-driven core of boto 3.
Home-page: https://github.com/boto/botocore
Author: Amazon Web Services
Author-email:
License: Apache License 2.0
Location: /usr/local/lib/python3.9/site-packages
Requires: jmespath, python-dateutil, urllib3
Required-by: boto3, s3transfer
Configuration
$ ansible-config dump --only-changed
OS / Environment
MacOS 12.6.1 (Monterrey)
Steps to Reproduce
- Deploy a stack set with at least one stack instance
- Add/remove a resource in the cloudformation template
- Re-deploy the stack set with check_mode = yes
Expected Results
Ideally, the ansible module would list what is about to be changed in the stack instance(s) and not deploy the changes. I believe this functionality is currently not provided by aws, so it would need a custom implementation.
At a minimum, the module should output a message like Resources in stack instance(s) are potentially going to be modified and exit the module.
Actual Results
Resources in the stack instances were changed.
Code of Conduct
- I agree to follow the Ansible Code of Conduct