Open
Description
From @pinkeen on Mar 20, 2020 03:31
SUMMARY
The cloudfront_distribution module internally deduplicates origin configuration items by
using their domain as dict key. If multiple origins have the same domain name only the last
one will be taken into account, others will not be created or a validation error will be thrown
in case a missing one is referenced in any cache_behavior.
This behavior is not rooted in any AWS CloudFront configuration constraints - on the contrary -
CF allows creating any number of exactly the same origin configurations which differ only by Id
as this is the only parameter which is required to be unique.
All ansible versions that support this module are affected.
ISSUE TYPE
- Bug Report
COMPONENT NAME
cloudfront_distribution
ANSIBLE VERSION
ansible 2.9.0
config file = /Users/dsh/MageOps/AnsibleOSS/ansible.cfg
configured module search path = ['/Users/dsh/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /Users/dsh/MageOps/AnsibleOSS/tmp/venv/lib/python3.7/site-packages/ansible
executable location = /Users/dsh/MageOps/AnsibleOSS/tmp/venv/bin/ansible
python version = 3.7.6 (default, Dec 30 2019, 19:38:26) [Clang 11.0.0 (clang-1100.0.33.16)]
CONFIGURATION
OS / ENVIRONMENT
No relevant.
STEPS TO REPRODUCE
- hosts: localhost
connection: local
tasks:
- cloudfront_distribution:
state: present
enabled: false
comment: Ansible bug reproduction
caller_reference: AnsibleStuff
origins:
- id: AnsibleRoot
domain_name: ansible.com
- id: AnsibleResources
domain_name: ansible.com
origin_path: "/resources"
default_cache_behavior:
target_origin_id: AnsibleRootEXPECTED RESULTS
The CloudFront Distribution should be created / updated.
ACTUAL RESULTS
TASK [cloudfront_distribution] ******************************************************************************************************************************************************
task path: /Users/dsh/cf-repro.yml:4
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: dsh
<127.0.0.1> EXEC /bin/sh -c 'echo ~dsh && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /Users/dsh/.ansible/tmp/ansible-tmp-1584674953.26245-88411081129395 `" && echo ansible-tmp-1584674953.26245-88411081129395="` echo /Users/dsh/.ansible/tmp/ansible-tmp-1584674953.26245-88411081129395 `" ) && sleep 0'
Using module file /Users/dsh/MageOps/AnsibleOSS/tmp/venv/lib/python3.7/site-packages/ansible/modules/cloud/amazon/cloudfront_distribution.py
<127.0.0.1> PUT /Users/dsh/.ansible/tmp/ansible-local-4363026ivebns/tmp6uao0n35 TO /Users/dsh/.ansible/tmp/ansible-tmp-1584674953.26245-88411081129395/AnsiballZ_cloudfront_distribution.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /Users/dsh/.ansible/tmp/ansible-tmp-1584674953.26245-88411081129395/ /Users/dsh/.ansible/tmp/ansible-tmp-1584674953.26245-88411081129395/AnsiballZ_cloudfront_distribution.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/Users/dsh/MageOps/AnsibleOSS/tmp/venv/bin/python3.7 /Users/dsh/.ansible/tmp/ansible-tmp-1584674953.26245-88411081129395/AnsiballZ_cloudfront_distribution.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /Users/dsh/.ansible/tmp/ansible-tmp-1584674953.26245-88411081129395/ > /dev/null 2>&1 && sleep 0'
fatal: [localhost]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"alias": null,
"aliases": [],
"aws_access_key": null,
"aws_secret_key": null,
"cache_behaviors": null,
"caller_reference": "AnsibleStuff",
"comment": "Ansible bug reproduction",
"custom_error_responses": null,
"debug_botocore_endpoint_logs": false,
"default_cache_behavior": {
"compress": false,
"default_t_t_l": 86400,
"max_t_t_l": 31536000,
"min_t_t_l": 0,
"target_origin_id": "AnsibleRoot"
},
"default_origin_domain_name": null,
"default_origin_path": null,
"default_root_object": null,
"distribution_id": null,
"e_tag": null,
"ec2_url": null,
"enabled": false,
"http_version": null,
"ipv6_enabled": null,
"logging": null,
"origins": [
{
"custom_headers": {
"quantity": 0
},
"custom_origin_config": {
"h_t_t_p_port": 80,
"h_t_t_p_s_port": 443,
"origin_keepalive_timeout": 5,
"origin_protocol_policy": "match-viewer",
"origin_read_timeout": 30,
"origin_ssl_protocols": {
"items": [
"TLSv1",
"TLSv1.1",
"TLSv1.2"
],
"quantity": 3
}
},
"domain_name": "ansible.com",
"id": "AnsibleRoot",
"origin_path": "/resources"
},
{
"custom_headers": {
"quantity": 0
},
"custom_origin_config": {
"h_t_t_p_port": 80,
"h_t_t_p_s_port": 443,
"origin_keepalive_timeout": 5,
"origin_protocol_policy": "match-viewer",
"origin_read_timeout": 30,
"origin_ssl_protocols": {
"items": [
"TLSv1",
"TLSv1.1",
"TLSv1.2"
],
"quantity": 3
}
},
"domain_name": "ansible.com",
"id": "AnsibleResources",
"origin_path": "/resources"
}
],
"price_class": null,
"profile": null,
"purge_aliases": false,
"purge_cache_behaviors": false,
"purge_custom_error_responses": false,
"purge_origins": false,
"purge_tags": false,
"region": null,
"restrictions": null,
"security_token": null,
"state": "present",
"tags": {},
"validate_certs": true,
"viewer_certificate": null,
"wait": false,
"wait_timeout": 1800,
"web_acl_id": null
}
},
"msg": "Default cache behavior has target_origin_id pointing to an origin that does not exist."
}
Copied from original issue: ansible/ansible#68354