Open
Description
Summary
When trying to attach the WAF to an ALB the integration tests are consistently failing in CI
I've attempted to fix the tests, but I'm not familiar enough with AWS WAF to identify and fix the problem
Issue Type
Bug Report
Component Name
wafv2
Ansible Version
CI
Collection Versions
CI
AWS SDK versions
Successfully installed PyYAML-5.3.1 awscli-1.19.0 boto3-1.17.0 botocore-1.20.0 colorama-0.4.3 distlib-0.3.4 docutils-0.15.2 filelock-3.6.0 jmespath-0.10.0 netaddr-0.8.0 platformdirs-2.5.1 pycrypto-2.6.1 python-dateutil-2.8.2 rsa-4.5 s3transfer-0.3.7 virtualenv-20.13.3Configuration
CI
OS / Environment
CI
Steps to Reproduce
Run integration tests
Expected Results
Tests pass
Actual Results
TASK [wafv2 : add test alb to test waf] ***************************************************************************************************************************************************************************
task path: /root/ansible_collections/community/aws/tests/output/.tmp/integration/wafv2-y7rwey2x-ÅÑŚÌβŁÈ/tests/integration/targets/wafv2/tasks/waf_resources.yml:19
Using module file /root/ansible_collections/community/aws/plugins/modules/wafv2_resources.py
Pipelining is enabled.
<testhost> ESTABLISH LOCAL CONNECTION FOR USER: root
<testhost> EXEC /bin/sh -c 'ANSIBLE_DEBUG_BOTOCORE_LOGS=True /usr/bin/python3.10 && sleep 0'
FAILED - RETRYING: [testhost]: add test alb to test waf (20 retries left).Result was: {
...
Using module file /root/ansible_collections/community/aws/plugins/modules/wafv2_resources.py
Pipelining is enabled.
<testhost> EXEC /bin/sh -c 'ANSIBLE_DEBUG_BOTOCORE_LOGS=True /usr/bin/python3.10 && sleep 0'
The full traceback is:
Traceback (most recent call last):
File "/tmp/ansible_wafv2_resources_payload_pxyy0uar/ansible_wafv2_resources_payload.zip/ansible_collections/community/aws/plugins/modules/wafv2_resources.py", line 97, in add_wafv2_resources
File "/usr/lib/python3.10/dist-packages/botocore/client.py", line 357, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/usr/lib/python3.10/dist-packages/botocore/client.py", line 676, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.errorfactory.WAFUnavailableEntityException: An error occurred (WAFUnavailableEntityException) when calling the AssociateWebACL operation: AWS WAF couldn’t retrieve the resource that you requested. Retry your request.
fatal: [testhost]: FAILED! => {
"attempts": 20,
"boto3_version": "1.17.0",
"botocore_version": "1.20.0",
"changed": false,
"error": {
"code": "WAFUnavailableEntityException",
"message": "AWS WAF couldn’t retrieve the resource that you requested. Retry your request."
},
"invocation": {
"module_args": {
"arn": "arn:aws:elasticloadbalancing:us-east-1:966509639900:loadbalancer/app/my-alb-e7715efcd1bd/93425d2b81a1b8a8",
"aws_access_key": "ASIA6CCDWXDOLLGNE37D",
"aws_ca_bundle": null,
"aws_config": null,
"aws_secret_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"debug_botocore_endpoint_logs": true,
"ec2_url": null,
"name": "e7715efcd1bd-web-acl",
"profile": null,
"region": "us-east-1",
"scope": "REGIONAL",
"security_token": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"state": "present",
"validate_certs": true
}
},
"message": "AWS WAF couldn’t retrieve the resource that you requested. Retry your request.",
"msg": "Failed to add wafv2 web acl.: An error occurred (WAFUnavailableEntityException) when calling the AssociateWebACL operation: AWS WAF couldn’t retrieve the resource that you requested. Retry your request.",
"resource_actions": [
"wafv2:ListWebACLs",
"wafv2:AssociateWebACL",
"wafv2:ListResourcesForWebACL",
"wafv2:GetWebACL"
],
"response_metadata": {
"http_headers": {
"connection": "close",
"content-length": "135",
"content-type": "application/x-amz-json-1.1",
"date": "Sat, 12 Mar 2022 19:41:23 GMT",
"x-amzn-requestid": "b796fe71-676e-4ee1-884e-43fc65aea2ee"
},
"http_status_code": 400,
"request_id": "b796fe71-676e-4ee1-884e-43fc65aea2ee",
"retry_attempts": 0
}
}Code of Conduct
- I agree to follow the Ansible Code of Conduct