Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mq_broker fails if engine_type is RabbitMQ because audit logging is not supported #2130

Open
1 task done
doubletwist13 opened this issue Jul 30, 2024 · 0 comments
Open
1 task done

mq_broker fails if engine_type is RabbitMQ because audit logging is not supported #2130

doubletwist13 opened this issue Jul 30, 2024 · 0 comments

Comments

@doubletwist13
Copy link

Summary

When attempting to create a RabbitMQ type broker, no matter how enable_audit_log and enable_general_log are set (or even if not specified), it always fails with:

An error occurred (BadRequestException) when calling the CreateBroker operation: Audit logging is not supported for RabbitMQ brokers.

It looks like this has been encountered by Terraform as well (hashicorp/terraform-provider-aws#18350) and suggests that if the engine type is RABBITMQ, no logging arguments should be passed at all.

I've also verified that if I manually comment out all the lines in mq_broker.py that reference those two arguments, the broker is successfully created, so I'm guessing there needs to be some logic added that if the engine_type is set to RABBITMQ, to omit those two arguments completely.

Issue Type

Bug Report

Component Name

mq_broker

Ansible Version

ansible [core 2.17.2]
  config file = None
  configured module search path = ['/home/REDACTED/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/REDACTED/.virtualenvs/my-ansible/lib/python3.12/site-packages/ansible
  ansible collection location = /home/REDACTED/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/REDACTED/.virtualenvs/my-ansible/bin/ansible
  python version = 3.12.4 (main, Jun  7 2024, 00:00:00) [GCC 14.1.1 20240607 (Red Hat 14.1.1-5)] (/home/REDACTED/.virtualenvs/my-ansible/bin/python)
  jinja version = 3.1.4
  libyaml = True

Collection Versions

Collection                               Version
---------------------------------------- -------
amazon.aws                               8.1.0  
ansible.netcommon                        6.1.3  
ansible.posix                            1.5.4  
ansible.utils                            4.1.0  
ansible.windows                          2.4.0  
arista.eos                               9.0.0  
awx.awx                                  24.6.1 
azure.azcollection                       2.6.0  
check_point.mgmt                         5.2.3  
chocolatey.chocolatey                    1.5.1  
cisco.aci                                2.10.1 
cisco.asa                                5.0.1  
cisco.dnac                               6.16.0 
cisco.intersight                         2.0.9  
cisco.ios                                8.0.0  
cisco.iosxr                              9.0.0  
cisco.ise                                2.9.2  
cisco.meraki                             2.18.1 
cisco.mso                                2.8.0  
cisco.nxos                               8.1.0  
cisco.ucs                                1.10.0 
cloud.common                             3.0.0  
cloudscale_ch.cloud                      2.3.1  
community.aws                            8.0.0  
community.ciscosmb                       1.0.9  
community.crypto                         2.21.0 
community.digitalocean                   1.26.0 
community.dns                            3.0.2  
community.docker                         3.11.0 
community.general                        9.2.0  
community.grafana                        1.9.1  
community.hashi_vault                    6.2.0  
community.hrobot                         2.0.1  
community.library_inventory_filtering_v1 1.0.1  
community.libvirt                        1.3.0  
community.mongodb                        1.7.5  
community.mysql                          3.9.0  
community.network                        5.0.3  
community.okd                            3.0.1  
community.postgresql                     3.4.1  
community.proxysql                       1.6.0  
community.rabbitmq                       1.3.0  
community.routeros                       2.17.0 
community.sap_libs                       1.4.2  
community.sops                           1.8.0  
community.vmware                         4.5.0  
community.windows                        2.2.0  
community.zabbix                         2.5.1  
containers.podman                        1.15.4 
cyberark.conjur                          1.3.0  
cyberark.pas                             1.0.25 
dellemc.enterprise_sonic                 2.4.0  
dellemc.openmanage                       9.4.0  
dellemc.powerflex                        2.5.0  
dellemc.unity                            2.0.0  
f5networks.f5_modules                    1.29.0 
fortinet.fortimanager                    2.5.0  
fortinet.fortios                         2.3.7  
frr.frr                                  2.0.2  
google.cloud                             1.3.0  
grafana.grafana                          5.3.0  
hetzner.hcloud                           3.1.1  
ibm.qradar                               3.0.0  
ibm.spectrum_virtualize                  2.0.0  
ibm.storage_virtualize                   2.4.1  
ieisystem.inmanage                       2.0.0  
infinidat.infinibox                      1.4.5  
infoblox.nios_modules                    1.6.1  
inspur.ispim                             2.2.3  
inspur.sm                                2.3.0  
junipernetworks.junos                    8.0.0  
kaytus.ksmanage                          1.2.2  
kubernetes.core                          3.2.0  
kubevirt.core                            1.5.0  
lowlydba.sqlserver                       2.3.3  
microsoft.ad                             1.6.0  
netapp.cloudmanager                      21.22.1
netapp.ontap                             22.11.0
netapp.storagegrid                       21.12.0
netapp_eseries.santricity                1.4.0  
netbox.netbox                            3.19.1 
ngine_io.cloudstack                      2.3.0  
ngine_io.exoscale                        1.1.0  
openstack.cloud                          2.2.0  
openvswitch.openvswitch                  2.1.1  
ovirt.ovirt                              3.2.0  
purestorage.flasharray                   1.30.0 
purestorage.flashblade                   1.17.0 
sensu.sensu_go                           1.14.0 
splunk.es                                3.0.0  
t_systems_mms.icinga_director            2.0.1  
telekom_mms.icinga_director              2.1.2  
theforeman.foreman                       4.0.0  
vmware.vmware                            1.3.0  
vmware.vmware_rest                       3.0.1  
vultr.cloud                              1.13.0 
vyos.vyos                                4.1.0  
wti.remote                               1.0.5

AWS SDK versions

WARNING: Package(s) not found: boto
Name: boto3
Version: 1.34.149
Summary: The AWS SDK for Python
Home-page: https://github.com/boto/boto3
Author: Amazon Web Services
Author-email: 
License: Apache License 2.0
Location: /home/REDACTED/.virtualenvs/my-ansible/lib/python3.12/site-packages
Requires: botocore, jmespath, s3transfer
Required-by: 
---
Name: botocore
Version: 1.34.149
Summary: Low-level, data-driven core of boto 3.
Home-page: https://github.com/boto/botocore
Author: Amazon Web Services
Author-email: 
License: Apache License 2.0
Location: /home/REDACTED/.virtualenvs/my-ansible/lib/python3.12/site-packages
Requires: jmespath, python-dateutil, urllib3
Required-by: boto3, s3transfer

Configuration

ANSIBLE_NOCOWS(ansible.cfg) = True
CALLBACKS_ENABLED(ansible.cfg) = ['ansible.posix.profile_tasks']
CONFIG_FILE() = ansible.cfg
DEFAULT_GATHERING(ansible.cfg) = smart
DEFAULT_MANAGED_STR(ansible.cfg) = #### DO NOT EDIT! This file is managed by Ansible. ####
DEFAULT_REMOTE_USER(ansible.cfg) = ansible
DEFAULT_ROLES_PATH(ansible.cfg) = ['/PATHTO/ansible/roles']
DEFAULT_STDOUT_CALLBACK(ansible.cfg) = debug
DEFAULT_UNDEFINED_VAR_BEHAVIOR(ansible.cfg) = True
DEPRECATION_WARNINGS(ansible.cfg) = False
EDITOR(env: EDITOR) = /usr/bin/vim
RETRY_FILES_ENABLED(ansible.cfg) = False

OS / Environment

Fedora Linux 40 using virtualenvwrapper

Steps to Reproduce

- name: Create Amazon MQ cluster
  community.aws.mq_broker:
    state: present
    broker_name: "MyBroker"
    # NOTE: Same error whether these are passed in or not
    # enable_audit_log: "false"
    # enable_general_log: "false"
    engine_type: "RABBITMQ"
    deployment_mode: "CLUSTER_MULTI_AZ"
    host_instance_type: "mq.m5.large"
    publicly_accessible: false
    region: "us-east-1"
    security_groups: ["SECURITY_GROUP_ID"]
    storage_type: "EBS"
    tags: "{"Owner":"Ansible"}"
    wait: true
  register: mq_broker_info

Expected Results

Expect it to successfully create a RabbitMQ broker

Actual Results

The full traceback is:
Traceback (most recent call last):
  File "/tmp/ansible_community.aws.mq_broker_payload_69e2t6kn/ansible_community.aws.mq_broker_payload.zip/ansible_collections/community/aws/plugins/modules/mq_broker.py", line 594, in main
    compound_result = ensure_present(connection, module)
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/tmp/ansible_community.aws.mq_broker_payload_69e2t6kn/ansible_community.aws.mq_broker_payload.zip/ansible_collections/community/aws/plugins/modules/mq_broker.py", line 558, in ensure_present
    return create_broker(conn, module)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/tmp/ansible_community.aws.mq_broker_payload_69e2t6kn/ansible_community.aws.mq_broker_payload.zip/ansible_collections/community/aws/plugins/modules/mq_broker.py", line 488, in create_broker
    result = conn.create_broker(**kwargs)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/REDACTED/.virtualenvs/my-ansible/lib/python3.12/site-packages/botocore/client.py", line 565, in _api_call
    return self._make_api_call(operation_name, kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/REDACTED/.virtualenvs/my-ansible/lib/python3.12/site-packages/botocore/client.py", line 1017, in _make_api_call
    raise error_class(parsed_response, operation_name)
botocore.errorfactory.BadRequestException: An error occurred (BadRequestException) when calling the CreateBroker operation: Audit logging is not supported for RabbitMQ brokers.
fatal: [localhost]: FAILED! => {
    "boto3_version": "1.34.149",
    "botocore_version": "1.34.149",
    "changed": false,
    "error": {
        "code": "BadRequestException",
        "message": "Audit logging is not supported for RabbitMQ brokers."
    },
    "error_attribute": "logs.audit",
    "invocation": {
        "module_args": {
            "access_key": null,
            "authentication_strategy": null,
            "auto_minor_version_upgrade": true,
            "aws_ca_bundle": null,
            "aws_config": null,
            "broker_name": "MyBroker",
            "debug_botocore_endpoint_logs": false,
            "deployment_mode": "CLUSTER_MULTI_AZ",
            "penable_audit_log": false,
            "enable_general_log": false,
            "endpoint_url": null,
            "engine_type": "RABBITMQ",
            "engine_version": null,
            "host_instance_type": "mq.m5.large",
            "kms_key_id": null,
            "maintenance_window_start_time": null,
            "profile": "MY_AWS_PROFILE",
            "publicly_accessible": false,
            "region": "us-east-1",
            "secret_key": null,
            "security_groups": [
                "SECURITY_GROUP_ID"
            ],
            "session_token": null,
            "state": "present",
            "storage_type": "EBS",
            "subnet_ids": null,
            "tags": {
                "Owner": "Ansible"
            },
            "use_aws_owned_key": null,
            "users": null,
            "validate_certs": true,
            "wait": true,
            "wait_timeout": 900
        }
    },
    "message": "Audit logging is not supported for RabbitMQ brokers.",
    "response_metadata": {
        "http_headers": {
            "access-control-allow-origin": "*",
            "access-control-expose-headers": "x-amzn-errortype,x-amzn-requestid,x-amzn-errormessage,x-amzn-trace-id,x-amz-apigw-id,date",
            "connection": "keep-alive",
            "content-length": "96",
            "content-type": "application/json",
            "date": "Tue, 30 Jul 2024 15:12:16 GMT",
            "x-amz-apigw-id": "REDACTED",
            "x-amzn-errortype": "BadRequestException",
            "x-amzn-requestid": "REDACTED",
            "x-amzn-trace-id": "REDACTED"
        },
        "http_status_code": 400,
        "request_id": "REDACTED",
        "retry_attempts": 0
    }
}

MSG:

An error occurred (BadRequestException) when calling the CreateBroker operation: Audit logging is not supported for RabbitMQ brokers.

Code of Conduct

  • I agree to follow the Ansible Code of Conduct
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@doubletwist13