community.aws icon indicating copy to clipboard operation
community.aws copied to clipboard

Published 20 hours ago verified publisher icon ansible-collections

fix: msk_cluster cannot concurrently support multiple client auth strategies

Open bpleines opened this issue 10 months ago • 2 comments

Summary

When using the msk_cluster module, I noticed that even when I specify multiple authentication strategies, only unauthenticated is picked up.

- name: Provision msk cluster
  msk_cluster:
    name: bpleines_msk_cluster
    state: present
    version: 2.4.1.1
    nodes: 3
    authentication:
      sasl_iam: true
      sasl_scram: true
      unauthenticated: true
...

Upon further inspection of the source code, I noticed that it is due to this code section. Current logic specifies that if unauthenticated set to true, the entire parent c_params["ClientAuthentication"] dictionary gets overwritten.

By altering the relevant code section to the following, I was able to test that the module brought up an msk cluster with all 3 authentication methods as desired:

        if module.params["authentication"].get("unauthenticated"):
            c_params["ClientAuthentication"]["Unauthenticated"] = {"Enabled": True}

I'd be happy to open a PR if allowed 😄

Issue Type

Bug Report

Component Name

msk_cluster

Ansible Version

$ ansible --version

ansible [core 2.15.2] config file = /Users/brandenpleines/github/verus-ansible/ansible.cfg configured module search path = ['/Users/brandenpleines/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /opt/homebrew/Cellar/ansible/8.2.0_2/libexec/lib/python3.11/site-packages/ansible ansible collection location = /Users/brandenpleines/.ansible/collections:/usr/share/ansible/collections executable location = /opt/homebrew/bin/ansible python version = 3.11.4 (main, Jul 25 2023, 17:36:13) [Clang 14.0.3 (clang-1403.0.22.14.1)] (/opt/homebrew/Cellar/ansible/8.2.0_2/libexec/bin/python) jinja version = 3.1.2 libyaml = True

Collection Versions

$ ansible-galaxy collection list

/opt/homebrew/Cellar/ansible/8.2.0_2/libexec/lib/python3.11/site-packages/ansible_collections

Collection Version

amazon.aws 6.2.0
ansible.netcommon 5.1.2
ansible.posix 1.5.4
ansible.utils 2.10.3 ansible.windows 1.14.0 arista.eos 6.0.1
awx.awx 22.5.0 azure.azcollection 1.16.0 check_point.mgmt 5.1.1
chocolatey.chocolatey 1.5.1
cisco.aci 2.6.0
cisco.asa 4.0.1
cisco.dnac 6.7.3
cisco.intersight 1.0.27 cisco.ios 4.6.1
cisco.iosxr 5.0.3
cisco.ise 2.5.12 cisco.meraki 2.15.3 cisco.mso 2.4.0
cisco.nso 1.0.3
cisco.nxos 4.4.0
cisco.ucs 1.9.0
cloud.common 2.1.3
cloudscale_ch.cloud 2.3.1
community.aws 6.1.0
community.azure 2.0.0
community.ciscosmb 1.0.6
community.crypto 2.14.1 community.digitalocean 1.23.0 community.dns 2.5.7
community.docker 3.4.8
community.fortios 1.0.0
community.general 7.2.0
community.google 1.0.0
community.grafana 1.5.4
community.hashi_vault 5.0.0
community.hrobot 1.8.1
community.libvirt 1.2.0
community.mongodb 1.6.1
community.mysql 3.7.2
community.network 5.0.0
community.okd 2.3.0
community.postgresql 2.4.2
community.proxysql 1.5.1
community.rabbitmq 1.2.3
community.routeros 2.8.3
community.sap 1.0.0
community.sap_libs 1.4.1
community.skydive 1.0.0
community.sops 1.6.4
community.vmware 3.8.0
community.windows 1.13.0 community.zabbix 2.1.0
containers.podman 1.10.2 cyberark.conjur 1.2.0
cyberark.pas 1.0.19 dellemc.enterprise_sonic 2.2.0
dellemc.openmanage 7.6.1
dellemc.powerflex 1.7.0
dellemc.unity 1.7.0
f5networks.f5_modules 1.25.0 fortinet.fortimanager 2.2.0
fortinet.fortios 2.3.0
frr.frr 2.0.2
gluster.gluster 1.0.2
google.cloud 1.2.0
grafana.grafana 2.1.4
hetzner.hcloud 1.16.0 hpe.nimble 1.1.4
ibm.qradar 2.1.0
ibm.spectrum_virtualize 1.12.0 infinidat.infinibox 1.3.12 infoblox.nios_modules 1.5.0
inspur.ispim 1.3.0
inspur.sm 2.3.0
junipernetworks.junos 5.2.0
kubernetes.core 2.4.0
lowlydba.sqlserver 2.0.0
microsoft.ad 1.2.0
netapp.aws 21.7.0 netapp.azure 21.10.0 netapp.cloudmanager 21.22.0 netapp.elementsw 21.7.0 netapp.ontap 22.7.0 netapp.storagegrid 21.11.1 netapp.um_info 21.8.0 netapp_eseries.santricity 1.4.0
netbox.netbox 3.13.0 ngine_io.cloudstack 2.3.0
ngine_io.exoscale 1.0.0
ngine_io.vultr 1.1.3
openstack.cloud 2.1.0
openvswitch.openvswitch 2.1.1
ovirt.ovirt 3.1.2
purestorage.flasharray 1.20.0 purestorage.flashblade 1.12.1 purestorage.fusion 1.5.0
sensu.sensu_go 1.13.2 servicenow.servicenow 1.0.6
splunk.es 2.1.0
t_systems_mms.icinga_director 1.33.1 theforeman.foreman 3.12.0 vmware.vmware_rest 2.3.1
vultr.cloud 1.8.0
vyos.vyos 4.1.0

AWS SDK versions

$ pip show boto boto3 botocore

N/A

Configuration

$ ansible-config dump --only-changed

N/A

OS / Environment

Ran on Mac OSX but shouldn't matter

Steps to Reproduce

- name: Provision msk cluster
  msk_cluster:
    name: bpleines_msk_cluster
    state: present
    version: 2.4.1.1
    nodes: 3
    authentication:
      sasl_iam: true
      sasl_scram: true
      unauthenticated: true
...

Expected Results

An msk cluster is provisioned with all 3 authentication methods enabled

Actual Results

An MSK cluster with only unauthenticated is enabled

Code of Conduct

  • [X] I agree to follow the Ansible Code of Conduct

bpleines avatar Aug 31 '23 01:08 bpleines