troposphere icon indicating copy to clipboard operation
troposphere copied to clipboard

Published 20 hours ago verified publisher icon cloudtools

cfn2py dies while processing SecurityGroupEgress

Open pas256 opened this issue 11 years ago • 4 comments

It would seem I have the best CF template ever for testing cfn2py.

The script is now returning this error:

NatSecurityGroup = t.add_resource(SecurityGroup(
    "NatSecurityGroup",
    VpcId=Ref(MyVpc),
    GroupDescription="NAT VPC security group",
Traceback (most recent call last):
  File "./cfn2py", line 229, in <module>
    globals()["do_" + s.lower()](d)
  File "./cfn2py", line 128, in do_resources
    print '    %s=%s,' % (pk, output_value(pv))
  File "./cfn2py", line 178, in output_value
    return "[" + ", ".join(out) + "]"
TypeError: sequence item 0: expected string, NoneType found

with the following as the input template snipped

    "NatSecurityGroup" : {
      "Type" : "AWS::EC2::SecurityGroup",
      "Properties" : {
        "GroupDescription" : "NAT VPC security group",
        "VpcId" : {
          "Ref" : "MyVpc"
        },
        "SecurityGroupEgress" : [ {
          "IpProtocol" : "-1",
          "CidrIp" : "0.0.0.0/0"
        } ]
      }
    },

Please let me know if you need any more information.

pas256 avatar Jan 23 '14 16:01 pas256

I'm looking into this issue but expanding the properties is going to take some amount of rewrite for cfn2py to deal with it properly. I appreciate the bug reports as cfn2py has been a proof of concept without a lot of real world feedback until now.

markpeek avatar Jan 24 '14 04:01 markpeek

Hi @markpeek, no problem. I and found it to be a great tool so far, but today I also discovered a number of other issues (haven't posted them yet). Once it is more robust, I would expect you could run cfn2py to get the code, and then generate the CF template, and end up with the same thing you started with. JSON types (bool so far, but there are also ints) post some challenges, as do Tags for ASGs that need to propagate at launch. It looks like more recent troposphere changes also have stronger type requirements (123 instead of "123"), so I totally understand that it will take some time to get there. Should I get some down time, I am happy to contribute. Just giving you a heads up for now. Thank you so much for what you have done.

pas256 avatar Jan 24 '14 04:01 pas256

I think my pull request #70 fixes this issue. Can someone else confirm that ?

mbrossard avatar Mar 29 '14 21:03 mbrossard

@mbrossard we've tested your fix using our JSON which had security groups which failed. No errors thrown, we did see a few minor things with meta data being in wrong place but nothing we couldn't tweak pretty quickly.

robottaway avatar May 14 '14 18:05 robottaway