Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ignore comparing protected_settings #580

Merged
merged 9 commits into from
Feb 7, 2022

Conversation

Fred-sun
Copy link
Collaborator

SUMMARY

Ignore comparing protected_settings, Try to fixes #473

ISSUE TYPE
  • Bugfix Pull Request
COMPONENT NAME

azure_rm_virtualmachineextension.py

ADDITIONAL INFORMATION

@Fred-sun Fred-sun added the ready_for_review The PR has been modified and can be reviewed and merged label Jul 13, 2021
@Fred-sun Fred-sun added enhancement New feature or request medium_priority Medium priority labels Jul 15, 2021
@paultaiton
Copy link
Contributor

Howdy @Fred-sun ,

For context, I'm familiar with the bug that prompted this PR, and how the vm extension "resource" works, but am not very knowledgeable about how this module works.

The one concern I have with this modification is how would it work if I need to update a vm extension and the only modification is the protected setting? The specific hypothetical example I can think of is the case of a log-analytics secret key being rotated,
OMS extension
If I need to update a vm to use a new log analytics key, none of the other settings would be modified, so if I'm understanding your code modifications correctly, the module would not recognize that anything changed, and it would just return OK with no modifications being performed in Azure.

This may not be an actual issue in practice. I don't have much experience with rotating keys and updating the extension, so I don't know how it would impact in this specific example, but the general concern would apply to any extension where an update may be made with the only change being a protected setting.

@Fred-sun
Copy link
Collaborator Author

@paultaiton Yes, maybe we should find a way to check the update, I will hold this PR and find a solution, thank you!

@Fred-sun Fred-sun added hold The problem holds for a particular reason and removed ready_for_review The PR has been modified and can be reviewed and merged labels Jul 19, 2021
@l3ender
Copy link
Contributor

l3ender commented Nov 28, 2021

Initial discussion of this issue in Azure/azure_preview_modules#326 mentioned an approach where an additional force_update parameter could be added which would allow a user to re-configure an already installed VM extension. I believe that is a good approach and would help fix this bug.

@Fred-sun I am happy to help work on this issue. Would you mind granting me contributor access to your repo/branch so I can update this PR? Or I can open a separate PR with the new changes built on top of your ones.

Thanks!

@Fred-sun
Copy link
Collaborator Author

@l3ender Invitations have been sent!

@l3ender
Copy link
Contributor

l3ender commented Nov 29, 2021

Thanks @Fred-sun!

I have updated the PR. A few notes:

  • The CoreOS image is no longer available so I have updated all references to it.
  • I used force_update_tag parameter to match SDK property of same name. Since this property applies to more than just the discussed protected_settings parameter, I have updated the module accordingly.
  • I added more tests and corrected spec and idempotency.

I ran test cases with the following playbook:

---
- name: "Playbook for testing."
  hosts: "localhost"
  connection: "local"
  gather_facts: false
  vars:
    resource_group: "automated-testing"
    resource_group_secondary: "automated-testing-secondary"
  collections:
    - azure.azcollection

  tasks:
    - name: "Include tests"
      include_tasks: "tests/integration/targets/azure_rm_virtualmachineextension/tasks/main.yml"
      vars:
        protected_settings_file: "tests/integration/targets/azure_rm_virtualmachineextension/files/test-protected-settings.json"
        public_settings_file: "tests/integration/targets/azure_rm_virtualmachineextension/files/test-public-settings.json"

Please take a look and let me know if you have any comments. Thank you!

@Fred-sun Fred-sun added ready_for_review The PR has been modified and can be reviewed and merged and removed hold The problem holds for a particular reason labels Dec 8, 2021
@l3ender
Copy link
Contributor

l3ender commented Dec 24, 2021

Hello @xuzhang3, can you please check on this one? Thank you!

@l3ender
Copy link
Contributor

l3ender commented Jan 28, 2022

Hello, any update on this PR? Thank you!

@paultaiton
Copy link
Contributor

I have not looked over the entirety of the PR, but the aproach that @l3ender suggested of a forced-update tag would completely elimanate any of my prior concerns.

@xuzhang3
Copy link
Collaborator

xuzhang3 commented Feb 7, 2022

@l3ender LGTM shipping it

@xuzhang3 xuzhang3 merged commit 035d0cc into ansible-collections:dev Feb 7, 2022
@l3ender l3ender deleted the update_vmextension branch May 18, 2022 21:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request medium_priority Medium priority ready_for_review The PR has been modified and can be reviewed and merged
Projects
None yet
Development

Successfully merging this pull request may close these issues.

azure_rm_virtualmachineextension always changed
4 participants