Fix: ec2_instance idempotency issue when attaching ENI to isntance (#1576) (#1579)

patchback[bot] · web-flow · commit 38a8a72aaab1 · 2023-06-05T12:38:29.000Z
[PR #1576/b7533c55 backport][stable-6] ec2_instance - fix idempotency issue when attaching ENI to isntance This is a backport of PR #1576 as merged into main (b7533c5). SUMMARY closes #1403 ISSUE TYPE Bugfix Pull Request COMPONENT NAME ec2_instance Reviewed-by: Alina Buzachis
diff --git a/changelogs/fragments/ec2_instance-eni-attach-idempotency.yml b/changelogs/fragments/ec2_instance-eni-attach-idempotency.yml
@@ -0,0 +1,3 @@
+---
+bugfixes:
+  - ec2_instance - fix check_mode issue when adding network interfaces (https://github.com/ansible-collections/amazon.aws/issues/1403).
diff --git a/plugins/modules/ec2_instance.py b/plugins/modules/ec2_instance.py
@@ -1510,16 +1510,19 @@ def change_network_attachments(instance, params):
         # network.interfaces can create the need to attach new interfaces
         old_ids = [inty["NetworkInterfaceId"] for inty in instance["NetworkInterfaces"]]
         to_attach = set(new_ids) - set(old_ids)
-        for eni_id in to_attach:
-            try:
-                client.attach_network_interface(
-                    aws_retry=True,
-                    DeviceIndex=new_ids.index(eni_id),
-                    InstanceId=instance["InstanceId"],
-                    NetworkInterfaceId=eni_id,
-                )
-            except (botocore.exceptions.BotoCoreError, botocore.exceptions.ClientError) as e:
-                module.fail_json_aws(e, msg=f"Could not attach interface {eni_id} to instance {instance['InstanceId']}")
+        if not module.check_mode:
+            for eni_id in to_attach:
+                try:
+                    client.attach_network_interface(
+                        aws_retry=True,
+                        DeviceIndex=new_ids.index(eni_id),
+                        InstanceId=instance["InstanceId"],
+                        NetworkInterfaceId=eni_id,
+                    )
+                except (botocore.exceptions.BotoCoreError, botocore.exceptions.ClientError) as e:
+                    module.fail_json_aws(
+                        e, msg=f"Could not attach interface {eni_id} to instance {instance['InstanceId']}"
+                    )
         return bool(len(to_attach))
     return False
 
diff --git a/tests/integration/targets/ec2_instance_external_resource_attach/tasks/main.yml b/tests/integration/targets/ec2_instance_external_resource_attach/tasks/main.yml
@@ -60,6 +60,39 @@
         - 'in_test_vpc_instance.instances.0.key_name == "{{ resource_prefix }}_test_key"'
         - '(in_test_vpc_instance.instances.0.network_interfaces | length) == 1'
 
+  - name: "Add a second interface (check_mode=true)"
+    ec2_instance:
+      state: present
+      name: "{{ resource_prefix }}-test-eni-vpc"
+      network:
+        interfaces:
+          - id: "{{ eni_a.interface.id }}"
+          - id: "{{ eni_b.interface.id }}"
+      image_id: "{{ ec2_ami_id }}"
+      tags:
+        TestId: "{{ ec2_instance_tag_TestId }}"
+      instance_type: "{{ ec2_instance_type }}"
+      wait: false
+    register: add_interface_check_mode
+    check_mode: true
+
+  - name: Validate task reported changed
+    assert:
+      that:
+        - add_interface_check_mode is changed
+
+  - name: "Gather {{ resource_prefix }}-test-eni-vpc info"
+    ec2_instance_info:
+      filters:
+        "tag:Name": '{{ resource_prefix }}-test-eni-vpc'
+    register: in_test_vpc_instance
+
+  - name: Validate that only 1 ENI is attached to instance as we run using check_mode=true
+    assert:
+      that:
+        - 'in_test_vpc_instance.instances.0.key_name == "{{ resource_prefix }}_test_key"'
+        - '(in_test_vpc_instance.instances.0.network_interfaces | length) == 1'
+
   - name: "Add a second interface"
     ec2_instance:
       state: present
@@ -75,9 +108,25 @@
       wait: false
     register: add_interface
     until: add_interface is not failed
-    ignore_errors: yes
+    ignore_errors: true
     retries: 10
 
+  - name: Validate that the instance has now 2 interfaces attached
+    block:
+      - name: "Gather {{ resource_prefix }}-test-eni-vpc info"
+        ec2_instance_info:
+          filters:
+            "tag:Name": '{{ resource_prefix }}-test-eni-vpc'
+        register: in_test_vpc_instance
+
+      - name: Validate that only 1 ENI is attached to instance as we run using check_mode=true
+        assert:
+          that:
+            - 'in_test_vpc_instance.instances.0.key_name == "{{ resource_prefix }}_test_key"'
+            - '(in_test_vpc_instance.instances.0.network_interfaces | length) == 2'
+
+    when: add_interface is successful
+
   - name: "Make instance in the testing subnet created in the test VPC(check mode)"
     ec2_instance:
       state: present

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+---`
	`2`	`+bugfixes:`
	`3`	`+ - ec2_instance - fix check_mode issue when adding network interfaces (https://github.com/ansible-collections/amazon.aws/issues/1403).`