Error removing old rules from EC2 security group

Question

Error removing old rules from EC2 security group

edolstra opened this issue 5 years ago · 0 comments

nixops deploy fails if it tries to remove a security group rule that no longer exists. It should just ignore this error.

Example:

$ nixops deploy -d nixos-bastion --include bastion-sg
warning: ignoring the user-specified setting 'allowed-uris', because it is a restricted setting and you are not a trusted user
warning: ignoring the user-specified setting 'allowed-uris', because it is a restricted setting and you are not a trusted user
bastion-sg.........> adding new rules to EC2 security group ‘charon-d48ef0d9-7bb1-11e8-8c41-507b9defcdfc-bastion-sg’...
bastion-sg.........> removing old rules from EC2 security group ‘charon-d48ef0d9-7bb1-11e8-8c41-507b9defcdfc-bastion-sg’...
Traceback (most recent call last):
  File "/nix/store/ykp6mhl9z0ym0cfc2znq4452d61qiqam-nixops-1.8pre20200107.893ea3f/bin/.nixops-wrapped", line 251, in <module>
    args.op(args)
  File "/nix/store/ykp6mhl9z0ym0cfc2znq4452d61qiqam-nixops-1.8pre20200107.893ea3f/lib/python2.7/site-packages/nixops/script_defs.py", line 444, in op_deploy
    max_concurrent_activate=args.max_concurrent_activate)
  File "/nix/store/ykp6mhl9z0ym0cfc2znq4452d61qiqam-nixops-1.8pre20200107.893ea3f/lib/python2.7/site-packages/nixops/deployment.py", line 1086, in deploy
    self.run_with_notify('deploy', lambda: self._deploy(**kwargs))
  File "/nix/store/ykp6mhl9z0ym0cfc2znq4452d61qiqam-nixops-1.8pre20200107.893ea3f/lib/python2.7/site-packages/nixops/deployment.py", line 1075, in run_with_notify
    f()
  File "/nix/store/ykp6mhl9z0ym0cfc2znq4452d61qiqam-nixops-1.8pre20200107.893ea3f/lib/python2.7/site-packages/nixops/deployment.py", line 1086, in <lambda>
    self.run_with_notify('deploy', lambda: self._deploy(**kwargs))
  File "/nix/store/ykp6mhl9z0ym0cfc2znq4452d61qiqam-nixops-1.8pre20200107.893ea3f/lib/python2.7/site-packages/nixops/deployment.py", line 1021, in _deploy
    nixops.parallel.run_tasks(nr_workers=-1, tasks=self.active_resources.itervalues(), worker_fun=worker)
  File "/nix/store/ykp6mhl9z0ym0cfc2znq4452d61qiqam-nixops-1.8pre20200107.893ea3f/lib/python2.7/site-packages/nixops/parallel.py", line 44, in thread_fun
    result_queue.put((worker_fun(t), None, t.name))
  File "/nix/store/ykp6mhl9z0ym0cfc2znq4452d61qiqam-nixops-1.8pre20200107.893ea3f/lib/python2.7/site-packages/nixops/deployment.py", line 994, in worker
    r.create(self.definitions[r.name], check=check, allow_reboot=allow_reboot, allow_recreate=allow_recreate)
  File "/nix/store/rigfi96y1gqlq5kjbjvmln9ckqaa6503-nixops-aws-1.7pre20191211.0da38bb/lib/python2.7/site-packages/nixopsaws/resources/ec2_security_group.py", line 216, in create
    grp.revoke(ip_protocol=rule[0], from_port=rule[1], to_port=rule[2], cidr_ip=rule[3])
  File "/nix/store/1q25a53kqmrd9n97gcqfacc24mavwx1k-python2.7-boto-2.49.0/lib/python2.7/site-packages/boto/ec2/securitygroup.py", line 243, in revoke
    dry_run=dry_run)
  File "/nix/store/1q25a53kqmrd9n97gcqfacc24mavwx1k-python2.7-boto-2.49.0/lib/python2.7/site-packages/boto/ec2/connection.py", line 3396, in revoke_security_group
    params, verb='POST')
  File "/nix/store/1q25a53kqmrd9n97gcqfacc24mavwx1k-python2.7-boto-2.49.0/lib/python2.7/site-packages/boto/connection.py", line 1227, in get_status
    raise self.ResponseError(response.status, response.reason, body)
boto.exception.EC2ResponseError: EC2ResponseError: 400 Bad Request
<?xml version="1.0" encoding="UTF-8"?>
<Response><Errors><Error><Code>InvalidPermission.NotFound</Code><Message>The specified rule does not exist in this security group.</Message></Error></Errors><RequestID>9c22e10a-4ff3-4418-bcf2-2b5142f89ffc</RequestID></Response>