Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gcp_iam_service_account_key - TypeError: 'NoneType' object is not subscriptable #244

Closed
bgrande12 opened this issue Jun 17, 2020 · 2 comments · May be fixed by #612
Closed

gcp_iam_service_account_key - TypeError: 'NoneType' object is not subscriptable #244

bgrande12 opened this issue Jun 17, 2020 · 2 comments · May be fixed by #612

Comments

@bgrande12
Copy link

SUMMARY

I'm receiving an error when running the gcp_iam_service_account_key module. It creates an empty JSON key file and the task fails. Rerunning the task after deleting the empty file works and the file is created successfully.

ISSUE TYPE
  • Bug Report
COMPONENT NAME

gcp_iam_service_account_key

ANSIBLE VERSION
python 3.7.4
ansible 2.9.6
ansible 2.9.9
CONFIGURATION
ANSIBLE_SSH_CONTROL_PATH(/Users/bluo/repos/ansiblesite/ansible.cfg) = /tmp/%%h-%%r
DEFAULT_CALLBACK_WHITELIST(/Users/bluo/repos/ansiblesite/ansible.cfg) = ['datadog_callback']
DEFAULT_GATHERING(/Users/bluo/repos/ansiblesite/ansible.cfg) = smart
DEFAULT_MODULE_PATH(/Users/bluo/repos/ansiblesite/ansible.cfg) = ['/Users/bluo/repos/ansiblesite/playbooks/library']
HOST_KEY_CHECKING(/Users/bluo/repos/ansiblesite/ansible.cfg) = False
RETRY_FILES_SAVE_PATH(/Users/bluo/repos/ansiblesite/ansible.cfg) = /Users/bluo/.ansible/retry
OS / ENVIRONMENT

macOS Catalina 10.15.5

STEPS TO REPRODUCE

Run the playbook like directed in the instructions. The last task fails, delete the empty file, and rerun the task via debugger. File is created successfully.

- hosts: localhost
  connection: local
  gather_facts: no
  vars:
    auth_kind: serviceaccount
    sa_json: ~/.gcp_service_admin.json
  vars_prompt:
    - name: project_name
      private: no

  tasks:
    - name: get project name and append random numbers
      set_fact:
        project_id: "{{ project_name | lower | replace (' ', '') }}-{{ 100000 | random }}"
        service_account_display_name: "{{ project_name.replace(' ', '-') | lower }}"

    - name: create GCP project
      gcp_resourcemanager_project:
        name: "{{ project_name }}"
        id: "{{ project_id }}"
        auth_kind: "{{ auth_kind }}"
        service_account_file: "{{ sa_json }}"
        parent:
          type: organization
          id: "REDACTED"
        state: present
      debugger: always

    - name: create service account
      gcp_iam_service_account:
        name: "sa-{{ service_account_display_name }}@{{ project_id }}.iam.gserviceaccount.com"
        display_name: "{{ service_account_display_name }}"
        project: "{{ project_id }}"
        auth_kind: "{{ auth_kind }}"
        service_account_file: "{{ sa_json }}"
        state: present
      register: serviceaccount
      debugger: always

    - name: create service account key
      gcp_iam_service_account_key:
        service_account: "{{ serviceaccount }}"
        private_key_type: TYPE_GOOGLE_CREDENTIALS_FILE
        path: "~/sa-{{ service_account_display_name }}.json"
        project: "{{ project_id }}"
        auth_kind: "{{ auth_kind }}"
        service_account_file: "{{ sa_json }}"
        state: present
      debugger: on_failed
EXPECTED RESULTS

create a gcp project, create a service account, create a service key and have it saved on my computer

ACTUAL RESULTS

empty ~/sa-{{ service_account_display_name }}.json file and the task fails

The full traceback is:
Traceback (most recent call last):
  File "/Users/bluo/.ansible/tmp/ansible-tmp-1592427610.3913631-4932-201653545614182/AnsiballZ_gcp_iam_service_account_key.py", line 102, in <module>
    _ansiballz_main()
  File "/Users/bluo/.ansible/tmp/ansible-tmp-1592427610.3913631-4932-201653545614182/AnsiballZ_gcp_iam_service_account_key.py", line 94, in _ansiballz_main
    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
  File "/Users/bluo/.ansible/tmp/ansible-tmp-1592427610.3913631-4932-201653545614182/AnsiballZ_gcp_iam_service_account_key.py", line 40, in invoke_module
    runpy.run_module(mod_name='ansible.modules.cloud.google.gcp_iam_service_account_key', init_globals=None, run_name='__main__', alter_sys=True)
  File "/Users/bluo/anaconda3/lib/python3.7/runpy.py", line 205, in run_module
    return _run_module_code(code, init_globals, run_name, mod_spec)
  File "/Users/bluo/anaconda3/lib/python3.7/runpy.py", line 96, in _run_module_code
    mod_name, mod_spec, pkg_name, script_name)
  File "/Users/bluo/anaconda3/lib/python3.7/runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File "/var/folders/fz/m4s7z4p53fn_384hq601kn380000gn/T/ansible_gcp_iam_service_account_key_payload_b83tndte/ansible_gcp_iam_service_account_key_payload.zip/ansible/modules/cloud/google/gcp_iam_service_account_key.py", line 279, in <module>
  File "/var/folders/fz/m4s7z4p53fn_384hq601kn380000gn/T/ansible_gcp_iam_service_account_key_payload_b83tndte/ansible_gcp_iam_service_account_key_payload.zip/ansible/modules/cloud/google/gcp_iam_service_account_key.py", line 201, in main
  File "/var/folders/fz/m4s7z4p53fn_384hq601kn380000gn/T/ansible_gcp_iam_service_account_key_payload_b83tndte/ansible_gcp_iam_service_account_key_payload.zip/ansible/modules/cloud/google/gcp_iam_service_account_key.py", line 213, in create
TypeError: 'NoneType' object is not subscriptable
fatal: [localhost]: FAILED! => {
    "changed": false,
    "module_stderr": "Traceback (most recent call last):\n  File \"/Users/bluo/.ansible/tmp/ansible-tmp-1592427610.3913631-4932-201653545614182/AnsiballZ_gcp_iam_service_account_key.py\", line 102, in <module>\n    _ansiballz_main()\n  File \"/Users/bluo/.ansible/tmp/ansible-tmp-1592427610.3913631-4932-201653545614182/AnsiballZ_gcp_iam_service_account_key.py\", line 94, in _ansiballz_main\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n  File \"/Users/bluo/.ansible/tmp/ansible-tmp-1592427610.3913631-4932-201653545614182/AnsiballZ_gcp_iam_service_account_key.py\", line 40, in invoke_module\n    runpy.run_module(mod_name='ansible.modules.cloud.google.gcp_iam_service_account_key', init_globals=None, run_name='__main__', alter_sys=True)\n  File \"/Users/bluo/anaconda3/lib/python3.7/runpy.py\", line 205, in run_module\n    return _run_module_code(code, init_globals, run_name, mod_spec)\n  File \"/Users/bluo/anaconda3/lib/python3.7/runpy.py\", line 96, in _run_module_code\n    mod_name, mod_spec, pkg_name, script_name)\n  File \"/Users/bluo/anaconda3/lib/python3.7/runpy.py\", line 85, in _run_code\n    exec(code, run_globals)\n  File \"/var/folders/fz/m4s7z4p53fn_384hq601kn380000gn/T/ansible_gcp_iam_service_account_key_payload_b83tndte/ansible_gcp_iam_service_account_key_payload.zip/ansible/modules/cloud/google/gcp_iam_service_account_key.py\", line 279, in <module>\n  File \"/var/folders/fz/m4s7z4p53fn_384hq601kn380000gn/T/ansible_gcp_iam_service_account_key_payload_b83tndte/ansible_gcp_iam_service_account_key_payload.zip/ansible/modules/cloud/google/gcp_iam_service_account_key.py\", line 201, in main\n  File \"/var/folders/fz/m4s7z4p53fn_384hq601kn380000gn/T/ansible_gcp_iam_service_account_key_payload_b83tndte/ansible_gcp_iam_service_account_key_payload.zip/ansible/modules/cloud/google/gcp_iam_service_account_key.py\", line 213, in create\nTypeError: 'NoneType' object is not subscriptable\n",
    "module_stdout": "",
    "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
    "rc": 1
}
@bgrande12
Copy link
Author

Not sure how, but I'm not seeing this error anymore.

@bgandon
Copy link

bgandon commented Dec 12, 2023

I have the exact same error when providing an incorrect service_account.name param to the gcp_iam_service_account_key module.

The auth.post() request at line 258 returns 404, the json_content returned by return_if_object() is None, then the code fails like described above when doing json_content['privateKeyData'] because json_content is None.

See: https://github.com/ansible-collections/google.cloud/blob/811327b/plugins/modules/gcp_iam_service_account_key.py#L258-L260

@bgandon bgandon mentioned this issue Jan 22, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix error handling in creation of service account keys gstackio/google.cloud-ansible-collection
2 participants
@bgandon @bgrande12