Make group_name resolution VPC aware
EC2 Security Group names are unique given a VPC. When a group_name value is specified in a rule, if the group_name does not exist in the provided vpc_id it should create the group as per the documentation. The groups dictionary uses group_names as keys, so it is possible to find a group in another VPC with the name that is desired. This causes an error as the security group being acted on, and the security group referenced in the rule are in two different VPCs. To prevent this issue, we check to see if vpc_id is defined and if so check that VPCs match, else we treat the group as new.
This commit is contained in:
Shaun Brady
Matt Clay
parent
6339398e7c
commit
04199140c5
1 changed files with 1 additions and 1 deletions
|
|
@ -217,7 +217,7 @@ def get_target_from_rule(module, ec2, rule, name, group, groups, vpc_id):
|
||||||
group_id = group.id
|
group_id = group.id
|
||||||
groups[group_id] = group
|
groups[group_id] = group
|
||||||
groups[group_name] = group
|
groups[group_name] = group
|
||||||
elif group_name in groups:
|
elif group_name in groups and (vpc_id is None or groups[group_name].vpc_id == vpc_id):
|
||||||
group_id = groups[group_name].id
|
group_id = groups[group_name].id
|
||||||
else:
|
else:
|
||||||
if not rule.get('group_desc', '').strip():
|
if not rule.get('group_desc', '').strip():
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue