Support specifying cidr_ip as a list
Update/fix to Support specifying cidr_ip as a list Unicode isn't compatible with python2, so we needed some other solution to this problem. The simplest approach is if the ip item isn't already a list, simply convert it to one, and we're done. Thanks to @mspiegle for this suggestion.
This commit is contained in:
(@cewood)
Matt Clay
parent
1ba2e34ae1
commit
17b5d851f2
1 changed files with 40 additions and 30 deletions
|
|
@ -295,19 +295,24 @@ def main():
|
||||||
rule['from_port'] = None
|
rule['from_port'] = None
|
||||||
rule['to_port'] = None
|
rule['to_port'] = None
|
||||||
|
|
||||||
# If rule already exists, don't later delete it
|
# Convert ip to list we can iterate over
|
||||||
ruleId = make_rule_key('in', rule, group_id, ip)
|
if not isinstance(ip, list):
|
||||||
if ruleId in groupRules:
|
ip = [ip]
|
||||||
del groupRules[ruleId]
|
|
||||||
# Otherwise, add new rule
|
|
||||||
else:
|
|
||||||
grantGroup = None
|
|
||||||
if group_id:
|
|
||||||
grantGroup = groups[group_id]
|
|
||||||
|
|
||||||
if not module.check_mode:
|
# If rule already exists, don't later delete it
|
||||||
group.authorize(rule['proto'], rule['from_port'], rule['to_port'], ip, grantGroup)
|
for thisip in ip:
|
||||||
changed = True
|
ruleId = make_rule_key('in', rule, group_id, thisip)
|
||||||
|
if ruleId in groupRules:
|
||||||
|
del groupRules[ruleId]
|
||||||
|
# Otherwise, add new rule
|
||||||
|
else:
|
||||||
|
grantGroup = None
|
||||||
|
if group_id:
|
||||||
|
grantGroup = groups[group_id]
|
||||||
|
|
||||||
|
if not module.check_mode:
|
||||||
|
group.authorize(rule['proto'], rule['from_port'], rule['to_port'], thisip, grantGroup)
|
||||||
|
changed = True
|
||||||
|
|
||||||
# Finally, remove anything left in the groupRules -- these will be defunct rules
|
# Finally, remove anything left in the groupRules -- these will be defunct rules
|
||||||
if purge_rules:
|
if purge_rules:
|
||||||
|
|
@ -335,25 +340,30 @@ def main():
|
||||||
rule['from_port'] = None
|
rule['from_port'] = None
|
||||||
rule['to_port'] = None
|
rule['to_port'] = None
|
||||||
|
|
||||||
# If rule already exists, don't later delete it
|
# Convert ip to list we can iterate over
|
||||||
ruleId = make_rule_key('out', rule, group_id, ip)
|
if not isinstance(ip, list):
|
||||||
if ruleId in groupRules:
|
ip = [ip]
|
||||||
del groupRules[ruleId]
|
|
||||||
# Otherwise, add new rule
|
|
||||||
else:
|
|
||||||
grantGroup = None
|
|
||||||
if group_id:
|
|
||||||
grantGroup = groups[group_id].id
|
|
||||||
|
|
||||||
if not module.check_mode:
|
# If rule already exists, don't later delete it
|
||||||
ec2.authorize_security_group_egress(
|
for thisip in ip:
|
||||||
group_id=group.id,
|
ruleId = make_rule_key('out', rule, group_id, thisip)
|
||||||
ip_protocol=rule['proto'],
|
if ruleId in groupRules:
|
||||||
from_port=rule['from_port'],
|
del groupRules[ruleId]
|
||||||
to_port=rule['to_port'],
|
# Otherwise, add new rule
|
||||||
src_group_id=grantGroup,
|
else:
|
||||||
cidr_ip=ip)
|
grantGroup = None
|
||||||
changed = True
|
if group_id:
|
||||||
|
grantGroup = groups[group_id].id
|
||||||
|
|
||||||
|
if not module.check_mode:
|
||||||
|
ec2.authorize_security_group_egress(
|
||||||
|
group_id=group.id,
|
||||||
|
ip_protocol=rule['proto'],
|
||||||
|
from_port=rule['from_port'],
|
||||||
|
to_port=rule['to_port'],
|
||||||
|
src_group_id=grantGroup,
|
||||||
|
cidr_ip=thisip)
|
||||||
|
changed = True
|
||||||
elif vpc_id and not module.check_mode:
|
elif vpc_id and not module.check_mode:
|
||||||
# when using a vpc, but no egress rules are specified,
|
# when using a vpc, but no egress rules are specified,
|
||||||
# we add in a default allow all out rule, which was the
|
# we add in a default allow all out rule, which was the
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue