ec2_vpc_nacl fails when the VPC is configured with IPv6 (#49979)
* Issue #41079. Failed to apply rule if there is a default IPv6 NACL * Issue #41079. Failed to apply rule if there is a default IPv6 NACL * Issue #41079. Failed to apply rule if there is a default IPv6 NACL * Simplify logic to skip default deny-all rules * Simplify logic to skip default deny-all rules * Remove unnecessary tmp variables
This commit is contained in:
parent
a20d0d1afb
commit
1ec782900d
1 changed files with 2 additions and 15 deletions
|
@ -154,17 +154,6 @@ from ansible.module_utils.basic import AnsibleModule
|
||||||
from ansible.module_utils.ec2 import boto3_conn, ec2_argument_spec, get_aws_connection_info
|
from ansible.module_utils.ec2 import boto3_conn, ec2_argument_spec, get_aws_connection_info
|
||||||
|
|
||||||
|
|
||||||
# Common fields for the default rule that is contained within every VPC NACL.
|
|
||||||
DEFAULT_RULE_FIELDS = {
|
|
||||||
'RuleNumber': 32767,
|
|
||||||
'RuleAction': 'deny',
|
|
||||||
'CidrBlock': '0.0.0.0/0',
|
|
||||||
'Protocol': '-1'
|
|
||||||
}
|
|
||||||
|
|
||||||
DEFAULT_INGRESS = dict(list(DEFAULT_RULE_FIELDS.items()) + [('Egress', False)])
|
|
||||||
DEFAULT_EGRESS = dict(list(DEFAULT_RULE_FIELDS.items()) + [('Egress', True)])
|
|
||||||
|
|
||||||
# VPC-supported IANA protocol numbers
|
# VPC-supported IANA protocol numbers
|
||||||
# http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
|
# http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
|
||||||
PROTOCOL_NUMBERS = {'all': -1, 'icmp': 1, 'tcp': 6, 'udp': 17, }
|
PROTOCOL_NUMBERS = {'all': -1, 'icmp': 1, 'tcp': 6, 'udp': 17, }
|
||||||
|
@ -236,10 +225,8 @@ def nacls_changed(nacl, client, module):
|
||||||
nacl_id = nacl['NetworkAcls'][0]['NetworkAclId']
|
nacl_id = nacl['NetworkAcls'][0]['NetworkAclId']
|
||||||
nacl = describe_network_acl(client, module)
|
nacl = describe_network_acl(client, module)
|
||||||
entries = nacl['NetworkAcls'][0]['Entries']
|
entries = nacl['NetworkAcls'][0]['Entries']
|
||||||
tmp_egress = [entry for entry in entries if entry['Egress'] is True and DEFAULT_EGRESS != entry]
|
egress = [rule for rule in entries if rule['Egress'] is True and rule['RuleNumber'] < 32767]
|
||||||
tmp_ingress = [entry for entry in entries if entry['Egress'] is False]
|
ingress = [rule for rule in entries if rule['Egress'] is False and rule['RuleNumber'] < 32767]
|
||||||
egress = [rule for rule in tmp_egress if DEFAULT_EGRESS != rule]
|
|
||||||
ingress = [rule for rule in tmp_ingress if DEFAULT_INGRESS != rule]
|
|
||||||
if rules_changed(egress, params['egress'], True, nacl_id, client, module):
|
if rules_changed(egress, params['egress'], True, nacl_id, client, module):
|
||||||
changed = True
|
changed = True
|
||||||
if rules_changed(ingress, params['ingress'], False, nacl_id, client, module):
|
if rules_changed(ingress, params['ingress'], False, nacl_id, client, module):
|
||||||
|
|
Loading…
Reference in a new issue