Merge pull request #51 from cewood/ec2-group/cidr-ip-list
Support specifying cidr_ip as a list
This commit is contained in:
Toshio Kuratomi
commit
42d3d02855
1 changed files with 40 additions and 30 deletions
|
|
@ -349,19 +349,24 @@ def main():
|
|||
rule['from_port'] = None
|
||||
rule['to_port'] = None
|
||||
|
||||
# If rule already exists, don't later delete it
|
||||
ruleId = make_rule_key('in', rule, group_id, ip)
|
||||
if ruleId in groupRules:
|
||||
del groupRules[ruleId]
|
||||
# Otherwise, add new rule
|
||||
else:
|
||||
grantGroup = None
|
||||
if group_id:
|
||||
grantGroup = groups[group_id]
|
||||
# Convert ip to list we can iterate over
|
||||
if not isinstance(ip, list):
|
||||
ip = [ip]
|
||||
|
||||
if not module.check_mode:
|
||||
group.authorize(rule['proto'], rule['from_port'], rule['to_port'], ip, grantGroup)
|
||||
changed = True
|
||||
# If rule already exists, don't later delete it
|
||||
for thisip in ip:
|
||||
ruleId = make_rule_key('in', rule, group_id, thisip)
|
||||
if ruleId in groupRules:
|
||||
del groupRules[ruleId]
|
||||
# Otherwise, add new rule
|
||||
else:
|
||||
grantGroup = None
|
||||
if group_id:
|
||||
grantGroup = groups[group_id]
|
||||
|
||||
if not module.check_mode:
|
||||
group.authorize(rule['proto'], rule['from_port'], rule['to_port'], thisip, grantGroup)
|
||||
changed = True
|
||||
|
||||
# Finally, remove anything left in the groupRules -- these will be defunct rules
|
||||
if purge_rules:
|
||||
|
|
@ -396,25 +401,30 @@ def main():
|
|||
rule['from_port'] = None
|
||||
rule['to_port'] = None
|
||||
|
||||
# If rule already exists, don't later delete it
|
||||
ruleId = make_rule_key('out', rule, group_id, ip)
|
||||
if ruleId in groupRules:
|
||||
del groupRules[ruleId]
|
||||
# Otherwise, add new rule
|
||||
else:
|
||||
grantGroup = None
|
||||
if group_id:
|
||||
grantGroup = groups[group_id].id
|
||||
# Convert ip to list we can iterate over
|
||||
if not isinstance(ip, list):
|
||||
ip = [ip]
|
||||
|
||||
if not module.check_mode:
|
||||
ec2.authorize_security_group_egress(
|
||||
group_id=group.id,
|
||||
ip_protocol=rule['proto'],
|
||||
from_port=rule['from_port'],
|
||||
to_port=rule['to_port'],
|
||||
src_group_id=grantGroup,
|
||||
cidr_ip=ip)
|
||||
changed = True
|
||||
# If rule already exists, don't later delete it
|
||||
for thisip in ip:
|
||||
ruleId = make_rule_key('out', rule, group_id, thisip)
|
||||
if ruleId in groupRules:
|
||||
del groupRules[ruleId]
|
||||
# Otherwise, add new rule
|
||||
else:
|
||||
grantGroup = None
|
||||
if group_id:
|
||||
grantGroup = groups[group_id].id
|
||||
|
||||
if not module.check_mode:
|
||||
ec2.authorize_security_group_egress(
|
||||
group_id=group.id,
|
||||
ip_protocol=rule['proto'],
|
||||
from_port=rule['from_port'],
|
||||
to_port=rule['to_port'],
|
||||
src_group_id=grantGroup,
|
||||
cidr_ip=thisip)
|
||||
changed = True
|
||||
elif vpc_id and not module.check_mode:
|
||||
# when using a vpc, but no egress rules are specified,
|
||||
# we add in a default allow all out rule, which was the
|
||||
|
|
|
|||
Loading…
Reference in a new issue