Merge pull request #1398 from markocelan/devel
Added support for foreign security groups (Fixes: #373)
This commit is contained in:
commit
51fa223a0d
1 changed files with 21 additions and 0 deletions
|
@ -90,6 +90,14 @@ EXAMPLES = '''
|
||||||
from_port: 22
|
from_port: 22
|
||||||
to_port: 22
|
to_port: 22
|
||||||
cidr_ip: 10.0.0.0/8
|
cidr_ip: 10.0.0.0/8
|
||||||
|
- proto: tcp
|
||||||
|
from_port: 443
|
||||||
|
to_port: 443
|
||||||
|
group_id: amazon-elb/sg-87654321/amazon-elb-sg
|
||||||
|
- proto: tcp
|
||||||
|
from_port: 3306
|
||||||
|
to_port: 3306
|
||||||
|
group_id: 123412341234/sg-87654321/exact-name-of-sg
|
||||||
- proto: udp
|
- proto: udp
|
||||||
from_port: 10050
|
from_port: 10050
|
||||||
to_port: 10050
|
to_port: 10050
|
||||||
|
@ -113,6 +121,7 @@ EXAMPLES = '''
|
||||||
|
|
||||||
try:
|
try:
|
||||||
import boto.ec2
|
import boto.ec2
|
||||||
|
from boto.ec2.securitygroup import SecurityGroup
|
||||||
HAS_BOTO = True
|
HAS_BOTO = True
|
||||||
except ImportError:
|
except ImportError:
|
||||||
HAS_BOTO = False
|
HAS_BOTO = False
|
||||||
|
@ -148,6 +157,7 @@ def get_target_from_rule(module, ec2, rule, name, group, groups, vpc_id):
|
||||||
group_id or a non-None ip range.
|
group_id or a non-None ip range.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
FOREIGN_SECURITY_GROUP_REGEX = '^(\S+)/(sg-\S+)/(\S+)'
|
||||||
group_id = None
|
group_id = None
|
||||||
group_name = None
|
group_name = None
|
||||||
ip = None
|
ip = None
|
||||||
|
@ -158,6 +168,12 @@ def get_target_from_rule(module, ec2, rule, name, group, groups, vpc_id):
|
||||||
module.fail_json(msg="Specify group_name OR cidr_ip, not both")
|
module.fail_json(msg="Specify group_name OR cidr_ip, not both")
|
||||||
elif 'group_id' in rule and 'group_name' in rule:
|
elif 'group_id' in rule and 'group_name' in rule:
|
||||||
module.fail_json(msg="Specify group_id OR group_name, not both")
|
module.fail_json(msg="Specify group_id OR group_name, not both")
|
||||||
|
elif 'group_id' in rule and re.match(FOREIGN_SECURITY_GROUP_REGEX, rule['group_id']):
|
||||||
|
# this is a foreign Security Group. Since you can't fetch it you must create an instance of it
|
||||||
|
owner_id, group_id, group_name = re.match(FOREIGN_SECURITY_GROUP_REGEX, rule['group_id']).groups()
|
||||||
|
group_instance = SecurityGroup(owner_id=owner_id, name=group_name, id=group_id)
|
||||||
|
groups[group_id] = group_instance
|
||||||
|
groups[group_name] = group_instance
|
||||||
elif 'group_id' in rule:
|
elif 'group_id' in rule:
|
||||||
group_id = rule['group_id']
|
group_id = rule['group_id']
|
||||||
elif 'group_name' in rule:
|
elif 'group_name' in rule:
|
||||||
|
@ -319,6 +335,11 @@ def main():
|
||||||
for (rule, grant) in groupRules.itervalues() :
|
for (rule, grant) in groupRules.itervalues() :
|
||||||
grantGroup = None
|
grantGroup = None
|
||||||
if grant.group_id:
|
if grant.group_id:
|
||||||
|
if grant.owner_id != group.owner_id:
|
||||||
|
# this is a foreign Security Group. Since you can't fetch it you must create an instance of it
|
||||||
|
group_instance = SecurityGroup(owner_id=grant.owner_id, name=grant.name, id=grant.group_id)
|
||||||
|
groups[grant.group_id] = group_instance
|
||||||
|
groups[grant.name] = group_instance
|
||||||
grantGroup = groups[grant.group_id]
|
grantGroup = groups[grant.group_id]
|
||||||
if not module.check_mode:
|
if not module.check_mode:
|
||||||
group.revoke(rule.ip_protocol, rule.from_port, rule.to_port, grant.cidr_ip, grantGroup)
|
group.revoke(rule.ip_protocol, rule.from_port, rule.to_port, grant.cidr_ip, grantGroup)
|
||||||
|
|
Loading…
Reference in a new issue