Check mode fix for ec2_group module (#2184)

The default VPC egress rules was being left in the egress rules for
purging in check mode.  This ensures that the module returns the correct
change state during check mode.
This commit is contained in:
Shawn Siefkas 2016-08-02 15:01:48 -05:00 committed by Matt Clay
parent 3c2110215c
commit 66f1f6d537

View file

@ -430,20 +430,21 @@ def main():
src_group_id=grantGroup,
cidr_ip=thisip)
changed = True
elif vpc_id and not module.check_mode:
elif vpc_id:
# when using a vpc, but no egress rules are specified,
# we add in a default allow all out rule, which was the
# default behavior before egress rules were added
default_egress_rule = 'out--1-None-None-None-0.0.0.0/0'
if default_egress_rule not in groupRules:
ec2.authorize_security_group_egress(
group_id=group.id,
ip_protocol=-1,
from_port=None,
to_port=None,
src_group_id=None,
cidr_ip='0.0.0.0/0'
)
if not module.check_mode:
ec2.authorize_security_group_egress(
group_id=group.id,
ip_protocol=-1,
from_port=None,
to_port=None,
src_group_id=None,
cidr_ip='0.0.0.0/0'
)
changed = True
else:
# make sure the default egress rule is not removed