Check mode fix for ec2_group module (#2184)
The default VPC egress rules was being left in the egress rules for purging in check mode. This ensures that the module returns the correct change state during check mode.
This commit is contained in:
parent
3c2110215c
commit
66f1f6d537
1 changed files with 10 additions and 9 deletions
|
@ -430,20 +430,21 @@ def main():
|
|||
src_group_id=grantGroup,
|
||||
cidr_ip=thisip)
|
||||
changed = True
|
||||
elif vpc_id and not module.check_mode:
|
||||
elif vpc_id:
|
||||
# when using a vpc, but no egress rules are specified,
|
||||
# we add in a default allow all out rule, which was the
|
||||
# default behavior before egress rules were added
|
||||
default_egress_rule = 'out--1-None-None-None-0.0.0.0/0'
|
||||
if default_egress_rule not in groupRules:
|
||||
ec2.authorize_security_group_egress(
|
||||
group_id=group.id,
|
||||
ip_protocol=-1,
|
||||
from_port=None,
|
||||
to_port=None,
|
||||
src_group_id=None,
|
||||
cidr_ip='0.0.0.0/0'
|
||||
)
|
||||
if not module.check_mode:
|
||||
ec2.authorize_security_group_egress(
|
||||
group_id=group.id,
|
||||
ip_protocol=-1,
|
||||
from_port=None,
|
||||
to_port=None,
|
||||
src_group_id=None,
|
||||
cidr_ip='0.0.0.0/0'
|
||||
)
|
||||
changed = True
|
||||
else:
|
||||
# make sure the default egress rule is not removed
|
||||
|
|
Loading…
Reference in a new issue