Make sure the default ec2_group egress rule is not removed

Upon a second run, the default egress rule will be removed when a vpc is specified but no other egress rules were set. This patch corrects that behavior by removing the default egress rule from the list of unmatched outbound rules. Fixes #7309
2014-05-07 20:52:03 -05:00 · 2014-05-07 20:52:03 -05:00 · 713657d684
commit 713657d684
parent 77a47dbb2d
1 changed files with 5 additions and 1 deletions
--- a/library/cloud/ec2_group
+++ b/library/cloud/ec2_group
@ -317,7 +317,8 @@ def main():
            # when using a vpc, but no egress rules are specified, 
            # we add in a default allow all out rule, which was the
            # default behavior before egress rules were added
-            if 'out--1-None-None-None-0.0.0.0/0' not in groupRules:
+            default_egress_rule = 'out--1-None-None-None-0.0.0.0/0'
+            if default_egress_rule not in groupRules:
                ec2.authorize_security_group_egress(
                    group_id=group.id,
                    ip_protocol=-1,
@ -327,6 +328,9 @@ def main():
                    cidr_ip='0.0.0.0/0'
                )
                changed = True
+            else:
+                # make sure the default egress rule is not removed
+                del groupRules[default_egress_rule]

        # Finally, remove anything left in the groupRules -- these will be defunct rules
        for rule in groupRules.itervalues():