Make sure the default ec2_group egress rule is not removed
Upon a second run, the default egress rule will be removed when a vpc is specified but no other egress rules were set. This patch corrects that behavior by removing the default egress rule from the list of unmatched outbound rules. Fixes #7309
This commit is contained in:
James Cammarata
parent
77a47dbb2d
commit
713657d684
1 changed files with 5 additions and 1 deletions
|
|
@ -317,7 +317,8 @@ def main():
|
||||||
# when using a vpc, but no egress rules are specified,
|
# when using a vpc, but no egress rules are specified,
|
||||||
# we add in a default allow all out rule, which was the
|
# we add in a default allow all out rule, which was the
|
||||||
# default behavior before egress rules were added
|
# default behavior before egress rules were added
|
||||||
if 'out--1-None-None-None-0.0.0.0/0' not in groupRules:
|
default_egress_rule = 'out--1-None-None-None-0.0.0.0/0'
|
||||||
|
if default_egress_rule not in groupRules:
|
||||||
ec2.authorize_security_group_egress(
|
ec2.authorize_security_group_egress(
|
||||||
group_id=group.id,
|
group_id=group.id,
|
||||||
ip_protocol=-1,
|
ip_protocol=-1,
|
||||||
|
|
@ -327,6 +328,9 @@ def main():
|
||||||
cidr_ip='0.0.0.0/0'
|
cidr_ip='0.0.0.0/0'
|
||||||
)
|
)
|
||||||
changed = True
|
changed = True
|
||||||
|
else:
|
||||||
|
# make sure the default egress rule is not removed
|
||||||
|
del groupRules[default_egress_rule]
|
||||||
|
|
||||||
# Finally, remove anything left in the groupRules -- these will be defunct rules
|
# Finally, remove anything left in the groupRules -- these will be defunct rules
|
||||||
for rule in groupRules.itervalues():
|
for rule in groupRules.itervalues():
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue