From 7b8d625546cab994f0c4e6ab95e58f14bf0df004 Mon Sep 17 00:00:00 2001
From: Shaun Brady <shaun.brady@nimbisservices.com>
Date: Thu, 28 Jul 2016 13:44:41 -0400
Subject: [PATCH] Make ec2_elb_lb respect VPCs when resolving groups

AWS security groups are unique by name only by VPC (Restated, the VPC
and group name form a unique key).

When attaching security groups to an ELB, the ec2_elb_lb module would
erroneously find security groups of the same name in other VPCs thus
causing an error stating as such.

To eliminate the error, we check that we are attaching subnets (implying
that we are in a VPC), grab the vpc_id of the 0th subnet, and filtering
the list of security groups on this VPC.  In other cases, no such filter
is applied (filters=None).
---
 lib/ansible/modules/cloud/amazon/ec2_elb_lb.py | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/lib/ansible/modules/cloud/amazon/ec2_elb_lb.py b/lib/ansible/modules/cloud/amazon/ec2_elb_lb.py
index 2d895990a27..2f9acfa7e9e 100644
--- a/lib/ansible/modules/cloud/amazon/ec2_elb_lb.py
+++ b/lib/ansible/modules/cloud/amazon/ec2_elb_lb.py
@@ -389,6 +389,7 @@ try:
     import boto
     import boto.ec2.elb
     import boto.ec2.elb.attributes
+    import boto.vpc
     from boto.ec2.elb.healthcheck import HealthCheck
     from boto.ec2.tag import Tag
     from boto.regioninfo import RegionInfo
@@ -417,6 +418,12 @@ def _throttleable_operation(max_retries):
         return _do_op
     return _operation_wrapper
 
+def _get_vpc_connection(module, region, aws_connect_params):
+    try:
+        return connect_to_aws(boto.vpc, region, **aws_connect_params)
+    except (boto.exception.NoAuthHandlerFound, AnsibleAWSError) as e:
+        module.fail_json(msg=str(e))
+
 
 _THROTTLING_RETRIES = 5
 
@@ -1288,7 +1295,13 @@ def main():
         security_group_ids = []
         try:
             ec2 = ec2_connect(module)
-            grp_details = ec2.get_all_security_groups()
+            if subnets: # We have at least one subnet, ergo this is a VPC
+                vpc_conn = _get_vpc_connection(module=module, region=region, aws_connect_params=aws_connect_params)
+                vpc_id = vpc_conn.get_all_subnets([subnets[0]])[0].vpc_id
+                filters = {'vpc_id': vpc_id}
+            else:
+                filters = None
+            grp_details = ec2.get_all_security_groups(filters=filters)
 
             for group_name in security_group_names:
                 if isinstance(group_name, basestring):