EC2 Security Group - Validate parameters.
This commit is contained in:
parent
e286d1cb9a
commit
9b7de40922
1 changed files with 21 additions and 1 deletions
|
@ -127,7 +127,7 @@ def make_rule_key(prefix, rule, group_id, cidr_ip):
|
||||||
"""Creates a unique key for an individual group rule"""
|
"""Creates a unique key for an individual group rule"""
|
||||||
if isinstance(rule, dict):
|
if isinstance(rule, dict):
|
||||||
proto, from_port, to_port = [rule.get(x, None) for x in ('proto', 'from_port', 'to_port')]
|
proto, from_port, to_port = [rule.get(x, None) for x in ('proto', 'from_port', 'to_port')]
|
||||||
#fix for 11177
|
#fix for 11177
|
||||||
if proto not in ['icmp', 'tcp', 'udp'] and from_port == -1 and to_port == -1:
|
if proto not in ['icmp', 'tcp', 'udp'] and from_port == -1 and to_port == -1:
|
||||||
from_port = 'none'
|
from_port = 'none'
|
||||||
to_port = 'none'
|
to_port = 'none'
|
||||||
|
@ -145,6 +145,22 @@ def addRulesToLookup(rules, prefix, dict):
|
||||||
dict[make_rule_key(prefix, rule, grant.group_id, grant.cidr_ip)] = (rule, grant)
|
dict[make_rule_key(prefix, rule, grant.group_id, grant.cidr_ip)] = (rule, grant)
|
||||||
|
|
||||||
|
|
||||||
|
def validate_rule(module, rule):
|
||||||
|
VALID_PARAMS = ('cidr_ip',
|
||||||
|
'group_id', 'group_name', 'group_desc',
|
||||||
|
'proto', 'from_port', 'to_port')
|
||||||
|
for k in rule:
|
||||||
|
if k not in VALID_PARAMS:
|
||||||
|
module.fail_json(msg='Invalid rule parameter \'{}\''.format(k))
|
||||||
|
|
||||||
|
if 'group_id' in rule and 'cidr_ip' in rule:
|
||||||
|
module.fail_json(msg='Specify group_id OR cidr_ip, not both')
|
||||||
|
elif 'group_name' in rule and 'cidr_ip' in rule:
|
||||||
|
module.fail_json(msg='Specify group_name OR cidr_ip, not both')
|
||||||
|
elif 'group_id' in rule and 'group_name' in rule:
|
||||||
|
module.fail_json(msg='Specify group_id OR group_name, not both')
|
||||||
|
|
||||||
|
|
||||||
def get_target_from_rule(module, ec2, rule, name, group, groups, vpc_id):
|
def get_target_from_rule(module, ec2, rule, name, group, groups, vpc_id):
|
||||||
"""
|
"""
|
||||||
Returns tuple of (group_id, ip) after validating rule params.
|
Returns tuple of (group_id, ip) after validating rule params.
|
||||||
|
@ -308,6 +324,8 @@ def main():
|
||||||
# Now, go through all provided rules and ensure they are there.
|
# Now, go through all provided rules and ensure they are there.
|
||||||
if rules is not None:
|
if rules is not None:
|
||||||
for rule in rules:
|
for rule in rules:
|
||||||
|
validate_rule(module, rule)
|
||||||
|
|
||||||
group_id, ip, target_group_created = get_target_from_rule(module, ec2, rule, name, group, groups, vpc_id)
|
group_id, ip, target_group_created = get_target_from_rule(module, ec2, rule, name, group, groups, vpc_id)
|
||||||
if target_group_created:
|
if target_group_created:
|
||||||
changed = True
|
changed = True
|
||||||
|
@ -353,6 +371,8 @@ def main():
|
||||||
# Now, go through all provided rules and ensure they are there.
|
# Now, go through all provided rules and ensure they are there.
|
||||||
if rules_egress is not None:
|
if rules_egress is not None:
|
||||||
for rule in rules_egress:
|
for rule in rules_egress:
|
||||||
|
validate_rule(module, rule)
|
||||||
|
|
||||||
group_id, ip, target_group_created = get_target_from_rule(module, ec2, rule, name, group, groups, vpc_id)
|
group_id, ip, target_group_created = get_target_from_rule(module, ec2, rule, name, group, groups, vpc_id)
|
||||||
if target_group_created:
|
if target_group_created:
|
||||||
changed = True
|
changed = True
|
||||||
|
|
Loading…
Reference in a new issue