Merge pull request #698 from joelthompson/devel
ec2_group with purge_rules will purge too many rules.
This commit is contained in:
commit
c88259077e
1 changed files with 21 additions and 23 deletions
|
@ -128,7 +128,7 @@ def make_rule_key(prefix, rule, group_id, cidr_ip):
|
||||||
def addRulesToLookup(rules, prefix, dict):
|
def addRulesToLookup(rules, prefix, dict):
|
||||||
for rule in rules:
|
for rule in rules:
|
||||||
for grant in rule.grants:
|
for grant in rule.grants:
|
||||||
dict[make_rule_key(prefix, rule, grant.group_id, grant.cidr_ip)] = rule
|
dict[make_rule_key(prefix, rule, grant.group_id, grant.cidr_ip)] = (rule, grant)
|
||||||
|
|
||||||
|
|
||||||
def get_target_from_rule(module, ec2, rule, name, group, groups, vpc_id):
|
def get_target_from_rule(module, ec2, rule, name, group, groups, vpc_id):
|
||||||
|
@ -304,14 +304,13 @@ def main():
|
||||||
|
|
||||||
# Finally, remove anything left in the groupRules -- these will be defunct rules
|
# Finally, remove anything left in the groupRules -- these will be defunct rules
|
||||||
if purge_rules:
|
if purge_rules:
|
||||||
for rule in groupRules.itervalues() :
|
for (rule, grant) in groupRules.itervalues() :
|
||||||
for grant in rule.grants:
|
grantGroup = None
|
||||||
grantGroup = None
|
if grant.group_id:
|
||||||
if grant.group_id:
|
grantGroup = groups[grant.group_id]
|
||||||
grantGroup = groups[grant.group_id]
|
if not module.check_mode:
|
||||||
if not module.check_mode:
|
group.revoke(rule.ip_protocol, rule.from_port, rule.to_port, grant.cidr_ip, grantGroup)
|
||||||
group.revoke(rule.ip_protocol, rule.from_port, rule.to_port, grant.cidr_ip, grantGroup)
|
changed = True
|
||||||
changed = True
|
|
||||||
|
|
||||||
# Manage egress rules
|
# Manage egress rules
|
||||||
groupRules = {}
|
groupRules = {}
|
||||||
|
@ -369,20 +368,19 @@ def main():
|
||||||
|
|
||||||
# Finally, remove anything left in the groupRules -- these will be defunct rules
|
# Finally, remove anything left in the groupRules -- these will be defunct rules
|
||||||
if purge_rules_egress:
|
if purge_rules_egress:
|
||||||
for rule in groupRules.itervalues():
|
for (rule, grant) in groupRules.itervalues():
|
||||||
for grant in rule.grants:
|
grantGroup = None
|
||||||
grantGroup = None
|
if grant.group_id:
|
||||||
if grant.group_id:
|
grantGroup = groups[grant.group_id].id
|
||||||
grantGroup = groups[grant.group_id].id
|
if not module.check_mode:
|
||||||
if not module.check_mode:
|
ec2.revoke_security_group_egress(
|
||||||
ec2.revoke_security_group_egress(
|
group_id=group.id,
|
||||||
group_id=group.id,
|
ip_protocol=rule.ip_protocol,
|
||||||
ip_protocol=rule.ip_protocol,
|
from_port=rule.from_port,
|
||||||
from_port=rule.from_port,
|
to_port=rule.to_port,
|
||||||
to_port=rule.to_port,
|
src_group_id=grantGroup,
|
||||||
src_group_id=grantGroup,
|
cidr_ip=grant.cidr_ip)
|
||||||
cidr_ip=grant.cidr_ip)
|
changed = True
|
||||||
changed = True
|
|
||||||
|
|
||||||
if group:
|
if group:
|
||||||
module.exit_json(changed=changed, group_id=group.id)
|
module.exit_json(changed=changed, group_id=group.id)
|
||||||
|
|
Loading…
Reference in a new issue