diff --git a/lib/ansible/modules/cloud/amazon/ec2_group.py b/lib/ansible/modules/cloud/amazon/ec2_group.py index 7d081a29620..edecc72ce34 100644 --- a/lib/ansible/modules/cloud/amazon/ec2_group.py +++ b/lib/ansible/modules/cloud/amazon/ec2_group.py @@ -114,11 +114,21 @@ except ImportError: sys.exit(1) +def make_rule_key(prefix, rule, group_id, cidr_ip): + """Creates a unique key for an individual group rule""" + if isinstance(rule, dict): + proto, from_port, to_port = (rule.get(x, None) for x in ('proto', 'from_port', 'to_port')) + else: # isinstance boto.ec2.securitygroup.IPPermissions + proto, from_port, to_port = (getattr(rule, x, None) for x in ('ip_protocol', 'from_port', 'to_port')) + + key = "%s-%s-%s-%s-%s-%s" % (prefix, proto, from_port, to_port, group_id, cidr_ip) + return key.lower().replace('-none', '-None') + + def addRulesToLookup(rules, prefix, dict): for rule in rules: for grant in rule.grants: - dict["%s-%s-%s-%s-%s-%s" % (prefix, rule.ip_protocol, rule.from_port, rule.to_port, - grant.group_id, grant.cidr_ip)] = rule + dict[make_rule_key(prefix, rule, grant.group_id, grant.cidr_ip)] = rule def get_target_from_rule(module, ec2, rule, name, group, groups, vpc_id): @@ -279,7 +289,7 @@ def main(): rule['to_port'] = None # If rule already exists, don't later delete it - ruleId = "%s-%s-%s-%s-%s-%s" % ('in', rule['proto'], rule['from_port'], rule['to_port'], group_id, ip) + ruleId = make_rule_key('in', rule, group_id, ip) if ruleId in groupRules: del groupRules[ruleId] # Otherwise, add new rule @@ -320,7 +330,7 @@ def main(): rule['to_port'] = None # If rule already exists, don't later delete it - ruleId = "%s-%s-%s-%s-%s-%s" % ('out', rule['proto'], rule['from_port'], rule['to_port'], group_id, ip) + ruleId = make_rule_key('out', rule, group_id, ip) if ruleId in groupRules: del groupRules[ruleId] # Otherwise, add new rule