Make sure the default ec2_group egress rule is not removed

Upon a second run, the default egress rule will be removed when a
vpc is specified but no other egress rules were set. This patch
corrects that behavior by removing the default egress rule from the
list of unmatched outbound rules.

Fixes #7309
This commit is contained in:
James Cammarata 2014-05-07 20:52:03 -05:00
parent ae3e178bdf
commit eb61c3737c

View file

@ -317,7 +317,8 @@ def main():
# when using a vpc, but no egress rules are specified, # when using a vpc, but no egress rules are specified,
# we add in a default allow all out rule, which was the # we add in a default allow all out rule, which was the
# default behavior before egress rules were added # default behavior before egress rules were added
if 'out--1-None-None-None-0.0.0.0/0' not in groupRules: default_egress_rule = 'out--1-None-None-None-0.0.0.0/0'
if default_egress_rule not in groupRules:
ec2.authorize_security_group_egress( ec2.authorize_security_group_egress(
group_id=group.id, group_id=group.id,
ip_protocol=-1, ip_protocol=-1,
@ -327,6 +328,9 @@ def main():
cidr_ip='0.0.0.0/0' cidr_ip='0.0.0.0/0'
) )
changed = True changed = True
else:
# make sure the default egress rule is not removed
del groupRules[default_egress_rule]
# Finally, remove anything left in the groupRules -- these will be defunct rules # Finally, remove anything left in the groupRules -- these will be defunct rules
for rule in groupRules.itervalues(): for rule in groupRules.itervalues():