mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
Check mode fix for ec2_group module (#2184)
The default VPC egress rules was being left in the egress rules for purging in check mode. This ensures that the module returns the correct change state during check mode.
This commit is contained in:
Shawn Siefkas
Matt Clay
parent
3c2110215c
commit
66f1f6d537
1 changed files with 10 additions and 9 deletions
|
|
@ -430,20 +430,21 @@ def main():
|
||||||
src_group_id=grantGroup,
|
src_group_id=grantGroup,
|
||||||
cidr_ip=thisip)
|
cidr_ip=thisip)
|
||||||
changed = True
|
changed = True
|
||||||
elif vpc_id and not module.check_mode:
|
elif vpc_id:
|
||||||
# when using a vpc, but no egress rules are specified,
|
# when using a vpc, but no egress rules are specified,
|
||||||
# we add in a default allow all out rule, which was the
|
# we add in a default allow all out rule, which was the
|
||||||
# default behavior before egress rules were added
|
# default behavior before egress rules were added
|
||||||
default_egress_rule = 'out--1-None-None-None-0.0.0.0/0'
|
default_egress_rule = 'out--1-None-None-None-0.0.0.0/0'
|
||||||
if default_egress_rule not in groupRules:
|
if default_egress_rule not in groupRules:
|
||||||
ec2.authorize_security_group_egress(
|
if not module.check_mode:
|
||||||
group_id=group.id,
|
ec2.authorize_security_group_egress(
|
||||||
ip_protocol=-1,
|
group_id=group.id,
|
||||||
from_port=None,
|
ip_protocol=-1,
|
||||||
to_port=None,
|
from_port=None,
|
||||||
src_group_id=None,
|
to_port=None,
|
||||||
cidr_ip='0.0.0.0/0'
|
src_group_id=None,
|
||||||
)
|
cidr_ip='0.0.0.0/0'
|
||||||
|
)
|
||||||
changed = True
|
changed = True
|
||||||
else:
|
else:
|
||||||
# make sure the default egress rule is not removed
|
# make sure the default egress rule is not removed
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue