ansible/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
Code Releases Activity

[cloud] Stop ec2_group module from authorizing duplicate rules (#24528)

Browse source
This commit is contained in:
Sloane Hertel 2017-05-12 14:54:25 -04:00 committed by Ryan Brown
parent 65f0668475
commit 822fcc566e
1 changed files with 15 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
lib/ansible/modules/cloud/amazon/ec2_group.py
View file

@ -171,6 +171,7 @@ EXAMPLES = '''
- sg-edcd9784 - sg-edcd9784
''' '''
import json
import re import re
import time import time
from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.basic import AnsibleModule
@ -187,6 +188,13 @@ except ImportError:
import traceback import traceback
def deduplicate_rules_args(rules):
"""Returns unique rules"""
if rules is None:
return None
return list(dict(zip((json.dumps(r, sort_keys=True) for r in rules), rules)).values())
def make_rule_key(prefix, rule, group_id, cidr_ip): def make_rule_key(prefix, rule, group_id, cidr_ip):
"""Creates a unique key for an individual group rule""" """Creates a unique key for an individual group rule"""
if isinstance(rule, dict): if isinstance(rule, dict):
@ -203,10 +211,10 @@ def make_rule_key(prefix, rule, group_id, cidr_ip):
return key.lower().replace('-none', '-None') return key.lower().replace('-none', '-None')
def addRulesToLookup(rules, prefix, dict): def addRulesToLookup(rules, prefix, rules_dict):
for rule in rules: for rule in rules:
for grant in rule.grants: for grant in rule.grants:
dict[make_rule_key(prefix, rule, grant.group_id, grant.cidr_ip)] = (rule, grant) rules_dict[make_rule_key(prefix, rule, grant.group_id, grant.cidr_ip)] = (rule, grant)
def validate_rule(module, rule): def validate_rule(module, rule):
@ -382,8 +390,8 @@ def main():
name = module.params['name'] name = module.params['name']
description = module.params['description'] description = module.params['description']
vpc_id = module.params['vpc_id'] vpc_id = module.params['vpc_id']
rules = rules_expand_sources(rules_expand_ports(module.params['rules'])) rules = deduplicate_rules_args(rules_expand_sources(rules_expand_ports(module.params['rules'])))
rules_egress = rules_expand_sources(rules_expand_ports(module.params['rules_egress'])) rules_egress = deduplicate_rules_args(rules_expand_sources(rules_expand_ports(module.params['rules_egress'])))
state = module.params.get('state') state = module.params.get('state')
purge_rules = module.params['purge_rules'] purge_rules = module.params['purge_rules']
purge_rules_egress = module.params['purge_rules_egress'] purge_rules_egress = module.params['purge_rules_egress']
@ -486,10 +494,7 @@ def main():
# If rule already exists, don't later delete it # If rule already exists, don't later delete it
for thisip in ip: for thisip in ip:
ruleId = make_rule_key('in', rule, group_id, thisip) ruleId = make_rule_key('in', rule, group_id, thisip)
if ruleId in groupRules: if ruleId not in groupRules:
del groupRules[ruleId]
# Otherwise, add new rule
else:
grantGroup = None grantGroup = None
if group_id: if group_id:
grantGroup = groups[group_id] grantGroup = groups[group_id]
@ -497,6 +502,8 @@ def main():
if not module.check_mode: if not module.check_mode:
group.authorize(rule['proto'], rule['from_port'], rule['to_port'], thisip, grantGroup) group.authorize(rule['proto'], rule['from_port'], rule['to_port'], thisip, grantGroup)
changed = True changed = True
else:
del groupRules[ruleId]
# Finally, remove anything left in the groupRules -- these will be defunct rules # Finally, remove anything left in the groupRules -- these will be defunct rules
if purge_rules: if purge_rules: