1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

ec2: Allow EC2-VPC instances to modify security groups - fixes #18928 (#23831)

* Allow EC2-VPC instances to update SG

make ec2 pep8

* use sets instead of loop and a break

* bring things in an indentation level

* Use to_text instead of str, text_type instead of basestring, - instead of difference

* basestrings not unicode

* simplifying syntax
This commit is contained in:
Sloane Hertel 2017-06-14 11:10:29 -04:00 committed by Ryan Brown
parent 74842adc07
commit dfcf43efa9
2 changed files with 23 additions and 3 deletions

View file

@ -618,7 +618,8 @@ EXAMPLES = '''
import traceback
import time
from ast import literal_eval
from ansible.module_utils.six import get_function_code
from ansible.module_utils.six import get_function_code, string_types
from ansible.module_utils._text import to_text
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ec2 import get_aws_connection_info, ec2_argument_spec, ec2_connect
from distutils.version import LooseVersion
@ -1395,6 +1396,8 @@ def startstop_instances(module, ec2, instance_ids, state, instance_tags):
wait_timeout = int(module.params.get('wait_timeout'))
source_dest_check = module.params.get('source_dest_check')
termination_protection = module.params.get('termination_protection')
group_id = module.params.get('group_id')
group_name = module.params.get('group')
changed = False
instance_dict_array = []
@ -1441,6 +1444,24 @@ def startstop_instances(module, ec2, instance_ids, state, instance_tags):
inst.modify_attribute('disableApiTermination', termination_protection)
changed = True
# Check security groups and if we're using ec2-vpc; ec2-classic security groups may not be modified
if inst.vpc_id and group_name:
grp_details = ec2.get_all_security_groups(filters={'vpc_id': inst.vpc_id})
if isinstance(group_name, string_types):
group_name = [group_name]
unmatched = set(group_name) - set(to_text(grp.name) for grp in grp_details)
if unmatched:
module.fail_json(msg="The following group names are not valid: %s" % ', '.join(unmatched))
group_ids = [to_text(grp.id) for grp in grp_details if to_text(grp.name) in group_name]
elif inst.vpc_id and group_id:
if isinstance(group_id, string_types):
group_id = [group_id]
grp_details = ec2.get_all_security_groups(group_ids=group_id)
group_ids = [grp_item.id for grp_item in grp_details]
if inst.vpc_id and (group_name or group_id):
if set(sg.id for sg in inst.groups) != set(group_ids):
changed = inst.modify_attribute('groupSet', group_ids)
# Check instance state
if inst.state != state:
instance_dict_array.append(get_instance_info(inst))
@ -1614,7 +1635,7 @@ def main():
['network_interfaces', 'group_id'],
['network_interfaces', 'private_ip'],
['network_interfaces', 'vpc_subnet_id'],
],
],
)
if not HAS_BOTO:

View file

@ -12,7 +12,6 @@ lib/ansible/modules/cloud/amazon/cloudformation_facts.py
lib/ansible/modules/cloud/amazon/cloudfront_facts.py
lib/ansible/modules/cloud/amazon/cloudwatchevent_rule.py
lib/ansible/modules/cloud/amazon/dynamodb_table.py
lib/ansible/modules/cloud/amazon/ec2.py
lib/ansible/modules/cloud/amazon/ec2_ami.py
lib/ansible/modules/cloud/amazon/ec2_ami_copy.py
lib/ansible/modules/cloud/amazon/ec2_ami_find.py