archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Make sure a default allow out rule exists if no other egress rules do

Browse Source 
Fixes #7027
reviewable/pr18780/r1
James Cammarata 11 years ago
parent afd0e78f16
commit 10923b1c11
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File

14
cloud/ec2_group
Unescape Escape View File

@ -313,6 +313,20 @@ def main():
src_group_id=grantGroup, src_group_id=grantGroup,
cidr_ip=ip) cidr_ip=ip)
changed = True changed = True
elif vpc_id and not module.check_mode:
# when using a vpc, but no egress rules are specified,
# we add in a default allow all out rule, which was the
# default behavior before egress rules were added
if 'out--1-None-None-None-0.0.0.0/0' not in groupRules:
ec2.authorize_security_group_egress(
group_id=group.id,
ip_protocol=-1,
from_port=None,
to_port=None,
src_group_id=None,
cidr_ip='0.0.0.0/0'
)
changed = True
# Finally, remove anything left in the groupRules -- these will be defunct rules # Finally, remove anything left in the groupRules -- these will be defunct rules
for rule in groupRules.itervalues(): for rule in groupRules.itervalues():

Write Preview
Loading…
Cancel
Save