ec2_vpc_nacl fails when the VPC is configured with IPv6 (#49979)

* Issue #41079. Failed to apply rule if there is a default IPv6 NACL * Issue #41079. Failed to apply rule if there is a default IPv6 NACL * Issue #41079. Failed to apply rule if there is a default IPv6 NACL * Simplify logic to skip default deny-all rules * Simplify logic to skip default deny-all rules * Remove unnecessary tmp variables
7 years ago · 1ec782900d
parent a20d0d1afb
commit 1ec782900d
1 changed files with 2 additions and 15 deletions
--- a/lib/ansible/modules/cloud/amazon/ec2_vpc_nacl.py
+++ b/lib/ansible/modules/cloud/amazon/ec2_vpc_nacl.py
@ -154,17 +154,6 @@ from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.ec2 import boto3_conn, ec2_argument_spec, get_aws_connection_info


-# Common fields for the default rule that is contained within every VPC NACL.
-DEFAULT_RULE_FIELDS = {
-    'RuleNumber': 32767,
-    'RuleAction': 'deny',
-    'CidrBlock': '0.0.0.0/0',
-    'Protocol': '-1'
-}
-
-DEFAULT_INGRESS = dict(list(DEFAULT_RULE_FIELDS.items()) + [('Egress', False)])
-DEFAULT_EGRESS = dict(list(DEFAULT_RULE_FIELDS.items()) + [('Egress', True)])
-
 # VPC-supported IANA protocol numbers
 # http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
 PROTOCOL_NUMBERS = {'all': -1, 'icmp': 1, 'tcp': 6, 'udp': 17, }
@ -236,10 +225,8 @@ def nacls_changed(nacl, client, module):
    nacl_id = nacl['NetworkAcls'][0]['NetworkAclId']
    nacl = describe_network_acl(client, module)
    entries = nacl['NetworkAcls'][0]['Entries']
-    tmp_egress = [entry for entry in entries if entry['Egress'] is True and DEFAULT_EGRESS != entry]
-    tmp_ingress = [entry for entry in entries if entry['Egress'] is False]
-    egress = [rule for rule in tmp_egress if DEFAULT_EGRESS != rule]
-    ingress = [rule for rule in tmp_ingress if DEFAULT_INGRESS != rule]
+    egress = [rule for rule in entries if rule['Egress'] is True and rule['RuleNumber'] < 32767]
+    ingress = [rule for rule in entries if rule['Egress'] is False and rule['RuleNumber'] < 32767]
    if rules_changed(egress, params['egress'], True, nacl_id, client, module):
        changed = True
    if rules_changed(ingress, params['ingress'], False, nacl_id, client, module):