Make group_name resolution VPC aware

EC2 Security Group names are unique given a VPC. When a group_name value is specified in a rule, if the group_name does not exist in the provided vpc_id it should create the group as per the documentation. The groups dictionary uses group_names as keys, so it is possible to find a group in another VPC with the name that is desired. This causes an error as the security group being acted on, and the security group referenced in the rule are in two different VPCs. To prevent this issue, we check to see if vpc_id is defined and if so check that VPCs match, else we treat the group as new.
8 years ago · 890bba6a0e
parent 24db4de245
commit 890bba6a0e
1 changed files with 1 additions and 1 deletions
--- a/cloud/amazon/ec2_group.py
+++ b/cloud/amazon/ec2_group.py
@ -213,7 +213,7 @@ def get_target_from_rule(module, ec2, rule, name, group, groups, vpc_id):
            group_id = group.id
            groups[group_id] = group
            groups[group_name] = group
-        elif group_name in groups:
+        elif group_name in groups and (vpc_id is None or groups[group_name].vpc_id == vpc_id):
            group_id = groups[group_name].id
        else:
            if not rule.get('group_desc', '').strip():