Make group_name resolution VPC aware

EC2 Security Group names are unique given a VPC.  When a group_name
value is specified in a rule, if the group_name does not exist in the
provided vpc_id it should create the group as per the documentation.

The groups dictionary uses group_names as keys, so it is possible to
find a group in another VPC with the name that is desired.  This causes
an error as the security group being acted on, and the security group
referenced in the rule are in two different VPCs.

To prevent this issue, we check to see if vpc_id is defined and if so
check that VPCs match, else we treat the group as new.
reviewable/pr18780/r1
Shaun Brady 8 years ago
parent 24db4de245
commit 890bba6a0e

@ -213,7 +213,7 @@ def get_target_from_rule(module, ec2, rule, name, group, groups, vpc_id):
group_id = group.id group_id = group.id
groups[group_id] = group groups[group_id] = group
groups[group_name] = group groups[group_name] = group
elif group_name in groups: elif group_name in groups and (vpc_id is None or groups[group_name].vpc_id == vpc_id):
group_id = groups[group_name].id group_id = groups[group_name].id
else: else:
if not rule.get('group_desc', '').strip(): if not rule.get('group_desc', '').strip():

Loading…
Cancel
Save