archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

[cloud]Ensure SGs in default VPCs get default egress rule (#38018)

Browse Source 
SGs created when a VPC ID was not specified would not necessarily
get the default egress rule, even when no explicit egress rules
were set.

Add some checks for egress rules in results from existing tests
pull/38063/head
Will Thames 7 years ago committed by Ryan Brown
parent 9dfb665e43
commit 98b29f8ad6
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File

2
lib/ansible/modules/cloud/amazon/ec2_group.py
Unescape Escape View File

@ -941,7 +941,7 @@ def main():
# If rule already exists, don't later delete it # If rule already exists, don't later delete it
changed, ip_permission = authorize_ip("out", changed, client, group, groupRules, ipv6, changed, ip_permission = authorize_ip("out", changed, client, group, groupRules, ipv6,
ip_permission, module, rule, "ipv6") ip_permission, module, rule, "ipv6")
elif vpc_id is not None: elif 'VpcId' in group:
# when no egress rules are specified and we're in a VPC, # when no egress rules are specified and we're in a VPC,
# we add in a default allow all out rule, which was the # we add in a default allow all out rule, which was the
# default behavior before egress rules were added # default behavior before egress rules were added

6
test/integration/targets/ec2_group/tasks/main.yml
Unescape Escape View File

@ -422,6 +422,8 @@
that: that:
- 'result.changed' - 'result.changed'
- 'result.group_id.startswith("sg-")' - 'result.group_id.startswith("sg-")'
- 'result.ip_permissions|length == 1'
- 'result.ip_permissions_egress|length == 1'
# ============================================================ # ============================================================
- name: add same rule to the existing group (expected changed=false) - name: add same rule to the existing group (expected changed=false)
@ -464,6 +466,7 @@
- result.ip_permissions|length == 2 - result.ip_permissions|length == 2
- result.ip_permissions[0].user_id_group_pairs or - result.ip_permissions[0].user_id_group_pairs or
result.ip_permissions[1].user_id_group_pairs result.ip_permissions[1].user_id_group_pairs
- 'result.ip_permissions_egress[0].ip_protocol == "-1"'
# ============================================================ # ============================================================
- name: test ip rules convert port numbers from string to int (expected changed=true) - name: test ip rules convert port numbers from string to int (expected changed=true)
@ -489,6 +492,9 @@
that: that:
- 'result.changed' - 'result.changed'
- 'result.group_id.startswith("sg-")' - 'result.group_id.startswith("sg-")'
- 'result.ip_permissions|length == 1'
- 'result.ip_permissions_egress[0].ip_protocol == "tcp"'
# ============================================================ # ============================================================
- name: test group rules convert port numbers from string to int (expected changed=true) - name: test group rules convert port numbers from string to int (expected changed=true)

Write Preview
Loading…
Cancel
Save