EC2 Security Group - Validate parameters.

reviewable/pr18780/r1
Robert Estelle 10 years ago
parent e286d1cb9a
commit 9b7de40922

@ -145,6 +145,22 @@ def addRulesToLookup(rules, prefix, dict):
dict[make_rule_key(prefix, rule, grant.group_id, grant.cidr_ip)] = (rule, grant) dict[make_rule_key(prefix, rule, grant.group_id, grant.cidr_ip)] = (rule, grant)
def validate_rule(module, rule):
VALID_PARAMS = ('cidr_ip',
'group_id', 'group_name', 'group_desc',
'proto', 'from_port', 'to_port')
for k in rule:
if k not in VALID_PARAMS:
module.fail_json(msg='Invalid rule parameter \'{}\''.format(k))
if 'group_id' in rule and 'cidr_ip' in rule:
module.fail_json(msg='Specify group_id OR cidr_ip, not both')
elif 'group_name' in rule and 'cidr_ip' in rule:
module.fail_json(msg='Specify group_name OR cidr_ip, not both')
elif 'group_id' in rule and 'group_name' in rule:
module.fail_json(msg='Specify group_id OR group_name, not both')
def get_target_from_rule(module, ec2, rule, name, group, groups, vpc_id): def get_target_from_rule(module, ec2, rule, name, group, groups, vpc_id):
""" """
Returns tuple of (group_id, ip) after validating rule params. Returns tuple of (group_id, ip) after validating rule params.
@ -308,6 +324,8 @@ def main():
# Now, go through all provided rules and ensure they are there. # Now, go through all provided rules and ensure they are there.
if rules is not None: if rules is not None:
for rule in rules: for rule in rules:
validate_rule(module, rule)
group_id, ip, target_group_created = get_target_from_rule(module, ec2, rule, name, group, groups, vpc_id) group_id, ip, target_group_created = get_target_from_rule(module, ec2, rule, name, group, groups, vpc_id)
if target_group_created: if target_group_created:
changed = True changed = True
@ -353,6 +371,8 @@ def main():
# Now, go through all provided rules and ensure they are there. # Now, go through all provided rules and ensure they are there.
if rules_egress is not None: if rules_egress is not None:
for rule in rules_egress: for rule in rules_egress:
validate_rule(module, rule)
group_id, ip, target_group_created = get_target_from_rule(module, ec2, rule, name, group, groups, vpc_id) group_id, ip, target_group_created = get_target_from_rule(module, ec2, rule, name, group, groups, vpc_id)
if target_group_created: if target_group_created:
changed = True changed = True

Loading…
Cancel
Save