From 9efc3dc761413db1f58fa90822430b6209bff6ef Mon Sep 17 00:00:00 2001 From: Sloane Hertel Date: Thu, 27 Sep 2018 23:11:04 -0400 Subject: [PATCH] Fix ec2_group for EC2-Classic accounts (#46242) * Fix ec2_group for EC2-Classic accounts * changelog --- .../fragments/fix_ec2_group_vpc_precedence_classic.yaml | 7 +++++++ lib/ansible/modules/cloud/amazon/ec2_group.py | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 changelogs/fragments/fix_ec2_group_vpc_precedence_classic.yaml diff --git a/changelogs/fragments/fix_ec2_group_vpc_precedence_classic.yaml b/changelogs/fragments/fix_ec2_group_vpc_precedence_classic.yaml new file mode 100644 index 00000000000..e1c0a48ffca --- /dev/null +++ b/changelogs/fragments/fix_ec2_group_vpc_precedence_classic.yaml @@ -0,0 +1,7 @@ +--- +bugfixes: + - The patch fixing the regression of no longer preferring matching security + groups in the same VPC https://github.com/ansible/ansible/pull/45787 + (which was also backported to 2.6) broke EC2-Classic accounts. + https://github.com/ansible/ansible/pull/46242 removes the assumption that + security groups must be in a VPC. diff --git a/lib/ansible/modules/cloud/amazon/ec2_group.py b/lib/ansible/modules/cloud/amazon/ec2_group.py index 4bc53dd04aa..b266972b307 100644 --- a/lib/ansible/modules/cloud/amazon/ec2_group.py +++ b/lib/ansible/modules/cloud/amazon/ec2_group.py @@ -856,7 +856,7 @@ def group_exists(client, module, vpc_id, group_id, name): groups = dict((group['GroupId'], group) for group in all_groups) groups.update(dict((group['GroupName'], group) for group in all_groups)) if vpc_id: - vpc_wins = dict((group['GroupName'], group) for group in all_groups if group['VpcId'] == vpc_id) + vpc_wins = dict((group['GroupName'], group) for group in all_groups if group.get('VpcId') and group['VpcId'] == vpc_id) groups.update(vpc_wins) # maintain backwards compatibility by using the last matching group return security_groups[-1], groups