From a5a7c7cb8076dd50acf54ff441a8835d2bd3d0f3 Mon Sep 17 00:00:00 2001 From: Hendy Chen Date: Wed, 27 Mar 2019 03:02:25 +1100 Subject: [PATCH] [ec2_group] fix mutating rules which result in the warning message 'Ran out of time waiting for sg-xxx' (#53374) --- lib/ansible/modules/cloud/amazon/ec2_group.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/lib/ansible/modules/cloud/amazon/ec2_group.py b/lib/ansible/modules/cloud/amazon/ec2_group.py index 2d6f8e95409..df103fe6869 100644 --- a/lib/ansible/modules/cloud/amazon/ec2_group.py +++ b/lib/ansible/modules/cloud/amazon/ec2_group.py @@ -1145,6 +1145,12 @@ def main(): else: revoke_egress = [] + # named_tuple_ingress_list and named_tuple_egress_list got updated by + # method update_rule_descriptions, deep copy these two lists to new + # variables for the record of the 'desired' ingress and egress sg permissions + desired_ingress = deepcopy(named_tuple_ingress_list) + desired_egress = deepcopy(named_tuple_egress_list) + changed |= update_rule_descriptions(module, group['GroupId'], present_ingress, named_tuple_ingress_list, present_egress, named_tuple_egress_list) # Revoke old rules @@ -1162,7 +1168,8 @@ def main(): # When it is created we wait for the default egress rule to be added by AWS security_group = get_security_groups_with_backoff(client, GroupIds=[group['GroupId']])['SecurityGroups'][0] elif changed and not module.check_mode: - security_group = wait_for_rule_propagation(module, group, named_tuple_ingress_list, named_tuple_egress_list, purge_rules, purge_rules_egress) + # keep pulling until current security group rules match the desired ingress and egress rules + security_group = wait_for_rule_propagation(module, group, desired_ingress, desired_egress, purge_rules, purge_rules_egress) else: security_group = get_security_groups_with_backoff(client, GroupIds=[group['GroupId']])['SecurityGroups'][0] security_group = camel_dict_to_snake_dict(security_group, ignore_list=['Tags'])