ec2: Allow EC2-VPC instances to modify security groups - fixes #18928 (#23831)

* Allow EC2-VPC instances to update SG

make ec2 pep8

* use sets instead of loop and a break

* bring things in an indentation level

* Use to_text instead of str, text_type instead of basestring, - instead of difference

* basestrings not unicode

* simplifying syntax
pull/25709/head
Sloane Hertel 8 years ago committed by Ryan Brown
parent 74842adc07
commit dfcf43efa9

@ -618,7 +618,8 @@ EXAMPLES = '''
import traceback import traceback
import time import time
from ast import literal_eval from ast import literal_eval
from ansible.module_utils.six import get_function_code from ansible.module_utils.six import get_function_code, string_types
from ansible.module_utils._text import to_text
from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ec2 import get_aws_connection_info, ec2_argument_spec, ec2_connect from ansible.module_utils.ec2 import get_aws_connection_info, ec2_argument_spec, ec2_connect
from distutils.version import LooseVersion from distutils.version import LooseVersion
@ -1395,6 +1396,8 @@ def startstop_instances(module, ec2, instance_ids, state, instance_tags):
wait_timeout = int(module.params.get('wait_timeout')) wait_timeout = int(module.params.get('wait_timeout'))
source_dest_check = module.params.get('source_dest_check') source_dest_check = module.params.get('source_dest_check')
termination_protection = module.params.get('termination_protection') termination_protection = module.params.get('termination_protection')
group_id = module.params.get('group_id')
group_name = module.params.get('group')
changed = False changed = False
instance_dict_array = [] instance_dict_array = []
@ -1441,6 +1444,24 @@ def startstop_instances(module, ec2, instance_ids, state, instance_tags):
inst.modify_attribute('disableApiTermination', termination_protection) inst.modify_attribute('disableApiTermination', termination_protection)
changed = True changed = True
# Check security groups and if we're using ec2-vpc; ec2-classic security groups may not be modified
if inst.vpc_id and group_name:
grp_details = ec2.get_all_security_groups(filters={'vpc_id': inst.vpc_id})
if isinstance(group_name, string_types):
group_name = [group_name]
unmatched = set(group_name) - set(to_text(grp.name) for grp in grp_details)
if unmatched:
module.fail_json(msg="The following group names are not valid: %s" % ', '.join(unmatched))
group_ids = [to_text(grp.id) for grp in grp_details if to_text(grp.name) in group_name]
elif inst.vpc_id and group_id:
if isinstance(group_id, string_types):
group_id = [group_id]
grp_details = ec2.get_all_security_groups(group_ids=group_id)
group_ids = [grp_item.id for grp_item in grp_details]
if inst.vpc_id and (group_name or group_id):
if set(sg.id for sg in inst.groups) != set(group_ids):
changed = inst.modify_attribute('groupSet', group_ids)
# Check instance state # Check instance state
if inst.state != state: if inst.state != state:
instance_dict_array.append(get_instance_info(inst)) instance_dict_array.append(get_instance_info(inst))
@ -1614,7 +1635,7 @@ def main():
['network_interfaces', 'group_id'], ['network_interfaces', 'group_id'],
['network_interfaces', 'private_ip'], ['network_interfaces', 'private_ip'],
['network_interfaces', 'vpc_subnet_id'], ['network_interfaces', 'vpc_subnet_id'],
], ],
) )
if not HAS_BOTO: if not HAS_BOTO:

@ -12,7 +12,6 @@ lib/ansible/modules/cloud/amazon/cloudformation_facts.py
lib/ansible/modules/cloud/amazon/cloudfront_facts.py lib/ansible/modules/cloud/amazon/cloudfront_facts.py
lib/ansible/modules/cloud/amazon/cloudwatchevent_rule.py lib/ansible/modules/cloud/amazon/cloudwatchevent_rule.py
lib/ansible/modules/cloud/amazon/dynamodb_table.py lib/ansible/modules/cloud/amazon/dynamodb_table.py
lib/ansible/modules/cloud/amazon/ec2.py
lib/ansible/modules/cloud/amazon/ec2_ami.py lib/ansible/modules/cloud/amazon/ec2_ami.py
lib/ansible/modules/cloud/amazon/ec2_ami_copy.py lib/ansible/modules/cloud/amazon/ec2_ami_copy.py
lib/ansible/modules/cloud/amazon/ec2_ami_find.py lib/ansible/modules/cloud/amazon/ec2_ami_find.py

Loading…
Cancel
Save