From eb61c3737c2dabff89bd453ee3cd0bf1567c510a Mon Sep 17 00:00:00 2001 From: James Cammarata Date: Wed, 7 May 2014 20:52:03 -0500 Subject: [PATCH] Make sure the default ec2_group egress rule is not removed Upon a second run, the default egress rule will be removed when a vpc is specified but no other egress rules were set. This patch corrects that behavior by removing the default egress rule from the list of unmatched outbound rules. Fixes #7309 --- cloud/ec2_group | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/cloud/ec2_group b/cloud/ec2_group index ac0389accaa..0a6b2a251e1 100644 --- a/cloud/ec2_group +++ b/cloud/ec2_group @@ -317,7 +317,8 @@ def main(): # when using a vpc, but no egress rules are specified, # we add in a default allow all out rule, which was the # default behavior before egress rules were added - if 'out--1-None-None-None-0.0.0.0/0' not in groupRules: + default_egress_rule = 'out--1-None-None-None-0.0.0.0/0' + if default_egress_rule not in groupRules: ec2.authorize_security_group_egress( group_id=group.id, ip_protocol=-1, @@ -327,6 +328,9 @@ def main(): cidr_ip='0.0.0.0/0' ) changed = True + else: + # make sure the default egress rule is not removed + del groupRules[default_egress_rule] # Finally, remove anything left in the groupRules -- these will be defunct rules for rule in groupRules.itervalues():