diff options
| author | James Cammarata <jimi@sngx.net> | 2014-05-07 20:52:03 -0500 |
|---|---|---|
| committer | James Cammarata <jimi@sngx.net> | 2014-05-21 14:53:18 -0500 |
| commit | 0dabb37337556a664b4c982561231483e5269c8e (patch) | |
| tree | d531d420609534d08d84c5b67546675347df4c6d | |
| parent | 9a930fb481668cc7e1ac0b5b44eb97a92a8f31a7 (diff) | |
| download | ansible-0dabb37337556a664b4c982561231483e5269c8e.tar.gz | |
Make sure the default ec2_group egress rule is not removed
Upon a second run, the default egress rule will be removed when a
vpc is specified but no other egress rules were set. This patch
corrects that behavior by removing the default egress rule from the
list of unmatched outbound rules.
Fixes #7309
| -rw-r--r-- | library/cloud/ec2_group | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/library/cloud/ec2_group b/library/cloud/ec2_group index ac0389acca..0a6b2a251e 100644 --- a/library/cloud/ec2_group +++ b/library/cloud/ec2_group @@ -317,7 +317,8 @@ def main(): # when using a vpc, but no egress rules are specified, # we add in a default allow all out rule, which was the # default behavior before egress rules were added - if 'out--1-None-None-None-0.0.0.0/0' not in groupRules: + default_egress_rule = 'out--1-None-None-None-0.0.0.0/0' + if default_egress_rule not in groupRules: ec2.authorize_security_group_egress( group_id=group.id, ip_protocol=-1, @@ -327,6 +328,9 @@ def main(): cidr_ip='0.0.0.0/0' ) changed = True + else: + # make sure the default egress rule is not removed + del groupRules[default_egress_rule] # Finally, remove anything left in the groupRules -- these will be defunct rules for rule in groupRules.itervalues(): |