Skip to content

Commit

Permalink
Remove an unreachable code fragment in ec2_security_group (ansible-co…
Browse files Browse the repository at this point in the history
…llections#1348)

Remove an unreachable code fragment in ec2_security_group 

In file: ec2_security_group.py, method: ensure_present, a logical expression uses the identity operator. A new object is created inside the identity check operation and then used for matching identity. Since this is a distinct, new object, it will not have identity and match with anything else. As a result, the identity check will have a logical short circuit and the program may have unintended behavior.
I suggested that the logical operation should be done properly.

Reviewed-by: Mark Chappell
  • Loading branch information
openrefactory authored Feb 17, 2023
1 parent 3157004 commit 192b21d
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 10 deletions.
2 changes: 2 additions & 0 deletions changelogs/fragments/1348-remove-unreachable-code.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
bugfixes:
- ec2_security_group - file included unreachable code. Fix now removes unreachable code by removing an inapproproate logic (https://github.com/ansible-collections/amazon.aws/pull/1348).
14 changes: 4 additions & 10 deletions plugins/modules/ec2_security_group.py
Original file line number Diff line number Diff line change
Expand Up @@ -1450,16 +1450,10 @@ def ensure_present(module, client, group, groups):
revoke_ingress = []

if purge_rules_egress and module.params.get('rules_egress') is not None:
if module.params.get('rules_egress') is []:
revoke_egress = [
to_permission(r) for r in set(present_egress) - set(named_tuple_egress_list)
if r != Rule((None, None), '-1', '0.0.0.0/0', 'ipv4', None)
]
else:
revoke_egress = []
for p in present_egress:
if not any(rule_cmp(p, b) for b in named_tuple_egress_list):
revoke_egress.append(to_permission(p))
revoke_egress = []
for p in present_egress:
if not any(rule_cmp(p, b) for b in named_tuple_egress_list):
revoke_egress.append(to_permission(p))
else:
revoke_egress = []

Expand Down

0 comments on commit 192b21d

Please sign in to comment.