Skip to content

Commit

Permalink
ec2_security_group - fix diff mode issue when creating security group…
Browse files Browse the repository at this point in the history
… containing at least one rule with a managed prefix list (#2404)

SUMMARY
Closes #2373
ISSUE TYPE

Bugfix Pull Request

COMPONENT NAME

ec2_security_group

Reviewed-by: Alina Buzachis
(cherry picked from commit 6712ec6)
  • Loading branch information
abikouo authored and patchback[bot] committed Dec 13, 2024
1 parent 51f7a8e commit 00ab92d
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 5 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
---
minor_changes:
- ec2_security_group - Fix the diff mode issue when creating a security group containing a rule with a managed prefix list (https://github.com/ansible-collections/amazon.aws/issues/2373).
22 changes: 17 additions & 5 deletions plugins/modules/ec2_security_group.py
Original file line number Diff line number Diff line change
Expand Up @@ -1309,19 +1309,31 @@ def get_final_rules(client, module, security_group_rules, specified_rules, purge
elif rule.get("from_port") or rule.get("to_port"):
format_rule["from_port"] = rule.get("from_port", rule.get("to_port"))
format_rule["to_port"] = rule.get("to_port", rule.get("from_port"))
for source_type in ("cidr_ip", "cidr_ipv6", "prefix_list_id"):
for source_type in ("cidr_ip", "cidr_ipv6"):
if rule.get(source_type):
rule_key = {
"cidr_ip": "ip_ranges",
"cidr_ipv6": "ipv6_ranges",
"prefix_list_id": "prefix_list_ids",
}.get(source_type)
if not isinstance(rule[source_type], list):
rule[source_type] = [rule[source_type]]
if rule.get("rule_desc"):
format_rule[rule_key] = [{source_type: rule[source_type], "description": rule["rule_desc"]}]
format_rule[rule_key] = [
{source_type: target, "description": rule["rule_desc"]} for target in rule[source_type]
]
else:
if not isinstance(rule[source_type], list):
rule[source_type] = [rule[source_type]]
format_rule[rule_key] = [{source_type: target} for target in rule[source_type]]
# Prefix list (ansible option is 'ip_prefix')
if rule.get("ip_prefix"):
ip_prefix = rule["ip_prefix"]
if not isinstance(ip_prefix, list):
ip_prefix = [ip_prefix]
if rule.get("rule_desc"):
format_rule["prefix_list_ids"] = [
{"prefix_list_id": i, "description": rule["rule_desc"]} for i in ip_prefix
]
else:
format_rule["prefix_list_ids"] = [{"prefix_list_id": i} for i in ip_prefix]
if rule.get("group_id") or rule.get("group_name"):
# XXX bug - doesn't cope with a list of ids/names
rule_sg = group_exists(
Expand Down

0 comments on commit 00ab92d

Please sign in to comment.