From 04199140c5f089db8215aee4842d5987cf12e28d Mon Sep 17 00:00:00 2001 From: Shaun Brady Date: Wed, 27 Jul 2016 14:11:59 -0400 Subject: [PATCH] Make group_name resolution VPC aware EC2 Security Group names are unique given a VPC. When a group_name value is specified in a rule, if the group_name does not exist in the provided vpc_id it should create the group as per the documentation. The groups dictionary uses group_names as keys, so it is possible to find a group in another VPC with the name that is desired. This causes an error as the security group being acted on, and the security group referenced in the rule are in two different VPCs. To prevent this issue, we check to see if vpc_id is defined and if so check that VPCs match, else we treat the group as new. --- lib/ansible/modules/cloud/amazon/ec2_group.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/ansible/modules/cloud/amazon/ec2_group.py b/lib/ansible/modules/cloud/amazon/ec2_group.py index 2cdc033e9c..4ff24fc8dd 100644 --- a/lib/ansible/modules/cloud/amazon/ec2_group.py +++ b/lib/ansible/modules/cloud/amazon/ec2_group.py @@ -217,7 +217,7 @@ def get_target_from_rule(module, ec2, rule, name, group, groups, vpc_id): group_id = group.id groups[group_id] = group groups[group_name] = group - elif group_name in groups: + elif group_name in groups and (vpc_id is None or groups[group_name].vpc_id == vpc_id): group_id = groups[group_name].id else: if not rule.get('group_desc', '').strip():