valitydev/salt
14
0
Fork 0
mirror of https://github.com/valitydev/salt.git synced 2024-11-08 09:23:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix issue in boto_secgroup state that caused rules to not be properly updated

Browse Source
This commit is contained in:
Ryan Lane 2014-12-19 12:29:13 -08:00
parent 28252ba0b8
commit 67f01999e2
1 changed files with 31 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
salt/states/boto_secgroup.py
View File

@ -1,6 +1,7 @@
# -*- coding: utf-8 -*-
'''
Manage Security Groups
======================
.. versionadded:: 2014.7.0
@ -183,6 +184,30 @@ def _security_group_present(
return ret
def _check_rule(rule, _rule):
'''
Check to see if two rules are the same. Needed to compare rules fetched
from boto, since they may not completely match rules defined in sls files
but may be functionally equivalent.
'''
if (rule['ip_protocol'] == _rule['ip_protocol'] and
rule['from_port'] == _rule['from_port'] and
rule['to_port'] == _rule['to_port']):
_cidr_ip = _rule.get('cidr_ip')
if _cidr_ip and _cidr_ip == rule.get('cidr_ip'):
return True
_owner_id = _rule.get('source_group_owner_id')
if _owner_id and _owner_id == rule.get('source_group_owner_id'):
return True
_group_id = _rule.get('source_group_group_id')
if _group_id and _group_id == rule.get('source_group_group_id'):
return True
_group_name = _rule.get('source_group_name')
if _group_name and _group_id == rule.get('source_group_name'):
return True
return False
def _get_rule_changes(rules, _rules):
'''
given a list of desired rules (rules) and existing rules (_rules) return
@ -196,8 +221,6 @@ def _get_rule_changes(rules, _rules):
for rule in rules:
try:
ip_protocol = rule.get('ip_protocol')
to_port = rule.get('to_port')
from_port = rule.get('from_port')
except KeyError:
raise SaltInvocationError('ip_protocol, to_port, and from_port are'
' required arguments for security group'
@ -209,7 +232,6 @@ def _get_rule_changes(rules, _rules):
cidr_ip = rule.get('cidr_ip', None)
group_name = rule.get('source_group_name', None)
group_id = rule.get('source_group_group_id', None)
owner_id = rule.get('source_group_owner_id', None)
if cidr_ip and (group_id or group_name):
raise SaltInvocationError('cidr_ip and source groups can not both'
' be specified in security group rules.')
@ -225,46 +247,24 @@ def _get_rule_changes(rules, _rules):
# for each rule in existing security group ruleset determine if
# new rule exists
for _rule in _rules:
if (ip_protocol == _rule['ip_protocol'] and
from_port == _rule['from_port'] and
to_port == _rule['to_port']):
_cidr_ip = _rule.get('cidr_ip', None)
_owner_id = _rule.get('source_group_owner_id', None)
_group_id = _rule.get('source_group_group_id', None)
_group_name = _rule.get('source_group_name', None)
if (cidr_ip == _cidr_ip or owner_id == _owner_id or
group_id == _group_id or group_name == _group_name):
if _check_rule(rule, _rule):
rule_found = True
break
if not rule_found:
to_create.append(rule)
# for each rule in existing security group configuration
# 1. determine if rules needed to be deleted
for _rule in _rules:
_ip_protocol = _rule.get('ip_protocol')
_to_port = _rule.get('to_port')
_from_port = _rule.get('from_port')
_cidr_ip = _rule.get('cidr_ip', None)
_owner_id = _rule.get('source_group_owner_id', None)
_group_id = _rule.get('source_group_group_id', None)
_group_name = _rule.get('source_group_name', None)
rule_found = False
for rule in rules:
cidr_ip = rule.get('cidr_ip', None)
group_name = rule.get('source_group_name', None)
group_id = rule.get('source_group_group_id', None)
owner_id = rule.get('source_group_owner_id', None)
if (rule['ip_protocol'] == _ip_protocol and
rule['from_port'] == _from_port and
rule['to_port'] == _to_port):
if (cidr_ip == _cidr_ip or owner_id == _owner_id or
group_id == _group_id or group_name == _group_name):
if _check_rule(rule, _rule):
rule_found = True
break
if not rule_found:
# Can only supply name or id, not both. Since we're deleting
# entries, it doesn't matter which we pick.
_rule.pop('source_group_name', None)
to_delete.append(_rule)
return (to_delete, to_create)