New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

To ipv6 network #48572

Open
wants to merge 5 commits into
base: devel
from

Conversation

Projects
None yet
5 participants
@dgadmin

dgadmin commented Nov 12, 2018

SUMMARY

Corrected ec2_group IPv6 handling: use subnet address in firewall rules, not just public site prefix.

ISSUE TYPE
  • Bugfix Pull Request
COMPONENT NAME

ec2_group

ANSIBLE VERSION

Irrelevant to this patch:

ansible 2.7.1
  config file = /home/styopa/.ansible.cfg
  configured module search path = [u'/home/styopa/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/dist-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.15+ (default, Aug 31 2018, 11:56:52) [GCC 8.2.0]
ADDITIONAL INFORMATION

The function to_ipv6_network is used incorrectly in module ec2_group. The current implementation extracts public routable site address (48 bits) from the IPv6 address, not the subnet address (64 bits). Because of that, IPv6 subnets in EC2 firewall rules get chopped at 3 groups, e.g.:

2001:db8:abcd:ef00::/56 (typical subnet allocated by Amazon)

becomes incorrectly chopped to:

2001:db8:abcd::/56

I added a similar function to_ipv6_subnet, and updated ec2_group module to call it. The old function is not used anywhere else in Ansible, but I kept it for compatibility in case any 3-rd party module relies on it (which is still incorrect behavior).

This PR includes corrected testcases and code style.

styopa added some commits Nov 9, 2018

Corrected testcase assertion
64 bits make 8 octets, or 4 hextets
@dgadmin

This comment has been minimized.

dgadmin commented Nov 12, 2018

I tested this code in a live environment on EC2, and it produced correct result.

@ansibot

This comment has been minimized.

Contributor

ansibot commented Nov 12, 2018

Hi @dgadmin, thank you for submitting this pull-request!

click here for bot help

@ansibot

This comment has been minimized.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment