Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for ec2 security group egress rules #6602

Merged
merged 7 commits into from
Mar 28, 2014

Conversation

mmoya
Copy link
Contributor

@mmoya mmoya commented Mar 20, 2014

This patchset add support for egress rules in ec2 security groups. Patchset is split for easy reviewing. There are some minor differences with respect to #6416 and #6598.

Feedback welcome.

Suppose a pair of groups, A and B, depending on each other. One solution
for breaking the circular dependency at playbook level:

    - declare group A without dependencies
    - declare group B depending on A
    - declare group A depending on B

This patch breaks the dependency at module level. Whenever a depended-on
group is missing it's first created. This approach requires only two tasks:

    - declare group A depending on B (group B will be auto created)
    - declare group B depending on A

When creating a group EC2 requires you to pass the group description. In
order to fullfil this, rules now accept the `group_desc` param. Note
that group description can't be changed once the group is created so
it's nice to keep descriptions in sync.

Concrete example:

- ec2_group:
    name: mysql-client
    description: MySQL Client
    rules_egress:
      - proto: tcp
        from_port: 3306
        to_port: 3306
        group_name: mysql-server
        group_desc: MySQL Server

- ec2_group:
    name: mysql-server
    description: MySQL Server
    rules:
      - proto: tcp
        from_port: 3306
        to_port: 3306
        group_name: mysql-client
When a group is created, an egress_rule ALLOW ALL to 0.0.0.0/0 is added
automatically but it's not reflected in the object returned by the AWS API
call. After creation we re-read the group for getting an updated object.
@mpdehaan
Copy link
Contributor

So we have three of these now, #6602 #6416 and #6598

Obviously there's a lot of duplicate effort here, but can you all please get together and sort out which one of these you prefer and define any changes that need to be made?

@mpdehaan mpdehaan merged commit 6a92d48 into ansible:devel Mar 28, 2014
@mmoya mmoya deleted the aws-ec2-egress-rules branch March 30, 2014 17:34
@ansibot ansibot added feature This issue/PR relates to a feature request. and removed feature_pull_request labels Mar 4, 2018
@ansible ansible locked and limited conversation to collaborators Apr 24, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
cloud feature This issue/PR relates to a feature request.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants