fix refresh sg defect, normalize port ranges

modified: botoform/plugins/refresh.py modified: botoform/util.py
russellballestrini · Apr 6, 2017 · 717972b · 717972b
1 parent a19d31d
commit 717972b
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 7 deletions.
diff --git a/botoform/plugins/refresh.py b/botoform/plugins/refresh.py
@@ -1,6 +1,7 @@
 from botoform.util import (
   output_formatter,
-  key_value_to_dict
+  key_value_to_dict,
+  normalize_sg_rules,
 )
 
 from botoform.builders import EnvironmentBuilder
@@ -106,21 +107,28 @@ def security_groups(args, evpc):
     for sg_name in security_groups_config:
         config  = security_groups_config[sg_name]
         current = security_groups_current[sg_name]
-
-        to_add_inbound  = set(config.get('inbound', [])) - set(current.get('inbound',[]))
-        to_add_outbound = set(config.get('outbound', [])) - set(current.get('outbound',[]))
 
-        #print(to_add_inbound)
+        config_inbound   = set(normalize_sg_rules(config.get('inbound', [])))
+        current_inbound  = set(normalize_sg_rules(current.get('inbound', [])))
+
+        config_outbound  = set(normalize_sg_rules(config.get('outbound', [])))
+        current_outbound = set(normalize_sg_rules(current.get('outbound', [])))
+
+        to_add_inbound  = list(config_inbound - current_inbound)
+        to_add_outbound = list(config_outbound - current_outbound)
+
         #to_remove_inbound  = set(current.get('inbound', [])) - set(config.get('inbound',[]))
         #to_remove_outbound = set(current.get('outbound', [])) - set(config.get('outbound',[]))
 
         if len(to_add_inbound) != 0:
-            rules_to_add[sg_name]['inbound'] = list(to_add_inbound)
+            rules_to_add[sg_name]['inbound'] = to_add_inbound
+
         if len(to_add_outbound) != 0:
-            rules_to_add[sg_name]['outbound'] = list(to_add_outbound)
+            rules_to_add[sg_name]['outbound'] = to_add_outbound
 
     builder.security_group_rules(rules_to_add)
 
+
 refresh_subcommands = {
   'tags'            : tags,
   'private_zone'    : private_zone,

diff --git a/botoform/util.py b/botoform/util.py
@@ -361,6 +361,14 @@ def get_port_range(raw_range, ip_protocol='tcp'):
         port_range = [raw_range, raw_range]
     return tuple(map(int, port_range))
 
+def normalize_sg_rules(sg_rules):
+    """accept a list of security group rule tuples, return list with normalized port ranges."""
+    return [(rule[0], rule[1], normalize_sg_port(rule)) for rule in sg_rules]
+
+def normalize_sg_port(sg_rule_tuple):
+    """accept a security group rule tuple, return normalized port range."""
+    return get_port_range(sg_rule_tuple[2], sg_rule_tuple[1])
+
 def get_block_device_map_from_role_config(role_cfg):
     """accept role config data and return a Boto3 friendly BlockDeviceMappings."""
     block_device_map = []