New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
boto_secgroup.preset cannot create security group rule referencing a security group in another vpc #44290
Comments
@saltstack/team-boto can yall take a look at this? I am not sure if this should work or not. Thanks, |
If it "should not work", can you provide a reason why you do not want this logic in the module? |
Do you have the VPCs peered? You can only add secgroups cross-vpc, if they're peered. |
Definitely my bad, I wrote the vpc-peering state but did not run it. So in fact, the peering was not created on these new vpcs. I am getting an issue with boto_vpc.accept_vpc_peering_connection as shown below. When I go to run the following debug state:
I get the following returner:
The request state runs and I see the new "pending" connection on the account in the AWS console. But the "accept" connection is having an issue. This is the debug:
If you need me to create a new issue with this, I can. Then I can close out this issue once I have confirmed the secgroup state works properly with the vpc peering finished. |
Ah. I haven't worked on that code, so I'm not super familar with it. It looks like there's a bug with accepting the request, so it's probably a good idea to open a ticket specific to that. @tkwilliams is this a state you worked on? |
@ryan-lane - yah, that one is mine for sure. I know that it worked at one time :) but since I neglected to write unit tests for the bits I added, it appears a regression has crept in. It should be a quick fix if the only issue is a bool where it shouldn't be... I'll pop open the code after lunch and have a gander. |
@gtmanfred @ryan-lane Hooray, for a change this isn't my bug :) Currently, I'm running 2017.7.0 (plus a ton of local patches, but none of which touch this module) for reasons I won't go into. In my tree, I don't HAVE that buggy check -- mine is simply doing Git blame on the code I'm running gives
and looking at 2017.7.2 we see
Which to be completely honest confuses the heck out of me... That said, it appears to be a regression introduced by |
I guess we're leaving this open until @mwerickso can verify it fixes his error? |
Nah, I am ok with closing it, but github will automatically close it the next time we do a forward merge from 2017.7 to develop. The github close issue from pr keywords only work when the commit makes it into the main branch of the repository. https://help.github.com/articles/closing-issues-using-keywords/ for future reference. |
Description of Issue/Question
I am trying to create a security group using the boto_secgroup state that allows inbound traffic from a security group in another VPC.
Setup
I have the following debug state with source_group_group_id:
or the following state with source_group_name:
and I get the following error when running either one:
Steps to Reproduce Issue
I am able to create security groups without issues when the referenced source_group_name is in the same VPC as the new security group. This issue is only when the source group is in a different VPC. I am not familiar with the code enough to know where to fix the assumption that the source group is in the same VPC (if that is the issue).
Versions Report
The text was updated successfully, but these errors were encountered: