Fix comparison of determining which rules to purge by ignoring descriptions (#48443)

AWS uses rule type, protocol, port range, and source as an idempotent identifier. There can only be one rule with that unique combination. Rules that differ only by description are allowed but overwritten by AWS. Add a test Co-authored-by: Will Thames <will@thames.id.au>
2026-05-07 13:52:54 +00:00 · 2018-11-20 17:04:10 -05:00
parent 64bb54dab4
commit 54a2f21f93
2 changed files with 32 additions and 4 deletions
--- a/test/integration/targets/ec2_group/tasks/main.yml
+++ b/test/integration/targets/ec2_group/tasks/main.yml
@@ -1114,6 +1114,29 @@
          - 'result.changed'
      when: result.ip_permissions_egress[0].ip_ranges[0].description is undefined

+    # =========================================================================================
+    - name: add rules without descriptions ready for adding descriptions to existing rules
+      ec2_group:
+        name: '{{ec2_group_name}}'
+        description: '{{ec2_group_description}}'
+        <<: *aws_connection_info
+        vpc_id: '{{ vpc_result.vpc.id }}'
+        # purge the other rules so assertions work for the subsequent tests for rule descriptions
+        purge_rules_egress: true
+        purge_rules: true
+        state: present
+        rules:
+        - proto: "tcp"
+          ports:
+          - 8281
+          cidr_ipv6: 1001:d00::/24
+        rules_egress:
+        - proto: "tcp"
+          ports:
+          - 8282
+          cidr_ip: 2.2.2.2/32
+      register: result
+
    # ============================================================
    - name: test adding a rule and egress rule descriptions (expected changed=true)
      ec2_group:
@@ -1187,6 +1210,7 @@
      # compatibility with this feature.
      assert:
        that:
+          - 'result.ip_permissions | length > 0'
          - 'result.changed'
      when: result.ip_permissions_egress[0].ip_ranges[0].description is defined