Check mode fix for ec2_group module (#2184)

The default VPC egress rules was being left in the egress rules for purging in check mode. This ensures that the module returns the correct change state during check mode.
2026-05-06 13:22:48 +00:00 · 2016-08-02 15:01:48 -05:00
parent 3c2110215c
commit 66f1f6d537
1 changed files with 10 additions and 9 deletions
--- a/lib/ansible/modules/cloud/amazon/ec2_group.py
+++ b/lib/ansible/modules/cloud/amazon/ec2_group.py
@@ -430,20 +430,21 @@ def main():
                                    src_group_id=grantGroup,
                                    cidr_ip=thisip)
                        changed = True
-        elif vpc_id and not module.check_mode:
+        elif vpc_id:
            # when using a vpc, but no egress rules are specified,
            # we add in a default allow all out rule, which was the
            # default behavior before egress rules were added
            default_egress_rule = 'out--1-None-None-None-0.0.0.0/0'
            if default_egress_rule not in groupRules:
-                ec2.authorize_security_group_egress(
-                    group_id=group.id,
-                    ip_protocol=-1,
-                    from_port=None,
-                    to_port=None,
-                    src_group_id=None,
-                    cidr_ip='0.0.0.0/0'
-                )
+                if not module.check_mode:
+                    ec2.authorize_security_group_egress(
+                        group_id=group.id,
+                        ip_protocol=-1,
+                        from_port=None,
+                        to_port=None,
+                        src_group_id=None,
+                        cidr_ip='0.0.0.0/0'
+                    )
                changed = True
            else:
                # make sure the default egress rule is not removed