ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-07-22 12:50:22 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

[cloud] ec2_group fix CIDR with host bits set - fixes #25403 (#29605)

Browse source 
* WIP adds network subnetting functions

* adds functions to convert between netmask and masklen
* adds functions to verify netmask and masklen
* adds function to dtermine network and subnet from address / mask pair

* network_common: add a function to get the first 48 bits in a IPv6 address.

ec2_group: only use network bits of a CIDR.

* Add tests for CIDRs with host bits set.

* ec2_group: add warning if CIDR isn't the networking address.

* Fix pep8.

* Improve wording.

* fix import for network utils

* Update tests to use pytest instead of unittest

* add test for to_ipv6_network()

* Fix PEP8
This commit is contained in:
Sloane Hertel 2017-12-20 14:57:47 -05:00 committed by Ryan Brown
commit d877c146ab
4 changed files with 385 additions and 101 deletions
Download patch file Download diff file Expand all files Collapse all files

18
lib/ansible/modules/cloud/amazon/ec2_group.py
View file

@ -289,6 +289,7 @@ from ansible.module_utils.ec2 import camel_dict_to_snake_dict
from ansible.module_utils.ec2 import HAS_BOTO3
from ansible.module_utils.ec2 import boto3_tag_list_to_ansible_dict, ansible_dict_to_boto3_tag_list, compare_aws_tags
from ansible.module_utils.ec2 import AWSRetry
from ansible.module_utils.network.common.utils import to_ipv6_network, to_subnet
import traceback
try:
@ -521,7 +522,22 @@ def update_rules_description(module, client, rule_type, group_id, ip_permissions
def authorize_ip(type, changed, client, group, groupRules,
ip, ip_permission, module, rule, ethertype):
# If rule already exists, don't later delete it
for thisip in ip:
for this_ip in ip:
split_addr = this_ip.split('/')
if len(split_addr) == 2:
# this_ip is a IPv4 or IPv6 CIDR that may or may not have host bits set
# Get the network bits.
try:
thisip = to_subnet(split_addr[0], split_addr[1])
except ValueError:
thisip = to_ipv6_network(split_addr[0]) + "/" + split_addr[1]
if thisip != this_ip:
module.warn("One of your CIDR addresses ({0}) has host bits set. To get rid of this warning, "
"check the network mask and make sure that only network bits are set: {1}.".format(this_ip, thisip))
else:
thisip = this_ip
rule_id = make_rule_key(type, rule, group['GroupId'], thisip)
if rule_id in groupRules: