Skip to content

Commit 9949609

Browse files
jinyoungmoonDEVjinyoungmoonDEV
committed
fix: fix EC2>Instance Security Group
Duplicate Issues
1 parent df60c03 commit 9949609

File tree

2 files changed

+39
-31
lines changed

2 files changed

+39
-31
lines changed

src/plugin/manager/ec2/instance_manager.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -145,6 +145,7 @@ def create_cloud_service(
145145
for security_group in instance.get("SecurityGroups", [])
146146
if security_group.get("GroupId") is not None
147147
]
148+
148149
sg_rules_vos = sg_manager.get_security_group_info(sg_ids, sgs)
149150

150151
if disk_vos:

src/plugin/manager/ec2_server/security_group_manager.py

Lines changed: 38 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -32,39 +32,30 @@ def get_security_group_info(self, security_group_ids, security_groups):
3232
)
3333

3434
for match_sg in match_security_groups:
35-
# INBOUND
36-
for inbound_rule in match_sg.get("IpPermissions", []):
37-
sg_data = self.set_sg_base_data(match_sg, "inbound", inbound_rule)
38-
for ip_range in inbound_rule.get("IpRanges", []):
39-
sg_data.update(self.set_ip_range_data(ip_range))
40-
sg.append(sg_data)
41-
for group_pair in inbound_rule.get("UserIdGroupPairs", []):
42-
sg_data.update(self.set_group_pairs_data(group_pair))
43-
sg.append(sg_data)
44-
for _ip_v6_range in inbound_rule.get("Ipv6Ranges", []):
45-
sg_data.update(self.set_group_pairs_data(_ip_v6_range))
46-
sg.append(sg_data)
47-
for prefix_list_id in inbound_rule.get("PrefixListIds", []):
48-
sg_data.update(self.set_group_pairs_data(prefix_list_id))
49-
sg.append(sg_data)
50-
51-
# OUTBOUND
52-
for outbound_rules in match_sg.get("IpPermissionsEgress", []):
53-
sg_data = self.set_sg_base_data(match_sg, "outbound", outbound_rules)
54-
for ip_range in outbound_rules.get("IpRanges", []):
55-
sg_data.update(self.set_ip_range_data(ip_range))
56-
sg.append(sg_data)
57-
for group_pair in outbound_rules.get("UserIdGroupPairs", []):
58-
sg_data.update(self.set_group_pairs_data(group_pair))
59-
sg.append(sg_data)
60-
for _ip_v6_range in outbound_rules.get("Ipv6Ranges", []):
61-
sg_data.update(self.set_group_pairs_data(_ip_v6_range))
62-
sg.append(sg_data)
63-
for prefix_list_id in outbound_rules.get("PrefixListIds", []):
64-
sg_data.update(self.set_group_pairs_data(prefix_list_id))
65-
sg.append(sg_data)
35+
sg.extend(self._process_rules(match_sg, "inbound", match_sg.get("IpPermissions", [])))
36+
sg.extend(self._process_rules(match_sg, "outbound", match_sg.get("IpPermissionsEgress", [])))
6637
return sg
6738

39+
def _process_rules(self, match_sg, direction, rules):
40+
processed_rules = []
41+
for rule in rules:
42+
sg_data = self.set_sg_base_data(match_sg, direction, rule)
43+
44+
rule_processors = {
45+
"IpRanges": self.set_ip_range_data,
46+
"UserIdGroupPairs": self.set_group_pairs_data,
47+
"Ipv6Ranges": self.set_ip_v6_range_data,
48+
"PrefixListIds": self.set_prefix_list_id_data
49+
}
50+
51+
for rule_type, processor in rule_processors.items():
52+
for item in rule.get(rule_type, []):
53+
sg_copy = sg_data.copy()
54+
sg_copy.update(processor(item))
55+
processed_rules.append(sg_copy)
56+
57+
return processed_rules
58+
6859
def set_sg_base_data(self, sg, direction, rule):
6960
sg_data = {
7061
"direction": direction,
@@ -98,6 +89,22 @@ def set_group_pairs_data(group_pair):
9889
"description": group_pair.get("Description", ""),
9990
}
10091

92+
@staticmethod
93+
def set_ip_v6_range_data(group_pair):
94+
return {
95+
"remote_id": group_pair.get("CidrIpv6"),
96+
"remote": group_pair.get("CidrIpv6"),
97+
"description": group_pair.get("Description", ""),
98+
}
99+
100+
@staticmethod
101+
def set_prefix_list_id_data(group_pair):
102+
return {
103+
"remote_id": group_pair.get("PrefixListId"),
104+
"remote": group_pair.get("PrefixListId"),
105+
"description": group_pair.get("Description", ""),
106+
}
107+
101108
@staticmethod
102109
def match_security_group_from_ids(sg_ids, security_groups):
103110
return [

0 commit comments

Comments
 (0)