From 192b21dc4ef9ba03c2fe354825c78b8c5fea8086 Mon Sep 17 00:00:00 2001
From: "OpenRefactory, Inc" <56681071+openrefactory@users.noreply.github.com>
Date: Fri, 17 Feb 2023 15:14:45 -0800
Subject: [PATCH] Remove an unreachable code fragment in ec2_security_group 
 (#1348)

Remove an unreachable code fragment in ec2_security_group

In file: ec2_security_group.py, method: ensure_present, a logical expression uses the identity operator. A new object is created inside the identity check operation and then used for matching identity. Since this is a distinct, new object, it will not have identity and match with anything else. As a result, the identity check will have a logical short circuit and the program may have unintended behavior.
I suggested that the logical operation should be done properly.

Reviewed-by: Mark Chappell
---
 .../fragments/1348-remove-unreachable-code.yml     |  2 ++
 plugins/modules/ec2_security_group.py              | 14 ++++----------
 2 files changed, 6 insertions(+), 10 deletions(-)
 create mode 100644 changelogs/fragments/1348-remove-unreachable-code.yml

diff --git a/changelogs/fragments/1348-remove-unreachable-code.yml b/changelogs/fragments/1348-remove-unreachable-code.yml
new file mode 100644
index 00000000000..467520ba4bd
--- /dev/null
+++ b/changelogs/fragments/1348-remove-unreachable-code.yml
@@ -0,0 +1,2 @@
+bugfixes:
+- ec2_security_group - file included unreachable code. Fix now removes unreachable code by removing an inapproproate logic (https://github.com/ansible-collections/amazon.aws/pull/1348).
diff --git a/plugins/modules/ec2_security_group.py b/plugins/modules/ec2_security_group.py
index 28b4ca78adb..c8bc251d9b2 100644
--- a/plugins/modules/ec2_security_group.py
+++ b/plugins/modules/ec2_security_group.py
@@ -1450,16 +1450,10 @@ def ensure_present(module, client, group, groups):
         revoke_ingress = []
 
     if purge_rules_egress and module.params.get('rules_egress') is not None:
-        if module.params.get('rules_egress') is []:
-            revoke_egress = [
-                to_permission(r) for r in set(present_egress) - set(named_tuple_egress_list)
-                if r != Rule((None, None), '-1', '0.0.0.0/0', 'ipv4', None)
-            ]
-        else:
-            revoke_egress = []
-            for p in present_egress:
-                if not any(rule_cmp(p, b) for b in named_tuple_egress_list):
-                    revoke_egress.append(to_permission(p))
+        revoke_egress = []
+        for p in present_egress:
+            if not any(rule_cmp(p, b) for b in named_tuple_egress_list):
+                revoke_egress.append(to_permission(p))
     else:
         revoke_egress = []