security group create rule fail with `Security group rule already exists`

Summary

security group create fail with Security group rule already exists

Steps to reproduce

define security group:

openstack_security_groups:
  - name: "internal-comunication"
    description: "Allow all TCP,UDP and VRRP"
    rules:
      - port_range_min: -1
        port_range_max: -1
        protocol: 112
        direction: ingress
        remote_group: "internal-comunication"
      - port_range_min: -1
        port_range_max: -1
        protocol: tcp
        direction: ingress
        remote_group: "internal-comunication"
      - port_range_min: -1
        port_range_max: -1
        protocol: udp
        direction: ingress
        remote_group: "internal-comunication"

run security group create twice.

Expected behavior

role should not fail and not change anything

Actual behavior

role fails with error "Security group rule already exists"

Relevant logs and/or screenshots

TASK [openstack : create security rule with remote group] ******************************************************************************************************
Thursday 19 October 2017  15:22:58 +0200 (0:00:00.017)       0:00:21.379 ******
fatal: [openstack-client]: FAILED! => {"changed": false, "failed": true, "msg": "Error creating security group rule. (409) Client Error for url: https://cloud.task.gda.pl:9696/v2.0/security-group-rules.json Security group rule already exists. Rule id is 1ac57b4f-8e8f-4938-828b-2c6772301a2c."}

Possible fixes

it probably happen because we define port_range_min and port_range_max, and it should not be required in this case.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information