make os_security_group_rule idempotent (#23707)

* Fix issue #19610
(cherry picked from commit 6b6e5665aa29e7cf8ff7a0d736239681c09ecb3d)

1 files changed, 11 insertions, 6 deletions

diff --git a/lib/ansible/modules/cloud/openstack/os_security_group_rule.py b/lib/ansible/modules/cloud/openstack/os_security_group_rule.py
index bf277b405c..7cbcd82d49 100644
--- a/lib/ansible/modules/cloud/openstack/os_security_group_rule.py
+++ b/lib/ansible/modules/cloud/openstack/os_security_group_rule.py
@@ -200,12 +200,17 @@ def _ports_match(protocol, module_min, module_max, rule_min, rule_max):
         if module_max and int(module_max) == -1:
             module_max = None
 
-    # Check if user is supplying None values for full TCP/UDP port range.
-    if protocol in ['tcp', 'udp'] and module_min is None and module_max is None:
-        if (rule_min and int(rule_min) == 1
-                and rule_max and int(rule_max) == 65535):
-            # (None, None) == (1, 65535)
-            return True
+    # Check if the user is supplying -1 or None values for full TPC/UDP port range.
+    if protocol in ['tcp', 'udp'] or protocol is None:
+        if module_min and module_max and int(module_min) == int(module_max) == -1:
+            module_min = None
+            module_max = None
+
+        if ((module_min is None and module_max is None) and
+                (rule_min and int(rule_min) == 1 and
+                    rule_max and int(rule_max) == 65535)):
+                    # (None, None) == (1, 65535)
+                    return True
 
     # Sanity check to make sure we don't have type comparison issues.
     if module_min: