add security group ingress rules

2013-02-23 16:27:43 -05:00 · 2013-02-23 16:27:43 -05:00 · 1c8af2881a
commit 1c8af2881a
parent 31f992fbe5
3 changed files with 149 additions and 14 deletions
--- a/tests/test_ec2/test_security_groups.py
+++ b/tests/test_ec2/test_security_groups.py
@ -39,3 +39,48 @@ def test_deleting_security_groups():
    # Delete by group id
    conn.delete_security_group(security_group1.id)
    conn.get_all_security_groups().should.have.length_of(0)
+
+
+@mock_ec2
+def test_authorize_ip_range_and_revoke():
+    conn = boto.connect_ec2('the_key', 'the_secret')
+    security_group = conn.create_security_group('test', 'test')
+
+    success = security_group.authorize(ip_protocol="tcp", from_port="22", to_port="2222", cidr_ip="123.123.123.123/32")
+    assert success.should.be.true
+
+    security_group = conn.get_all_security_groups()[0]
+    int(security_group.rules[0].to_port).should.equal(2222)
+    security_group.rules[0].grants[0].cidr_ip.should.equal("123.123.123.123/32")
+
+    # Wrong Cidr should throw error
+    security_group.revoke.when.called_with(ip_protocol="tcp", from_port="22", to_port="2222", cidr_ip="123.123.123.122/32").should.throw(EC2ResponseError)
+
+    # Actually revoke
+    security_group.revoke(ip_protocol="tcp", from_port="22", to_port="2222", cidr_ip="123.123.123.123/32")
+
+    security_group = conn.get_all_security_groups()[0]
+    security_group.rules.should.have.length_of(0)
+
+@mock_ec2
+def test_authorize_other_group_and_revoke():
+    conn = boto.connect_ec2('the_key', 'the_secret')
+    security_group = conn.create_security_group('test', 'test')
+    other_security_group = conn.create_security_group('other', 'other')
+    wrong_group = conn.create_security_group('wrong', 'wrong')
+
+    success = security_group.authorize(ip_protocol="tcp", from_port="22", to_port="2222", src_group=other_security_group)
+    assert success.should.be.true
+
+    security_group = [group for group in conn.get_all_security_groups() if group.name == 'test'][0]
+    int(security_group.rules[0].to_port).should.equal(2222)
+    security_group.rules[0].grants[0].group_id.should.equal(other_security_group.id)
+
+    # Wrong source group should throw error
+    security_group.revoke.when.called_with(ip_protocol="tcp", from_port="22", to_port="2222", src_group=wrong_group).should.throw(EC2ResponseError)
+
+    # Actually revoke
+    security_group.revoke(ip_protocol="tcp", from_port="22", to_port="2222", src_group=other_security_group)
+
+    security_group = [group for group in conn.get_all_security_groups() if group.name == 'test'][0]
+    security_group.rules.should.have.length_of(0)