Bug fix for default network ACL entries (#2056)

* Fixed a bug where default network ACL entries could not be deleted. * Implemented throwing error when a network entry with the same rule number and egress value already exists. * Fixed syntax errors. * Added socket.timeout to possibly raised exceptions in wait_for for Python 3.
2019-05-26 03:02:14 +02:00 · 2019-05-26 03:02:14 +02:00 · 21917c4b93
commit 21917c4b93
parent 7271fb9391
4 changed files with 55 additions and 6 deletions
--- a/moto/ec2/exceptions.py
+++ b/moto/ec2/exceptions.py
@ -430,6 +430,15 @@ class OperationNotPermitted(EC2ClientError):
        )


+class NetworkAclEntryAlreadyExistsError(EC2ClientError):
+
+    def __init__(self, rule_number):
+        super(NetworkAclEntryAlreadyExistsError, self).__init__(
+            "NetworkAclEntryAlreadyExists",
+            "The network acl entry identified by {} already exists.".format(rule_number)
+        )
+
+
 class InvalidSubnetRangeError(EC2ClientError):

    def __init__(self, cidr_block):
--- a/moto/ec2/models.py
+++ b/moto/ec2/models.py
@ -76,6 +76,7 @@ from .exceptions import (
    MalformedDHCPOptionsIdError,
    MissingParameterError,
    MotoNotImplementedError,
+    NetworkAclEntryAlreadyExistsError,
    OperationNotPermitted,
    OperationNotPermitted2,
    OperationNotPermitted3,
@ -3664,10 +3665,10 @@ class NetworkAclBackend(object):

    def add_default_entries(self, network_acl_id):
        default_acl_entries = [
-            {'rule_number': 100, 'rule_action': 'allow', 'egress': 'true'},
-            {'rule_number': 32767, 'rule_action': 'deny', 'egress': 'true'},
-            {'rule_number': 100, 'rule_action': 'allow', 'egress': 'false'},
-            {'rule_number': 32767, 'rule_action': 'deny', 'egress': 'false'}
+            {'rule_number': "100", 'rule_action': 'allow', 'egress': 'true'},
+            {'rule_number': "32767", 'rule_action': 'deny', 'egress': 'true'},
+            {'rule_number': "100", 'rule_action': 'allow', 'egress': 'false'},
+            {'rule_number': "32767", 'rule_action': 'deny', 'egress': 'false'}
        ]
        for entry in default_acl_entries:
            self.create_network_acl_entry(network_acl_id=network_acl_id, rule_number=entry['rule_number'], protocol='-1',
@ -3698,12 +3699,14 @@ class NetworkAclBackend(object):
                                 icmp_code, icmp_type, port_range_from,
                                 port_range_to):

+        network_acl = self.get_network_acl(network_acl_id)
+        if any(entry.egress == egress and entry.rule_number == rule_number for entry in network_acl.network_acl_entries):
+            raise NetworkAclEntryAlreadyExistsError(rule_number)
        network_acl_entry = NetworkAclEntry(self, network_acl_id, rule_number,
                                            protocol, rule_action, egress,
                                            cidr_block, icmp_code, icmp_type,
                                            port_range_from, port_range_to)

-        network_acl = self.get_network_acl(network_acl_id)
        network_acl.network_acl_entries.append(network_acl_entry)
        return network_acl_entry