Security group egress ip permissions fix (#3250)

* Add support for Description in egress rule response * Update SecurityGroup default egress rule ip range * Remove extra commas * Remove extra commas * Lower docker package in Travis * Add more lambda vars per PR 3247 * Remove code added in 3247 * Add tests for egress rules with Descriptions * Reformat based on black Co-authored-by: spillin <jmbollard@me.com>
2020-08-26 08:27:45 -05:00 · 2020-08-26 08:27:45 -05:00 · 2a27e457bf
commit 2a27e457bf
parent f744356da7
3 changed files with 41 additions and 13 deletions
--- a/moto/ec2/models.py
+++ b/moto/ec2/models.py
@ -1866,7 +1866,9 @@ class SecurityGroup(TaggedEC2Resource, CloudFormationModel):
        self.name = name
        self.description = description
        self.ingress_rules = []
-        self.egress_rules = [SecurityRule("-1", None, None, ["0.0.0.0/0"], [])]
+        self.egress_rules = [
+            SecurityRule("-1", None, None, [{"CidrIp": "0.0.0.0/0"}], [])
+        ]
        self.enis = {}
        self.vpc_id = vpc_id
        self.owner_id = OWNER_ID
@ -2266,13 +2268,16 @@ class SecurityGroupBackend(object):
            if source_group:
                source_groups.append(source_group)

-        for ip in ip_ranges:
-            ip_ranges = [ip.get("CidrIp") if ip.get("CidrIp") == "0.0.0.0/0" else ip]
+        # I don't believe this is required after changing the default egress rule
+        # to be {'CidrIp': '0.0.0.0/0'} instead of just '0.0.0.0/0'
+        # Not sure why this would return only the IP if it was 0.0.0.0/0 instead of
+        # the ip_range?
+        # for ip in ip_ranges:
+        #     ip_ranges = [ip.get("CidrIp") if ip.get("CidrIp") == "0.0.0.0/0" else ip]

        security_rule = SecurityRule(
            ip_protocol, from_port, to_port, ip_ranges, source_groups
        )
-
        if security_rule in group.egress_rules:
            group.egress_rules.remove(security_rule)
            return security_rule
--- a/moto/ec2/responses/security_groups.py
+++ b/moto/ec2/responses/security_groups.py
@ -250,7 +250,10 @@ DESCRIBE_SECURITY_GROUPS_RESPONSE = (
                       <ipRanges>
                          {% for ip_range in rule.ip_ranges %}
                              <item>
-                                 <cidrIp>{{ ip_range }}</cidrIp>
+                                 <cidrIp>{{ ip_range['CidrIp'] }}</cidrIp>
+                                    {% if ip_range['Description'] %}
+                                        <description>{{ ip_range['Description'] }}</description>
+                                    {% endif %}
                              </item>
                          {% endfor %}
                       </ipRanges>