Security group egress ip permissions fix (#3250)

* Add support for Description in egress rule response * Update SecurityGroup default egress rule ip range * Remove extra commas * Remove extra commas * Lower docker package in Travis * Add more lambda vars per PR 3247 * Remove code added in 3247 * Add tests for egress rules with Descriptions * Reformat based on black Co-authored-by: spillin <jmbollard@me.com>
2020-08-26 08:27:45 -05:00 · 2020-08-26 08:27:45 -05:00 · 2a27e457bf
commit 2a27e457bf
parent f744356da7
3 changed files with 41 additions and 13 deletions
--- a/tests/test_ec2/test_security_groups.py
+++ b/tests/test_ec2/test_security_groups.py
@ -275,8 +275,9 @@ def test_authorize_ip_range_and_revoke():
    int(egress_security_group.rules_egress[1].to_port).should.equal(2222)
    actual_cidr = egress_security_group.rules_egress[1].grants[0].cidr_ip
    # Deal with Python2 dict->unicode, instead of dict->string
-    actual_cidr = json.loads(actual_cidr.replace("u'", "'").replace("'", '"'))
-    actual_cidr.should.equal({"CidrIp": "123.123.123.123/32"})
+    if type(actual_cidr) == "unicode":
+        actual_cidr = json.loads(actual_cidr.replace("u'", "'").replace("'", '"'))
+    actual_cidr.should.equal("123.123.123.123/32")

    # Wrong Cidr should throw error
    egress_security_group.revoke.when.called_with(
@ -810,7 +811,9 @@ def test_authorize_and_revoke_in_bulk():
    sg03 = ec2.create_security_group(
        GroupName="sg03", Description="Test security group sg03"
    )
-
+    sg04 = ec2.create_security_group(
+        GroupName="sg04", Description="Test security group sg04"
+    )
    ip_permissions = [
        {
            "IpProtocol": "tcp",
@ -835,13 +838,31 @@ def test_authorize_and_revoke_in_bulk():
            "UserIdGroupPairs": [{"GroupName": "sg03", "UserId": sg03.owner_id}],
            "IpRanges": [],
        },
+        {
+            "IpProtocol": "tcp",
+            "FromPort": 27015,
+            "ToPort": 27015,
+            "UserIdGroupPairs": [{"GroupName": "sg04", "UserId": sg04.owner_id}],
+            "IpRanges": [
+                {"CidrIp": "10.10.10.0/24", "Description": "Some Description"}
+            ],
+        },
+        {
+            "IpProtocol": "tcp",
+            "FromPort": 27016,
+            "ToPort": 27016,
+            "UserIdGroupPairs": [{"GroupId": sg04.id, "UserId": sg04.owner_id}],
+            "IpRanges": [{"CidrIp": "10.10.10.0/24"}],
+        },
    ]
    expected_ip_permissions = copy.deepcopy(ip_permissions)
    expected_ip_permissions[1]["UserIdGroupPairs"][0]["GroupName"] = "sg02"
    expected_ip_permissions[2]["UserIdGroupPairs"][0]["GroupId"] = sg03.id
+    expected_ip_permissions[3]["UserIdGroupPairs"][0]["GroupId"] = sg04.id
+    expected_ip_permissions[4]["UserIdGroupPairs"][0]["GroupName"] = "sg04"

    sg01.authorize_ingress(IpPermissions=ip_permissions)
-    sg01.ip_permissions.should.have.length_of(3)
+    sg01.ip_permissions.should.have.length_of(5)
    for ip_permission in expected_ip_permissions:
        sg01.ip_permissions.should.contain(ip_permission)

@ -851,7 +872,7 @@ def test_authorize_and_revoke_in_bulk():
        sg01.ip_permissions.shouldnt.contain(ip_permission)

    sg01.authorize_egress(IpPermissions=ip_permissions)
-    sg01.ip_permissions_egress.should.have.length_of(4)
+    sg01.ip_permissions_egress.should.have.length_of(6)
    for ip_permission in expected_ip_permissions:
        sg01.ip_permissions_egress.should.contain(ip_permission)

@ -930,11 +951,10 @@ def test_revoke_security_group_egress():
    sg.revoke_egress(
        IpPermissions=[
            {
-                "FromPort": 0,
                "IpProtocol": "-1",
                "IpRanges": [{"CidrIp": "0.0.0.0/0"}],
-                "ToPort": 123,
-            },
+                "UserIdGroupPairs": [],
+            }
        ]
    )