Adds support for authorizing and revoking egress permissions

2016-01-15 12:36:11 -08:00 · 2016-01-15 12:36:11 -08:00 · 6bc4a8b38a
commit 6bc4a8b38a
parent defd106523
3 changed files with 106 additions and 3 deletions
--- a/moto/ec2/responses/security_groups.py
+++ b/moto/ec2/responses/security_groups.py
@ -31,7 +31,8 @@ def process_rules_from_querystring(querystring):

 class SecurityGroups(BaseResponse):
    def authorize_security_group_egress(self):
-        raise NotImplementedError('SecurityGroups.authorize_security_group_egress is not yet implemented')
+        self.ec2_backend.authorize_security_group_egress(*process_rules_from_querystring(self.querystring))
+        return AUTHORIZE_SECURITY_GROUP_EGRESS_RESPONSE

    def authorize_security_group_ingress(self):
        self.ec2_backend.authorize_security_group_ingress(*process_rules_from_querystring(self.querystring))
@ -73,7 +74,10 @@ class SecurityGroups(BaseResponse):
        return template.render(groups=groups)

    def revoke_security_group_egress(self):
-        raise NotImplementedError('SecurityGroups.revoke_security_group_egress is not yet implemented')
+        success = self.ec2_backend.revoke_security_group_egress(*process_rules_from_querystring(self.querystring))
+        if not success:
+            return "Could not find a matching egress rule", dict(status=404)
+        return REVOKE_SECURITY_GROUP_EGRESS_RESPONSE

    def revoke_security_group_ingress(self):
        self.ec2_backend.revoke_security_group_ingress(*process_rules_from_querystring(self.querystring))
@ -128,7 +132,31 @@ DESCRIBE_SECURITY_GROUPS_RESPONSE = """<DescribeSecurityGroupsResponse xmlns="ht
                    </item>
                {% endfor %}
             </ipPermissions>
-             <ipPermissionsEgress/>
+             <ipPermissionsEgress>
+               {% for rule in group.egress_rules %}
+                    <item>
+                       <ipProtocol>{{ rule.ip_protocol }}</ipProtocol>
+                       <fromPort>{{ rule.from_port }}</fromPort>
+                       <toPort>{{ rule.to_port }}</toPort>
+                       <groups>
+                          {% for source_group in rule.source_groups %}
+                              <item>
+                                 <userId>111122223333</userId>
+                                 <groupId>{{ source_group.id }}</groupId>
+                                 <groupName>{{ source_group.name }}</groupName>
+                              </item>
+                          {% endfor %}
+                       </groups>
+                       <ipRanges>
+                          {% for ip_range in rule.ip_ranges %}
+                              <item>
+                                 <cidrIp>{{ ip_range }}</cidrIp>
+                              </item>
+                          {% endfor %}
+                       </ipRanges>
+                    </item>
+               {% endfor %}
+             </ipPermissionsEgress>
             <tagSet>
               {% for tag in group.get_tags() %}
                 <item>
@ -153,3 +181,14 @@ REVOKE_SECURITY_GROUP_INGRESS_REPONSE = """<RevokeSecurityGroupIngressResponse x
  <requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId>
  <return>true</return>
 </RevokeSecurityGroupIngressResponse>"""
+
+AUTHORIZE_SECURITY_GROUP_EGRESS_RESPONSE = """
+<AuthorizeSecurityGroupEgressResponse xmlns="http://ec2.amazonaws.com/doc/2015-10-01/">
+   <requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId>
+   <return>true</return>
+</AuthorizeSecurityGroupEgressResponse>"""
+
+REVOKE_SECURITY_GROUP_EGRESS_RESPONSE = """<RevokeSecurityGroupEgressResponse xmlns="http://ec2.amazonaws.com/doc/2012-12-01/">
+  <requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId>
+  <return>true</return>
+</RevokeSecurityGroupEgressResponse>"""