Merge pull request #594 from yannlambret/fix-security-groups

Fix security groups
2016-04-23 19:43:19 -04:00 · 2016-04-23 19:43:19 -04:00 · 6be53cf8c2
commit 6be53cf8c2
parent 224e92ba17 5a5f2f12c7
3 changed files with 57 additions and 14 deletions
--- a/moto/ec2/exceptions.py
+++ b/moto/ec2/exceptions.py
@ -136,7 +136,7 @@ class InvalidPermissionNotFoundError(EC2ClientError):
    def __init__(self):
        super(InvalidPermissionNotFoundError, self).__init__(
            "InvalidPermission.NotFound",
-            "Could not find a matching ingress rule")
+            "The specified rule does not exist in this security group")


 class InvalidRouteTableIdError(EC2ClientError):
--- a/moto/ec2/models.py
+++ b/moto/ec2/models.py
@ -1098,7 +1098,7 @@ class SecurityGroup(TaggedEC2Resource):
        self.name = name
        self.description = description
        self.ingress_rules = []
-        self.egress_rules = []
+        self.egress_rules = [SecurityRule(-1, -1, -1, ['0.0.0.0/0'], [])]
        self.enis = {}
        self.vpc_id = vpc_id
        self.owner_id = "123456789012"
@ -1323,7 +1323,6 @@ class SecurityGroupBackend(object):
        if security_rule in group.ingress_rules:
            group.ingress_rules.remove(security_rule)
            return security_rule
-
        raise InvalidPermissionNotFoundError()

    def authorize_security_group_egress(self,
@ -1332,22 +1331,33 @@ class SecurityGroupBackend(object):
                                        from_port,
                                        to_port,
                                        ip_ranges,
-                                        src_group_id=None,
-                                        cidr_ip=None,
+                                        source_group_names=None,
+                                        source_group_ids=None,
                                        vpc_id=None):

        group = self.get_security_group_by_name_or_id(group_name_or_id, vpc_id)
-
+        if ip_ranges and not isinstance(ip_ranges, list):
+            ip_ranges = [ip_ranges]
        if ip_ranges:
            for cidr in ip_ranges:
                if not is_valid_cidr(cidr):
                    raise InvalidCIDRSubnetError(cidr=cidr)

-        # for VPCs
+        source_group_names = source_group_names if source_group_names else []
+        source_group_ids = source_group_ids if source_group_ids else []
+
        source_groups = []
-        source_group = self.get_security_group_from_id(src_group_id)
-        if source_group:
-            source_groups.append(source_group)
+        for source_group_name in source_group_names:
+            source_group = self.get_security_group_from_name(source_group_name, vpc_id)
+            if source_group:
+                source_groups.append(source_group)
+
+        # for VPCs
+        for source_group_id in source_group_ids:
+            source_group = self.get_security_group_from_id(source_group_id)
+            if source_group:
+                source_groups.append(source_group)
+
        security_rule = SecurityRule(ip_protocol, from_port, to_port, ip_ranges, source_groups)
        group.egress_rules.append(security_rule)

@ -1369,6 +1379,11 @@ class SecurityGroupBackend(object):
            if source_group:
                source_groups.append(source_group)

+        for source_group_id in source_group_ids:
+            source_group = self.get_security_group_from_id(source_group_id)
+            if source_group:
+                source_groups.append(source_group)
+
        security_rule = SecurityRule(ip_protocol, from_port, to_port, ip_ranges, source_groups)
        if security_rule in group.egress_rules:
            group.egress_rules.remove(security_rule)