Merge pull request #2596 from gruebel/fix-ec2-revoke-security-group-egress

Fix ec2.revoke_security_group_egress for IpProtocol -1
2019-12-09 14:06:09 -08:00 · 2019-12-09 14:06:09 -08:00 · b2264feac5
commit b2264feac5
parent 76aaa2df0f 5895231b5c
2 changed files with 47 additions and 13 deletions
--- a/tests/test_ec2/test_security_groups.py
+++ b/tests/test_ec2/test_security_groups.py
@ -833,3 +833,33 @@ def test_get_all_security_groups_filter_with_same_vpc_id():
    cm.exception.code.should.equal("InvalidGroup.NotFound")
    cm.exception.status.should.equal(400)
    cm.exception.request_id.should_not.be.none
+
+
+@mock_ec2
+def test_revoke_security_group_egress():
+    ec2 = boto3.resource("ec2", "us-east-1")
+    sg = ec2.create_security_group(Description="Test SG", GroupName="test-sg")
+
+    sg.ip_permissions_egress.should.equal(
+        [
+            {
+                "IpProtocol": "-1",
+                "IpRanges": [{"CidrIp": "0.0.0.0/0"}],
+                "UserIdGroupPairs": [],
+            }
+        ]
+    )
+
+    sg.revoke_egress(
+        IpPermissions=[
+            {
+                "FromPort": 0,
+                "IpProtocol": "-1",
+                "IpRanges": [{"CidrIp": "0.0.0.0/0"},],
+                "ToPort": 123,
+            },
+        ]
+    )
+
+    sg.reload()
+    sg.ip_permissions_egress.should.have.length_of(0)