Merge pull request #512 from kevgliss/sgEgressPermissions

Adds support for authorizing and revoking egress permissions

tests/test_ec2/test_security_groups.py

@@ -152,6 +152,23 @@ def test_authorize_ip_range_and_revoke():
     security_group = conn.get_all_security_groups()[0]
     security_group.rules.should.have.length_of(0)
 
+    # Test for egress as well
+    egress_security_group = conn.create_security_group('testegress', 'testegress', vpc_id='vpc-3432589')
+    success = conn.authorize_security_group_egress(egress_security_group.id, "tcp", from_port="22", to_port="2222", cidr_ip="123.123.123.123/32")
+    assert success.should.be.true
+    egress_security_group = conn.get_all_security_groups(groupnames='testegress')[0]
+    int(egress_security_group.rules_egress[0].to_port).should.equal(2222)
+    egress_security_group.rules_egress[0].grants[0].cidr_ip.should.equal("123.123.123.123/32")
+
+    # Wrong Cidr should throw error
+    egress_security_group.revoke.when.called_with(ip_protocol="tcp", from_port="22", to_port="2222", cidr_ip="123.123.123.122/32").should.throw(EC2ResponseError)
+
+    # Actually revoke
+    conn.revoke_security_group_egress(egress_security_group.id, "tcp", from_port="22", to_port="2222", cidr_ip="123.123.123.123/32")
+
+    egress_security_group = conn.get_all_security_groups()[0]
+    egress_security_group.rules_egress.should.have.length_of(0)
+
 
 @mock_ec2
 def test_authorize_other_group_and_revoke():