Yasuke/moto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
moto/tests/test_ec2/test_security_groups.py

738 lines
29 KiB
Python
Raw Normal View History

from __future__ import unicode_literals
2014-08-27 11:17:06 -04:00
from __future__ import unicode_literals
made the security group endpoints that authorize or revoke firewall rules to support batch rules (boto doesn't expose this, but botocore/boto3 does)
2016-10-20 17:25:54 +00:00
import copy
Error handling: Model-level validations, proper error responses. (backport assert_raises as context manager for Python 2.6)
2014-08-25 15:09:38 -07:00
# Ensure 'assert_raises' context manager support for Python 2.6
Fix security group tags. Closes #301.
2015-02-14 08:57:14 -05:00
import tests.backport_assert_raises # noqa
Error handling: Model-level validations, proper error responses. (backport assert_raises as context manager for Python 2.6)
2014-08-25 15:09:38 -07:00
from nose.tools import assert_raises
Fix egress rules management to autorize or revoke a security group
2016-04-20 23:01:09 +02:00
import boto3
adding ec2 stubs
2013-02-21 23:13:01 -05:00
import boto
Throw exception if same security group rule added twice. Closes #737.
2017-01-11 22:35:27 -05:00
from botocore.exceptions import ClientError
Get standalone server mode working for all tests.
2017-02-23 19:43:48 -05:00
from boto.exception import EC2ResponseError
Cleanup flake8
2013-08-03 17:21:25 -04:00
import sure # noqa
adding ec2 stubs
2013-02-21 23:13:01 -05:00
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
from moto import mock_ec2, mock_ec2_deprecated
adding ec2 stubs
2013-02-21 23:13:01 -05:00
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_ec2_deprecated
add, delete, describe security groups
2013-02-23 15:26:54 -05:00
def test_create_and_describe_security_group():
conn = boto.connect_ec2('the_key', 'the_secret')
Add dry_run to a number of EC2 services
2016-10-15 23:08:44 +10:00
Get standalone server mode working for all tests.
2017-02-23 19:43:48 -05:00
with assert_raises(EC2ResponseError) as ex:
Lints.
2017-02-23 21:37:43 -05:00
security_group = conn.create_security_group(
'test security group', 'this is a test security group', dry_run=True)
Get standalone server mode working for all tests.
2017-02-23 19:43:48 -05:00
ex.exception.error_code.should.equal('DryRunOperation')
Add dry_run to a number of EC2 services
2016-10-15 23:08:44 +10:00
ex.exception.status.should.equal(400)
Lints.
2017-02-23 21:37:43 -05:00
ex.exception.message.should.equal(
'An error occurred (DryRunOperation) when calling the CreateSecurityGroup operation: Request would have succeeded, but DryRun flag is set')
Add dry_run to a number of EC2 services
2016-10-15 23:08:44 +10:00
Lints.
2017-02-23 21:37:43 -05:00
security_group = conn.create_security_group(
'test security group', 'this is a test security group')
add, delete, describe security groups
2013-02-23 15:26:54 -05:00
pep8
2013-03-05 08:35:18 -05:00
security_group.name.should.equal('test security group')
add, delete, describe security groups
2013-02-23 15:26:54 -05:00
security_group.description.should.equal('this is a test security group')
# Trying to create another group with the same name should throw an error
Error handling: Model-level validations, proper error responses.
2014-08-25 10:54:47 -07:00
with assert_raises(EC2ResponseError) as cm:
Lints.
2017-02-23 21:37:43 -05:00
conn.create_security_group(
'test security group', 'this is a test security group')
Error handling: Model-level validations, proper error responses.
2014-08-25 10:54:47 -07:00
cm.exception.code.should.equal('InvalidGroup.Duplicate')
cm.exception.status.should.equal(400)
cm.exception.request_id.should_not.be.none
add, delete, describe security groups
2013-02-23 15:26:54 -05:00
all_groups = conn.get_all_security_groups()
Lints.
2017-02-23 21:37:43 -05:00
# The default group gets created automatically
all_groups.should.have.length_of(3)
Cleanup EC2 classic default security group.
2015-03-14 18:50:41 -04:00
group_names = [group.name for group in all_groups]
set(group_names).should.equal(set(["default", "test security group"]))
add, delete, describe security groups
2013-02-23 15:26:54 -05:00
test which verifies authorizing rules within a VPC is broken see issue #108
2014-03-20 16:22:37 -07:00
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_ec2_deprecated
Require a GroupDescription for security group creation. Closes #112.
2014-05-11 17:37:00 -04:00
def test_create_security_group_without_description_raises_error():
conn = boto.connect_ec2('the_key', 'the_secret')
Error handling: Model-level validations, proper error responses.
2014-08-25 10:54:47 -07:00
with assert_raises(EC2ResponseError) as cm:
conn.create_security_group('test security group', '')
cm.exception.code.should.equal('MissingParameter')
cm.exception.status.should.equal(400)
cm.exception.request_id.should_not.be.none
Require a GroupDescription for security group creation. Closes #112.
2014-05-11 17:37:00 -04:00
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_ec2_deprecated
Cleanup EC2 classic default security group.
2015-03-14 18:50:41 -04:00
def test_default_security_group():
conn = boto.ec2.connect_to_region('us-east-1')
groups = conn.get_all_security_groups()
Add more availability regions and implement default VPC (#773) Fix filter name for availability zone Fix bug assuming dict keys are ordered Fix tests Fix tests Fix bug
2017-01-11 17:37:57 -08:00
groups.should.have.length_of(2)
Cleanup EC2 classic default security group.
2015-03-14 18:50:41 -04:00
groups[0].name.should.equal("default")
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_ec2_deprecated
added new vpc security group test. failing
2013-10-30 17:55:13 -07:00
def test_create_and_describe_vpc_security_group():
conn = boto.connect_ec2('the_key', 'the_secret')
vpc_id = 'vpc-5300000c'
Lints.
2017-02-23 21:37:43 -05:00
security_group = conn.create_security_group(
'test security group', 'this is a test security group', vpc_id=vpc_id)
added new vpc security group test. failing
2013-10-30 17:55:13 -07:00
security_group.vpc_id.should.equal(vpc_id)
security_group.name.should.equal('test security group')
security_group.description.should.equal('this is a test security group')
Lints.
2017-02-23 21:37:43 -05:00
# Trying to create another group with the same name in the same VPC should
# throw an error
Error handling: Model-level validations, proper error responses.
2014-08-25 10:54:47 -07:00
with assert_raises(EC2ResponseError) as cm:
Lints.
2017-02-23 21:37:43 -05:00
conn.create_security_group(
'test security group', 'this is a test security group', vpc_id)
Error handling: Model-level validations, proper error responses.
2014-08-25 10:54:47 -07:00
cm.exception.code.should.equal('InvalidGroup.Duplicate')
cm.exception.status.should.equal(400)
cm.exception.request_id.should_not.be.none
added new vpc security group test. failing
2013-10-30 17:55:13 -07:00
Cleanup EC2 classic default security group.
2015-03-14 18:50:41 -04:00
all_groups = conn.get_all_security_groups(filters={'vpc_id': [vpc_id]})
added new vpc security group test. failing
2013-10-30 17:55:13 -07:00
all_groups[0].vpc_id.should.equal(vpc_id)
all_groups.should.have.length_of(1)
all_groups[0].name.should.equal('test security group')
Extend security group testing for VPC.
2014-05-11 17:13:48 -04:00
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_ec2_deprecated
reworked internals, groups is now a dict of dicts. need to fix errors coming back from revoking and deleting groups
2013-10-30 20:11:15 -07:00
def test_create_two_security_groups_with_same_name_in_different_vpc():
conn = boto.connect_ec2('the_key', 'the_secret')
vpc_id = 'vpc-5300000c'
vpc_id2 = 'vpc-5300000d'
Lints.
2017-02-23 21:37:43 -05:00
conn.create_security_group(
'test security group', 'this is a test security group', vpc_id)
conn.create_security_group(
'test security group', 'this is a test security group', vpc_id2)
reworked internals, groups is now a dict of dicts. need to fix errors coming back from revoking and deleting groups
2013-10-30 20:11:15 -07:00
all_groups = conn.get_all_security_groups()
Add more availability regions and implement default VPC (#773) Fix filter name for availability zone Fix bug assuming dict keys are ordered Fix tests Fix tests Fix bug
2017-01-11 17:37:57 -08:00
all_groups.should.have.length_of(4)
Cleanup EC2 classic default security group.
2015-03-14 18:50:41 -04:00
group_names = [group.name for group in all_groups]
# The default group is created automatically
set(group_names).should.equal(set(["default", "test security group"]))
reworked internals, groups is now a dict of dicts. need to fix errors coming back from revoking and deleting groups
2013-10-30 20:11:15 -07:00
add, delete, describe security groups
2013-02-23 15:26:54 -05:00
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_ec2_deprecated
add, delete, describe security groups
2013-02-23 15:26:54 -05:00
def test_deleting_security_groups():
conn = boto.connect_ec2('the_key', 'the_secret')
security_group1 = conn.create_security_group('test1', 'test1')
pep8
2013-02-26 00:31:01 -05:00
conn.create_security_group('test2', 'test2')
add, delete, describe security groups
2013-02-23 15:26:54 -05:00
Add more availability regions and implement default VPC (#773) Fix filter name for availability zone Fix bug assuming dict keys are ordered Fix tests Fix tests Fix bug
2017-01-11 17:37:57 -08:00
conn.get_all_security_groups().should.have.length_of(4)
add, delete, describe security groups
2013-02-23 15:26:54 -05:00
# Deleting a group that doesn't exist should throw an error
Error handling: Model-level validations, proper error responses.
2014-08-25 10:54:47 -07:00
with assert_raises(EC2ResponseError) as cm:
conn.delete_security_group('foobar')
cm.exception.code.should.equal('InvalidGroup.NotFound')
cm.exception.status.should.equal(400)
cm.exception.request_id.should_not.be.none
add, delete, describe security groups
2013-02-23 15:26:54 -05:00
# Delete by name
Get standalone server mode working for all tests.
2017-02-23 19:43:48 -05:00
with assert_raises(EC2ResponseError) as ex:
Add dry_run to a number of EC2 services
2016-10-15 23:08:44 +10:00
conn.delete_security_group('test2', dry_run=True)
Get standalone server mode working for all tests.
2017-02-23 19:43:48 -05:00
ex.exception.error_code.should.equal('DryRunOperation')
Add dry_run to a number of EC2 services
2016-10-15 23:08:44 +10:00
ex.exception.status.should.equal(400)
Lints.
2017-02-23 21:37:43 -05:00
ex.exception.message.should.equal(
'An error occurred (DryRunOperation) when calling the DeleteSecurityGroup operation: Request would have succeeded, but DryRun flag is set')
Add dry_run to a number of EC2 services
2016-10-15 23:08:44 +10:00
add, delete, describe security groups
2013-02-23 15:26:54 -05:00
conn.delete_security_group('test2')
Add more availability regions and implement default VPC (#773) Fix filter name for availability zone Fix bug assuming dict keys are ordered Fix tests Fix tests Fix bug
2017-01-11 17:37:57 -08:00
conn.get_all_security_groups().should.have.length_of(3)
add, delete, describe security groups
2013-02-23 15:26:54 -05:00
# Delete by group id
updated SC methods to work with a group_id, which must be used if it's a group in a VPC
2013-12-06 14:34:13 -08:00
conn.delete_security_group(group_id=security_group1.id)
Add more availability regions and implement default VPC (#773) Fix filter name for availability zone Fix bug assuming dict keys are ordered Fix tests Fix tests Fix bug
2017-01-11 17:37:57 -08:00
conn.get_all_security_groups().should.have.length_of(2)
add security group ingress rules
2013-02-23 16:27:43 -05:00
Extend security group testing for VPC.
2014-05-11 17:13:48 -04:00
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_ec2_deprecated
security group deletion
2013-12-05 17:00:35 -08:00
def test_delete_security_group_in_vpc():
conn = boto.connect_ec2('the_key', 'the_secret')
vpc_id = "vpc-12345"
security_group1 = conn.create_security_group('test1', 'test1', vpc_id)
missed a commit
2013-12-05 17:56:46 -08:00
# this should not throw an exception
updated SC methods to work with a group_id, which must be used if it's a group in a VPC
2013-12-06 14:34:13 -08:00
conn.delete_security_group(group_id=security_group1.id)
security group deletion
2013-12-05 17:00:35 -08:00
add security group ingress rules
2013-02-23 16:27:43 -05:00
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_ec2_deprecated
add security group ingress rules
2013-02-23 16:27:43 -05:00
def test_authorize_ip_range_and_revoke():
conn = boto.connect_ec2('the_key', 'the_secret')
security_group = conn.create_security_group('test', 'test')
Get standalone server mode working for all tests.
2017-02-23 19:43:48 -05:00
with assert_raises(EC2ResponseError) as ex:
Lints.
2017-02-23 21:37:43 -05:00
success = security_group.authorize(
ip_protocol="tcp", from_port="22", to_port="2222", cidr_ip="123.123.123.123/32", dry_run=True)
Get standalone server mode working for all tests.
2017-02-23 19:43:48 -05:00
ex.exception.error_code.should.equal('DryRunOperation')
Add dry_run to a number of EC2 services
2016-10-15 23:08:44 +10:00
ex.exception.status.should.equal(400)
Lints.
2017-02-23 21:37:43 -05:00
ex.exception.message.should.equal(
'An error occurred (DryRunOperation) when calling the GrantSecurityGroupIngress operation: Request would have succeeded, but DryRun flag is set')
Add dry_run to a number of EC2 services
2016-10-15 23:08:44 +10:00
Lints.
2017-02-23 21:37:43 -05:00
success = security_group.authorize(
ip_protocol="tcp", from_port="22", to_port="2222", cidr_ip="123.123.123.123/32")
add security group ingress rules
2013-02-23 16:27:43 -05:00
assert success.should.be.true
Cleanup EC2 classic default security group.
2015-03-14 18:50:41 -04:00
security_group = conn.get_all_security_groups(groupnames=['test'])[0]
add security group ingress rules
2013-02-23 16:27:43 -05:00
int(security_group.rules[0].to_port).should.equal(2222)
Lints.
2017-02-23 21:37:43 -05:00
security_group.rules[0].grants[
0].cidr_ip.should.equal("123.123.123.123/32")
add security group ingress rules
2013-02-23 16:27:43 -05:00
# Wrong Cidr should throw error
Error handling: Model-level validations, proper error responses.
2014-08-25 10:54:47 -07:00
with assert_raises(EC2ResponseError) as cm:
Lints.
2017-02-23 21:37:43 -05:00
security_group.revoke(ip_protocol="tcp", from_port="22",
to_port="2222", cidr_ip="123.123.123.122/32")
Error handling: Model-level validations, proper error responses.
2014-08-25 10:54:47 -07:00
cm.exception.code.should.equal('InvalidPermission.NotFound')
cm.exception.status.should.equal(400)
cm.exception.request_id.should_not.be.none
add security group ingress rules
2013-02-23 16:27:43 -05:00
# Actually revoke
Get standalone server mode working for all tests.
2017-02-23 19:43:48 -05:00
with assert_raises(EC2ResponseError) as ex:
Lints.
2017-02-23 21:37:43 -05:00
security_group.revoke(ip_protocol="tcp", from_port="22",
to_port="2222", cidr_ip="123.123.123.123/32", dry_run=True)
Get standalone server mode working for all tests.
2017-02-23 19:43:48 -05:00
ex.exception.error_code.should.equal('DryRunOperation')
Add dry_run to a number of EC2 services
2016-10-15 23:08:44 +10:00
ex.exception.status.should.equal(400)
Lints.
2017-02-23 21:37:43 -05:00
ex.exception.message.should.equal(
'An error occurred (DryRunOperation) when calling the RevokeSecurityGroupIngress operation: Request would have succeeded, but DryRun flag is set')
Add dry_run to a number of EC2 services
2016-10-15 23:08:44 +10:00
Lints.
2017-02-23 21:37:43 -05:00
security_group.revoke(ip_protocol="tcp", from_port="22",
to_port="2222", cidr_ip="123.123.123.123/32")
add security group ingress rules
2013-02-23 16:27:43 -05:00
security_group = conn.get_all_security_groups()[0]
security_group.rules.should.have.length_of(0)
Adds support for authorizing and revoking egress permissions
2016-01-15 12:36:11 -08:00
# Test for egress as well
Lints.
2017-02-23 21:37:43 -05:00
egress_security_group = conn.create_security_group(
'testegress', 'testegress', vpc_id='vpc-3432589')
Add dry_run to a number of EC2 services
2016-10-15 23:08:44 +10:00
Get standalone server mode working for all tests.
2017-02-23 19:43:48 -05:00
with assert_raises(EC2ResponseError) as ex:
Lints.
2017-02-23 21:37:43 -05:00
success = conn.authorize_security_group_egress(
egress_security_group.id, "tcp", from_port="22", to_port="2222", cidr_ip="123.123.123.123/32", dry_run=True)
Get standalone server mode working for all tests.
2017-02-23 19:43:48 -05:00
ex.exception.error_code.should.equal('DryRunOperation')
Add dry_run to a number of EC2 services
2016-10-15 23:08:44 +10:00
ex.exception.status.should.equal(400)
Lints.
2017-02-23 21:37:43 -05:00
ex.exception.message.should.equal(
'An error occurred (DryRunOperation) when calling the GrantSecurityGroupEgress operation: Request would have succeeded, but DryRun flag is set')
Add dry_run to a number of EC2 services
2016-10-15 23:08:44 +10:00
Lints.
2017-02-23 21:37:43 -05:00
success = conn.authorize_security_group_egress(
egress_security_group.id, "tcp", from_port="22", to_port="2222", cidr_ip="123.123.123.123/32")
Adds support for authorizing and revoking egress permissions
2016-01-15 12:36:11 -08:00
assert success.should.be.true
Lints.
2017-02-23 21:37:43 -05:00
egress_security_group = conn.get_all_security_groups(
groupnames='testegress')[0]
Fix egress rules management to autorize or revoke a security group
2016-04-20 23:01:09 +02:00
# There are two egress rules associated with the security group:
# the default outbound rule and the new one
Add the default outboud rule for security groups
2016-04-19 23:50:46 +02:00
int(egress_security_group.rules_egress[1].to_port).should.equal(2222)
Lints.
2017-02-23 21:37:43 -05:00
egress_security_group.rules_egress[1].grants[
0].cidr_ip.should.equal("123.123.123.123/32")
Adds support for authorizing and revoking egress permissions
2016-01-15 12:36:11 -08:00
# Wrong Cidr should throw error
Lints.
2017-02-23 21:37:43 -05:00
egress_security_group.revoke.when.called_with(
ip_protocol="tcp", from_port="22", to_port="2222", cidr_ip="123.123.123.122/32").should.throw(EC2ResponseError)
Adds support for authorizing and revoking egress permissions
2016-01-15 12:36:11 -08:00
# Actually revoke
Get standalone server mode working for all tests.
2017-02-23 19:43:48 -05:00
with assert_raises(EC2ResponseError) as ex:
Lints.
2017-02-23 21:37:43 -05:00
conn.revoke_security_group_egress(
egress_security_group.id, "tcp", from_port="22", to_port="2222", cidr_ip="123.123.123.123/32", dry_run=True)
Get standalone server mode working for all tests.
2017-02-23 19:43:48 -05:00
ex.exception.error_code.should.equal('DryRunOperation')
Add dry_run to a number of EC2 services
2016-10-15 23:08:44 +10:00
ex.exception.status.should.equal(400)
Lints.
2017-02-23 21:37:43 -05:00
ex.exception.message.should.equal(
'An error occurred (DryRunOperation) when calling the RevokeSecurityGroupEgress operation: Request would have succeeded, but DryRun flag is set')
Add dry_run to a number of EC2 services
2016-10-15 23:08:44 +10:00
Lints.
2017-02-23 21:37:43 -05:00
conn.revoke_security_group_egress(
egress_security_group.id, "tcp", from_port="22", to_port="2222", cidr_ip="123.123.123.123/32")
Adds support for authorizing and revoking egress permissions
2016-01-15 12:36:11 -08:00
egress_security_group = conn.get_all_security_groups()[0]
Fix egress rules management to autorize or revoke a security group
2016-04-20 23:01:09 +02:00
# There is still the default outbound rule
Add the default outboud rule for security groups
2016-04-19 23:50:46 +02:00
egress_security_group.rules_egress.should.have.length_of(1)
Adds support for authorizing and revoking egress permissions
2016-01-15 12:36:11 -08:00
pep8
2013-02-26 00:31:01 -05:00
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_ec2_deprecated
add security group ingress rules
2013-02-23 16:27:43 -05:00
def test_authorize_other_group_and_revoke():
conn = boto.connect_ec2('the_key', 'the_secret')
security_group = conn.create_security_group('test', 'test')
other_security_group = conn.create_security_group('other', 'other')
wrong_group = conn.create_security_group('wrong', 'wrong')
Lints.
2017-02-23 21:37:43 -05:00
success = security_group.authorize(
ip_protocol="tcp", from_port="22", to_port="2222", src_group=other_security_group)
add security group ingress rules
2013-02-23 16:27:43 -05:00
assert success.should.be.true
Lints.
2017-02-23 21:37:43 -05:00
security_group = [
group for group in conn.get_all_security_groups() if group.name == 'test'][0]
add security group ingress rules
2013-02-23 16:27:43 -05:00
int(security_group.rules[0].to_port).should.equal(2222)
Lints.
2017-02-23 21:37:43 -05:00
security_group.rules[0].grants[
0].group_id.should.equal(other_security_group.id)
add security group ingress rules
2013-02-23 16:27:43 -05:00
# Wrong source group should throw error
Error handling: Model-level validations, proper error responses.
2014-08-25 10:54:47 -07:00
with assert_raises(EC2ResponseError) as cm:
Lints.
2017-02-23 21:37:43 -05:00
security_group.revoke(ip_protocol="tcp", from_port="22",
to_port="2222", src_group=wrong_group)
Error handling: Model-level validations, proper error responses.
2014-08-25 10:54:47 -07:00
cm.exception.code.should.equal('InvalidPermission.NotFound')
cm.exception.status.should.equal(400)
cm.exception.request_id.should_not.be.none
add security group ingress rules
2013-02-23 16:27:43 -05:00
# Actually revoke
Lints.
2017-02-23 21:37:43 -05:00
security_group.revoke(ip_protocol="tcp", from_port="22",
to_port="2222", src_group=other_security_group)
add security group ingress rules
2013-02-23 16:27:43 -05:00
Lints.
2017-02-23 21:37:43 -05:00
security_group = [
group for group in conn.get_all_security_groups() if group.name == 'test'][0]
add security group ingress rules
2013-02-23 16:27:43 -05:00
security_group.rules.should.have.length_of(0)
test which verifies authorizing rules within a VPC is broken see issue #108
2014-03-20 16:22:37 -07:00
Extend security group testing for VPC.
2014-05-11 17:13:48 -04:00
Fix egress rules management to autorize or revoke a security group
2016-04-20 23:01:09 +02:00
@mock_ec2
def test_authorize_other_group_egress_and_revoke():
ec2 = boto3.resource('ec2', region_name='us-west-1')
vpc = ec2.create_vpc(CidrBlock='10.0.0.0/16')
Lints.
2017-02-23 21:37:43 -05:00
sg01 = ec2.create_security_group(
GroupName='sg01', Description='Test security group sg01', VpcId=vpc.id)
sg02 = ec2.create_security_group(
GroupName='sg02', Description='Test security group sg02', VpcId=vpc.id)
Fix egress rules management to autorize or revoke a security group
2016-04-20 23:01:09 +02:00
ip_permission = {
Change type for IpProtocol key
2016-04-20 23:21:39 +02:00
'IpProtocol': 'tcp',
Fix egress rules management to autorize or revoke a security group
2016-04-20 23:01:09 +02:00
'FromPort': 27017,
'ToPort': 27017,
'UserIdGroupPairs': [{'GroupId': sg02.id, 'GroupName': 'sg02', 'UserId': sg02.owner_id}],
'IpRanges': []
}
sg01.authorize_egress(IpPermissions=[ip_permission])
sg01.ip_permissions_egress.should.have.length_of(2)
sg01.ip_permissions_egress.should.contain(ip_permission)
sg01.revoke_egress(IpPermissions=[ip_permission])
sg01.ip_permissions_egress.should.have.length_of(1)
Add more availability regions and implement default VPC (#773) Fix filter name for availability zone Fix bug assuming dict keys are ordered Fix tests Fix tests Fix bug
2017-01-11 17:37:57 -08:00
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_ec2_deprecated
We're getting back the correct group from get_security_group_from_id, but hitting another issue with the source_group_name also using an id rather than a name
2014-03-20 17:26:08 -07:00
def test_authorize_group_in_vpc():
test which verifies authorizing rules within a VPC is broken see issue #108
2014-03-20 16:22:37 -07:00
conn = boto.connect_ec2('the_key', 'the_secret')
vpc_id = "vpc-12345"
# create 2 groups in a vpc
Extend security group testing for VPC.
2014-05-11 17:13:48 -04:00
security_group = conn.create_security_group('test1', 'test1', vpc_id)
other_security_group = conn.create_security_group('test2', 'test2', vpc_id)
test which verifies authorizing rules within a VPC is broken see issue #108
2014-03-20 16:22:37 -07:00
Lints.
2017-02-23 21:37:43 -05:00
success = security_group.authorize(
ip_protocol="tcp", from_port="22", to_port="2222", src_group=other_security_group)
removed unnecessary itertools chain. added success test case around authorize & revoke
2014-03-21 13:31:00 -07:00
success.should.be.true
test which verifies authorizing rules within a VPC is broken see issue #108
2014-03-20 16:22:37 -07:00
Extend security group testing for VPC.
2014-05-11 17:13:48 -04:00
# Check that the rule is accurate
Lints.
2017-02-23 21:37:43 -05:00
security_group = [
group for group in conn.get_all_security_groups() if group.name == 'test1'][0]
Extend security group testing for VPC.
2014-05-11 17:13:48 -04:00
int(security_group.rules[0].to_port).should.equal(2222)
Lints.
2017-02-23 21:37:43 -05:00
security_group.rules[0].grants[
0].group_id.should.equal(other_security_group.id)
test which verifies authorizing rules within a VPC is broken see issue #108
2014-03-20 16:22:37 -07:00
Fix egress rules management to autorize or revoke a security group
2016-04-20 23:01:09 +02:00
# Now remove the rule
Lints.
2017-02-23 21:37:43 -05:00
success = security_group.revoke(
ip_protocol="tcp", from_port="22", to_port="2222", src_group=other_security_group)
Extend security group testing for VPC.
2014-05-11 17:13:48 -04:00
success.should.be.true
# And check that it gets revoked
Lints.
2017-02-23 21:37:43 -05:00
security_group = [
group for group in conn.get_all_security_groups() if group.name == 'test1'][0]
Extend security group testing for VPC.
2014-05-11 17:13:48 -04:00
security_group.rules.should.have.length_of(0)
Added support to get_all_security_groups endpoint to actually filter groups. - Filters by groupnames, group_ids and a filters. However, the filters option doesn't support owner-id and tags since neither attribute was readily available via the SecurityGroup object. - Also included a basic test to confirm it works.
2014-08-21 19:04:48 -05:00
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_ec2_deprecated
Added support to get_all_security_groups endpoint to actually filter groups. - Filters by groupnames, group_ids and a filters. However, the filters option doesn't support owner-id and tags since neither attribute was readily available via the SecurityGroup object. - Also included a basic test to confirm it works.
2014-08-21 19:04:48 -05:00
def test_get_all_security_groups():
conn = boto.connect_ec2()
Lints.
2017-02-23 21:37:43 -05:00
sg1 = conn.create_security_group(
name='test1', description='test1', vpc_id='vpc-mjm05d27')
Fix security group tags. Closes #301.
2015-02-14 08:57:14 -05:00
conn.create_security_group(name='test2', description='test2')
Added support to get_all_security_groups endpoint to actually filter groups. - Filters by groupnames, group_ids and a filters. However, the filters option doesn't support owner-id and tags since neither attribute was readily available via the SecurityGroup object. - Also included a basic test to confirm it works.
2014-08-21 19:04:48 -05:00
resp = conn.get_all_security_groups(groupnames=['test1'])
resp.should.have.length_of(1)
Security Groups: Fix for filtering support.
2014-09-10 09:42:38 -07:00
resp[0].id.should.equal(sg1.id)
Raise InvalidGroup.NotFound in DescribeSecurityGroups
2017-09-18 19:51:01 +05:30
with assert_raises(EC2ResponseError) as cm:
conn.get_all_security_groups(groupnames=['does_not_exist'])
cm.exception.code.should.equal('InvalidGroup.NotFound')
cm.exception.status.should.equal(400)
cm.exception.request_id.should_not.be.none
resp.should.have.length_of(1)
resp[0].id.should.equal(sg1.id)
Security Groups: Fix for filtering support.
2014-09-10 09:42:38 -07:00
resp = conn.get_all_security_groups(filters={'vpc-id': ['vpc-mjm05d27']})
resp.should.have.length_of(1)
resp[0].id.should.equal(sg1.id)
Added support to get_all_security_groups endpoint to actually filter groups. - Filters by groupnames, group_ids and a filters. However, the filters option doesn't support owner-id and tags since neither attribute was readily available via the SecurityGroup object. - Also included a basic test to confirm it works.
2014-08-21 19:04:48 -05:00
resp = conn.get_all_security_groups(filters={'vpc_id': ['vpc-mjm05d27']})
resp.should.have.length_of(1)
Security Groups: Fix for filtering support.
2014-09-10 09:42:38 -07:00
resp[0].id.should.equal(sg1.id)
Added support to get_all_security_groups endpoint to actually filter groups. - Filters by groupnames, group_ids and a filters. However, the filters option doesn't support owner-id and tags since neither attribute was readily available via the SecurityGroup object. - Also included a basic test to confirm it works.
2014-08-21 19:04:48 -05:00
resp = conn.get_all_security_groups(filters={'description': ['test1']})
resp.should.have.length_of(1)
Security Groups: Fix for filtering support.
2014-09-10 09:42:38 -07:00
resp[0].id.should.equal(sg1.id)
Added support to get_all_security_groups endpoint to actually filter groups. - Filters by groupnames, group_ids and a filters. However, the filters option doesn't support owner-id and tags since neither attribute was readily available via the SecurityGroup object. - Also included a basic test to confirm it works.
2014-08-21 19:04:48 -05:00
resp = conn.get_all_security_groups()
Add more availability regions and implement default VPC (#773) Fix filter name for availability zone Fix bug assuming dict keys are ordered Fix tests Fix tests Fix bug
2017-01-11 17:37:57 -08:00
resp.should.have.length_of(4)
test ip_ranges when authorizing security group ingress rules
2014-10-06 14:42:12 -04:00
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_ec2_deprecated
test ip_ranges when authorizing security group ingress rules
2014-10-06 14:42:12 -04:00
def test_authorize_bad_cidr_throws_invalid_parameter_value():
conn = boto.connect_ec2('the_key', 'the_secret')
security_group = conn.create_security_group('test', 'test')
with assert_raises(EC2ResponseError) as cm:
Lints.
2017-02-23 21:37:43 -05:00
security_group.authorize(
ip_protocol="tcp", from_port="22", to_port="2222", cidr_ip="123.123.123.123")
test ip_ranges when authorizing security group ingress rules
2014-10-06 14:42:12 -04:00
cm.exception.code.should.equal('InvalidParameterValue')
cm.exception.status.should.equal(400)
cm.exception.request_id.should_not.be.none
Fix security group tags. Closes #301.
2015-02-14 08:57:14 -05:00
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_ec2_deprecated
Fix security group tags. Closes #301.
2015-02-14 08:57:14 -05:00
def test_security_group_tagging():
conn = boto.connect_vpc()
vpc = conn.create_vpc("10.0.0.0/16")
Add dry_run to a number of EC2 services
2016-10-15 23:08:44 +10:00
Fix security group tags. Closes #301.
2015-02-14 08:57:14 -05:00
sg = conn.create_security_group("test-sg", "Test SG", vpc.id)
Add dry_run to a number of EC2 services
2016-10-15 23:08:44 +10:00
Get standalone server mode working for all tests.
2017-02-23 19:43:48 -05:00
with assert_raises(EC2ResponseError) as ex:
Add dry_run to a number of EC2 services
2016-10-15 23:08:44 +10:00
sg.add_tag("Test", "Tag", dry_run=True)
Get standalone server mode working for all tests.
2017-02-23 19:43:48 -05:00
ex.exception.error_code.should.equal('DryRunOperation')
Add dry_run to a number of EC2 services
2016-10-15 23:08:44 +10:00
ex.exception.status.should.equal(400)
Lints.
2017-02-23 21:37:43 -05:00
ex.exception.message.should.equal(
'An error occurred (DryRunOperation) when calling the CreateTags operation: Request would have succeeded, but DryRun flag is set')
Add dry_run to a number of EC2 services
2016-10-15 23:08:44 +10:00
Fix security group tags. Closes #301.
2015-02-14 08:57:14 -05:00
sg.add_tag("Test", "Tag")
tag = conn.get_all_tags()[0]
tag.name.should.equal("Test")
tag.value.should.equal("Tag")
group = conn.get_all_security_groups("test-sg")[0]
group.tags.should.have.length_of(1)
group.tags["Test"].should.equal("Tag")
Add support to tag filtering to Security Groups
2015-02-24 17:56:26 -05:00
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_ec2_deprecated
Add support to tag filtering to Security Groups
2015-02-24 17:56:26 -05:00
def test_security_group_tag_filtering():
conn = boto.connect_ec2()
sg = conn.create_security_group("test-sg", "Test SG")
sg.add_tag("test-tag", "test-value")
Lints.
2017-02-23 21:37:43 -05:00
groups = conn.get_all_security_groups(
filters={"tag:test-tag": "test-value"})
Add support to tag filtering to Security Groups
2015-02-24 17:56:26 -05:00
groups.should.have.length_of(1)
Fix security group ingress authorization for all protocols with no port spec
2016-04-26 10:53:18 +02:00
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_ec2_deprecated
Fix security group ingress authorization for all protocols with no port spec
2016-04-26 10:53:18 +02:00
def test_authorize_all_protocols_with_no_port_specification():
conn = boto.connect_ec2()
sg = conn.create_security_group('test', 'test')
success = sg.authorize(ip_protocol='-1', cidr_ip='0.0.0.0/0')
success.should.be.true
sg = conn.get_all_security_groups('test')[0]
sg.rules[0].from_port.should.equal(None)
sg.rules[0].to_port.should.equal(None)
Update to test for security group tagging Support for describe_security_groups() in boto3
2016-06-23 12:03:29 +01:00
Add more availability regions and implement default VPC (#773) Fix filter name for availability zone Fix bug assuming dict keys are ordered Fix tests Fix tests Fix bug
2017-01-11 17:37:57 -08:00
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_ec2_deprecated
made the Security Group backend throw the same error as AWS if the nb of sec groups limit is hit (#742) * made the Security Group backend throw the same error as AWS if the security group limit is hit * included in the security group limit the count of grants to other security groups & updated the unit tests to cover these * refactored a few things about the sec group rule count limit
2017-01-19 02:37:55 +00:00
def test_sec_group_rule_limit():
ec2_conn = boto.connect_ec2()
sg = ec2_conn.create_security_group('test', 'test')
other_sg = ec2_conn.create_security_group('test_2', 'test_other')
# INGRESS
with assert_raises(EC2ResponseError) as cm:
ec2_conn.authorize_security_group(
group_id=sg.id, ip_protocol='-1',
cidr_ip=['{0}.0.0.0/0'.format(i) for i in range(110)])
cm.exception.error_code.should.equal('RulesPerSecurityGroupLimitExceeded')
sg.rules.should.be.empty
# authorize a rule targeting a different sec group (because this count too)
success = ec2_conn.authorize_security_group(
group_id=sg.id, ip_protocol='-1',
src_security_group_group_id=other_sg.id)
success.should.be.true
# fill the rules up the limit
success = ec2_conn.authorize_security_group(
group_id=sg.id, ip_protocol='-1',
cidr_ip=['{0}.0.0.0/0'.format(i) for i in range(99)])
success.should.be.true
# verify that we cannot authorize past the limit for a CIDR IP
with assert_raises(EC2ResponseError) as cm:
ec2_conn.authorize_security_group(
group_id=sg.id, ip_protocol='-1', cidr_ip=['100.0.0.0/0'])
cm.exception.error_code.should.equal('RulesPerSecurityGroupLimitExceeded')
# verify that we cannot authorize past the limit for a different sec group
with assert_raises(EC2ResponseError) as cm:
ec2_conn.authorize_security_group(
group_id=sg.id, ip_protocol='-1',
src_security_group_group_id=other_sg.id)
cm.exception.error_code.should.equal('RulesPerSecurityGroupLimitExceeded')
# EGRESS
# authorize a rule targeting a different sec group (because this count too)
ec2_conn.authorize_security_group_egress(
group_id=sg.id, ip_protocol='-1',
src_group_id=other_sg.id)
# fill the rules up the limit
# remember that by default, when created a sec group contains 1 egress rule
# so our other_sg rule + 98 CIDR IP rules + 1 by default == 100 the limit
for i in range(98):
ec2_conn.authorize_security_group_egress(
group_id=sg.id, ip_protocol='-1',
cidr_ip='{0}.0.0.0/0'.format(i))
# verify that we cannot authorize past the limit for a CIDR IP
with assert_raises(EC2ResponseError) as cm:
ec2_conn.authorize_security_group_egress(
group_id=sg.id, ip_protocol='-1',
cidr_ip='101.0.0.0/0')
cm.exception.error_code.should.equal('RulesPerSecurityGroupLimitExceeded')
# verify that we cannot authorize past the limit for a different sec group
with assert_raises(EC2ResponseError) as cm:
ec2_conn.authorize_security_group_egress(
group_id=sg.id, ip_protocol='-1',
src_group_id=other_sg.id)
cm.exception.error_code.should.equal('RulesPerSecurityGroupLimitExceeded')
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_ec2_deprecated
made the Security Group backend throw the same error as AWS if the nb of sec groups limit is hit (#742) * made the Security Group backend throw the same error as AWS if the security group limit is hit * included in the security group limit the count of grants to other security groups & updated the unit tests to cover these * refactored a few things about the sec group rule count limit
2017-01-19 02:37:55 +00:00
def test_sec_group_rule_limit_vpc():
ec2_conn = boto.connect_ec2()
vpc_conn = boto.connect_vpc()
vpc = vpc_conn.create_vpc('10.0.0.0/8')
sg = ec2_conn.create_security_group('test', 'test', vpc_id=vpc.id)
other_sg = ec2_conn.create_security_group('test_2', 'test', vpc_id=vpc.id)
# INGRESS
with assert_raises(EC2ResponseError) as cm:
ec2_conn.authorize_security_group(
group_id=sg.id, ip_protocol='-1',
cidr_ip=['{0}.0.0.0/0'.format(i) for i in range(110)])
cm.exception.error_code.should.equal('RulesPerSecurityGroupLimitExceeded')
sg.rules.should.be.empty
# authorize a rule targeting a different sec group (because this count too)
success = ec2_conn.authorize_security_group(
group_id=sg.id, ip_protocol='-1',
src_security_group_group_id=other_sg.id)
success.should.be.true
# fill the rules up the limit
success = ec2_conn.authorize_security_group(
group_id=sg.id, ip_protocol='-1',
cidr_ip=['{0}.0.0.0/0'.format(i) for i in range(49)])
# verify that we cannot authorize past the limit for a CIDR IP
success.should.be.true
with assert_raises(EC2ResponseError) as cm:
ec2_conn.authorize_security_group(
group_id=sg.id, ip_protocol='-1', cidr_ip=['100.0.0.0/0'])
cm.exception.error_code.should.equal('RulesPerSecurityGroupLimitExceeded')
# verify that we cannot authorize past the limit for a different sec group
with assert_raises(EC2ResponseError) as cm:
ec2_conn.authorize_security_group(
group_id=sg.id, ip_protocol='-1',
src_security_group_group_id=other_sg.id)
cm.exception.error_code.should.equal('RulesPerSecurityGroupLimitExceeded')
# EGRESS
# authorize a rule targeting a different sec group (because this count too)
ec2_conn.authorize_security_group_egress(
group_id=sg.id, ip_protocol='-1',
src_group_id=other_sg.id)
# fill the rules up the limit
# remember that by default, when created a sec group contains 1 egress rule
# so our other_sg rule + 48 CIDR IP rules + 1 by default == 50 the limit
for i in range(48):
ec2_conn.authorize_security_group_egress(
group_id=sg.id, ip_protocol='-1',
cidr_ip='{0}.0.0.0/0'.format(i))
# verify that we cannot authorize past the limit for a CIDR IP
with assert_raises(EC2ResponseError) as cm:
ec2_conn.authorize_security_group_egress(
group_id=sg.id, ip_protocol='-1',
cidr_ip='50.0.0.0/0')
cm.exception.error_code.should.equal('RulesPerSecurityGroupLimitExceeded')
# verify that we cannot authorize past the limit for a different sec group
with assert_raises(EC2ResponseError) as cm:
ec2_conn.authorize_security_group_egress(
group_id=sg.id, ip_protocol='-1',
src_group_id=other_sg.id)
cm.exception.error_code.should.equal('RulesPerSecurityGroupLimitExceeded')
Update to test for security group tagging Support for describe_security_groups() in boto3
2016-06-23 12:03:29 +01:00
'''
Boto3
'''
Lints.
2017-02-23 21:37:43 -05:00
Throw exception if same security group rule added twice. Closes #737.
2017-01-11 22:35:27 -05:00
@mock_ec2
def test_add_same_rule_twice_throws_error():
ec2 = boto3.resource('ec2', region_name='us-west-1')
vpc = ec2.create_vpc(CidrBlock='10.0.0.0/16')
Lints.
2017-02-23 21:37:43 -05:00
sg = ec2.create_security_group(
GroupName='sg1', Description='Test security group sg1', VpcId=vpc.id)
Throw exception if same security group rule added twice. Closes #737.
2017-01-11 22:35:27 -05:00
ip_permissions = [
{
'IpProtocol': 'tcp',
'FromPort': 27017,
'ToPort': 27017,
'IpRanges': [{"CidrIp": "1.2.3.4/32"}]
},
]
sg.authorize_ingress(IpPermissions=ip_permissions)
with assert_raises(ClientError) as ex:
sg.authorize_ingress(IpPermissions=ip_permissions)
Update to test for security group tagging Support for describe_security_groups() in boto3
2016-06-23 12:03:29 +01:00
@mock_ec2
def test_security_group_tagging_boto3():
Addition of region to test_security_group_tagging_boto3
2016-06-23 12:38:17 +01:00
conn = boto3.client('ec2', region_name='us-east-1')
Add dry_run to a number of EC2 services
2016-10-15 23:08:44 +10:00
Update to test for security group tagging Support for describe_security_groups() in boto3
2016-06-23 12:03:29 +01:00
sg = conn.create_security_group(GroupName="test-sg", Description="Test SG")
Add dry_run to a number of EC2 services
2016-10-15 23:08:44 +10:00
Get standalone server mode working for all tests.
2017-02-23 19:43:48 -05:00
with assert_raises(ClientError) as ex:
Lints.
2017-02-23 21:37:43 -05:00
conn.create_tags(Resources=[sg['GroupId']], Tags=[
{'Key': 'Test', 'Value': 'Tag'}], DryRun=True)
Get standalone server mode working for all tests.
2017-02-23 19:43:48 -05:00
ex.exception.response['Error']['Code'].should.equal('DryRunOperation')
Lints.
2017-02-23 21:37:43 -05:00
ex.exception.response['ResponseMetadata'][
'HTTPStatusCode'].should.equal(400)
ex.exception.response['Error']['Message'].should.equal(
'An error occurred (DryRunOperation) when calling the CreateTags operation: Request would have succeeded, but DryRun flag is set')
conn.create_tags(Resources=[sg['GroupId']], Tags=[
{'Key': 'Test', 'Value': 'Tag'}])
describe = conn.describe_security_groups(
Filters=[{'Name': 'tag-value', 'Values': ['Tag']}])
Update to test for security group tagging Support for describe_security_groups() in boto3
2016-06-23 12:03:29 +01:00
tag = describe["SecurityGroups"][0]['Tags'][0]
tag['Value'].should.equal("Tag")
tag['Key'].should.equal("Test")
an unit test for the bulk authorization and revokation of security group rules
2016-10-20 18:13:41 +00:00
Support wildcard tag filters on SecurityGroups
2017-10-06 21:55:01 +02:00
@mock_ec2
def test_security_group_wildcard_tag_filter_boto3():
conn = boto3.client('ec2', region_name='us-east-1')
sg = conn.create_security_group(GroupName="test-sg", Description="Test SG")
conn.create_tags(Resources=[sg['GroupId']], Tags=[
{'Key': 'Test', 'Value': 'Tag'}])
describe = conn.describe_security_groups(
Filters=[{'Name': 'tag-value', 'Values': ['*']}])
tag = describe["SecurityGroups"][0]['Tags'][0]
tag['Value'].should.equal("Tag")
tag['Key'].should.equal("Test")
an unit test for the bulk authorization and revokation of security group rules
2016-10-20 18:13:41 +00:00
@mock_ec2
def test_authorize_and_revoke_in_bulk():
ec2 = boto3.resource('ec2', region_name='us-west-1')
vpc = ec2.create_vpc(CidrBlock='10.0.0.0/16')
Lints.
2017-02-23 21:37:43 -05:00
sg01 = ec2.create_security_group(
GroupName='sg01', Description='Test security group sg01', VpcId=vpc.id)
sg02 = ec2.create_security_group(
GroupName='sg02', Description='Test security group sg02', VpcId=vpc.id)
sg03 = ec2.create_security_group(
GroupName='sg03', Description='Test security group sg03')
an unit test for the bulk authorization and revokation of security group rules
2016-10-20 18:13:41 +00:00
ip_permissions = [
{
'IpProtocol': 'tcp',
'FromPort': 27017,
'ToPort': 27017,
'UserIdGroupPairs': [{'GroupId': sg02.id, 'GroupName': 'sg02',
'UserId': sg02.owner_id}],
'IpRanges': []
},
{
'IpProtocol': 'tcp',
Throw exception if same security group rule added twice. Closes #737.
2017-01-11 22:35:27 -05:00
'FromPort': 27018,
'ToPort': 27018,
made the security group endpoints that authorize or revoke firewall rules to support batch rules (boto doesn't expose this, but botocore/boto3 does)
2016-10-20 17:25:54 +00:00
'UserIdGroupPairs': [{'GroupId': sg02.id, 'UserId': sg02.owner_id}],
'IpRanges': []
},
{
'IpProtocol': 'tcp',
'FromPort': 27017,
'ToPort': 27017,
'UserIdGroupPairs': [{'GroupName': 'sg03', 'UserId': sg03.owner_id}],
an unit test for the bulk authorization and revokation of security group rules
2016-10-20 18:13:41 +00:00
'IpRanges': []
}
]
made the security group endpoints that authorize or revoke firewall rules to support batch rules (boto doesn't expose this, but botocore/boto3 does)
2016-10-20 17:25:54 +00:00
expected_ip_permissions = copy.deepcopy(ip_permissions)
expected_ip_permissions[1]['UserIdGroupPairs'][0]['GroupName'] = 'sg02'
expected_ip_permissions[2]['UserIdGroupPairs'][0]['GroupId'] = sg03.id
an unit test for the bulk authorization and revokation of security group rules
2016-10-20 18:13:41 +00:00
sg01.authorize_ingress(IpPermissions=ip_permissions)
made the security group endpoints that authorize or revoke firewall rules to support batch rules (boto doesn't expose this, but botocore/boto3 does)
2016-10-20 17:25:54 +00:00
sg01.ip_permissions.should.have.length_of(3)
for ip_permission in expected_ip_permissions:
an unit test for the bulk authorization and revokation of security group rules
2016-10-20 18:13:41 +00:00
sg01.ip_permissions.should.contain(ip_permission)
sg01.revoke_ingress(IpPermissions=ip_permissions)
sg01.ip_permissions.should.be.empty
made the security group endpoints that authorize or revoke firewall rules to support batch rules (boto doesn't expose this, but botocore/boto3 does)
2016-10-20 17:25:54 +00:00
for ip_permission in expected_ip_permissions:
an unit test for the bulk authorization and revokation of security group rules
2016-10-20 18:13:41 +00:00
sg01.ip_permissions.shouldnt.contain(ip_permission)
sg01.authorize_egress(IpPermissions=ip_permissions)
made the security group endpoints that authorize or revoke firewall rules to support batch rules (boto doesn't expose this, but botocore/boto3 does)
2016-10-20 17:25:54 +00:00
sg01.ip_permissions_egress.should.have.length_of(4)
for ip_permission in expected_ip_permissions:
an unit test for the bulk authorization and revokation of security group rules
2016-10-20 18:13:41 +00:00
sg01.ip_permissions_egress.should.contain(ip_permission)
sg01.revoke_egress(IpPermissions=ip_permissions)
sg01.ip_permissions_egress.should.have.length_of(1)
made the security group endpoints that authorize or revoke firewall rules to support batch rules (boto doesn't expose this, but botocore/boto3 does)
2016-10-20 17:25:54 +00:00
for ip_permission in expected_ip_permissions:
an unit test for the bulk authorization and revokation of security group rules
2016-10-20 18:13:41 +00:00
sg01.ip_permissions_egress.shouldnt.contain(ip_permission)
make get_all_security_groups filter AND match group ids, not OR them (#822)
2017-02-09 13:29:37 +11:00
Lints.
2017-02-23 21:37:43 -05:00
Fix security group rules for single rule case. Closes #1522.
2018-04-13 15:03:07 -04:00
@mock_ec2
def test_security_group_ingress_without_multirule():
ec2 = boto3.resource('ec2', 'ca-central-1')
sg = ec2.create_security_group(Description='Test SG', GroupName='test-sg')
assert len(sg.ip_permissions) == 0
sg.authorize_ingress(CidrIp='192.168.0.1/32', FromPort=22, ToPort=22, IpProtocol='tcp')
# Fails
assert len(sg.ip_permissions) == 1
@mock_ec2
def test_security_group_ingress_without_multirule_after_reload():
ec2 = boto3.resource('ec2', 'ca-central-1')
sg = ec2.create_security_group(Description='Test SG', GroupName='test-sg')
assert len(sg.ip_permissions) == 0
sg.authorize_ingress(CidrIp='192.168.0.1/32', FromPort=22, ToPort=22, IpProtocol='tcp')
# Also Fails
sg_after = ec2.SecurityGroup(sg.id)
assert len(sg_after.ip_permissions) == 1
Testing new version of decorator.
2017-02-15 22:35:45 -05:00
@mock_ec2_deprecated
make get_all_security_groups filter AND match group ids, not OR them (#822)
2017-02-09 13:29:37 +11:00
def test_get_all_security_groups_filter_with_same_vpc_id():
conn = boto.connect_ec2('the_key', 'the_secret')
vpc_id = 'vpc-5300000c'
Lints.
2017-02-23 21:37:43 -05:00
security_group = conn.create_security_group(
'test1', 'test1', vpc_id=vpc_id)
security_group2 = conn.create_security_group(
'test2', 'test2', vpc_id=vpc_id)
make get_all_security_groups filter AND match group ids, not OR them (#822)
2017-02-09 13:29:37 +11:00
security_group.vpc_id.should.equal(vpc_id)
security_group2.vpc_id.should.equal(vpc_id)
Lints.
2017-02-23 21:37:43 -05:00
security_groups = conn.get_all_security_groups(
group_ids=[security_group.id], filters={'vpc-id': [vpc_id]})
make get_all_security_groups filter AND match group ids, not OR them (#822)
2017-02-09 13:29:37 +11:00
security_groups.should.have.length_of(1)
Raise InvalidGroup.NotFound in DescribeSecurityGroups
2017-09-18 19:51:01 +05:30
with assert_raises(EC2ResponseError) as cm:
conn.get_all_security_groups(group_ids=['does_not_exist'])
cm.exception.code.should.equal('InvalidGroup.NotFound')
cm.exception.status.should.equal(400)
cm.exception.request_id.should_not.be.none
Reference in New Issue Copy Permalink