Yasuke/moto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

EC2: describe_security_group_rules now uses Filter-argument (#6041)

Browse Source
This commit is contained in:
CiolFr 2023-03-12 00:28:16 +01:00 committed by GitHub
parent f1f4454b0f
commit 25f0c660f7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 13 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
moto/ec2/responses/security_groups.py
View File

@ -194,7 +194,7 @@ class SecurityGroups(EC2BaseResponse):
def describe_security_group_rules(self) -> str: def describe_security_group_rules(self) -> str:
group_id = self._get_param("GroupId") group_id = self._get_param("GroupId")
filters = self._get_param("Filter") filters = self._filters_from_querystring()
self.error_on_dryrun() self.error_on_dryrun()

42
tests/test_ec2/test_security_groups.py
View File

@ -565,45 +565,27 @@ def test_authorize_all_protocols_with_no_port_specification():
@mock_ec2 @mock_ec2
def test_create_and_describe_security_grp_rule(): def test_create_and_describe_security_grp_rule():
ip_protocol = "tcp"
from_port = 27017
to_port = 27017
cidr_ip_range = "1.2.3.4/32"
ec2 = boto3.resource("ec2", "us-east-1") ec2 = boto3.resource("ec2", "us-east-1")
client = boto3.client("ec2", "us-east-1") client = boto3.client("ec2", "us-east-1")
vpc = ec2.create_vpc(CidrBlock="10.0.0.0/16") vpc = ec2.create_vpc(CidrBlock="10.0.0.0/16")
sg_name = str(uuid4()) sg_name = str(uuid4())
sg = ec2.create_security_group( sg = client.create_security_group(
Description="Test SG", GroupName=sg_name, VpcId=vpc.id Description="Test SG", GroupName=sg_name, VpcId=vpc.id
) )
# Ingress rule
ip_permissions = [
{
"IpProtocol": ip_protocol,
"FromPort": from_port,
"ToPort": to_port,
"IpRanges": [{"CidrIp": cidr_ip_range}],
}
]
sgr = sg.authorize_ingress(IpPermissions=ip_permissions)
# Describing the ingress rule
sgr_id = sgr["SecurityGroupRules"][0]["SecurityGroupRuleId"]
response = client.describe_security_group_rules( response = client.describe_security_group_rules(
Filters=[{"Name": "ip-permission-id", "Values": [sgr_id]}] Filters=[{"Name": "group-id", "Values": [sg["GroupId"]]}]
) )
ingress_rule = response["SecurityGroupRules"] rules = response["SecurityGroupRules"]
rule_found = False
for rule in ingress_rule: # Only the default rule is present
if rule["SecurityGroupRuleId"] == sgr_id: assert len(rules) == 1
assert rule["IpProtocol"] == ip_protocol
assert rule["FromPort"] == from_port # Test default egress rule content
assert rule["ToPort"] == to_port assert rules[0]["IsEgress"] is True
assert rule["CidrIpv4"] == cidr_ip_range assert rules[0]["IpProtocol"] == "-1"
rule_found = True assert rules[0]["CidrIpv4"] == "0.0.0.0/0"
break
assert rule_found, True
@mock_ec2 @mock_ec2