Raise error when adding duplicate egress rule to ec2:SecurityGroup (#3801)

The `InvalidPermission.Duplicate` error was already implemented for inbound rules,
but AWS also returns this error for duplicate outbound rules.

Very minor changes were needed on existing tests that were adding duplicate
outbound rules (when testing the RulesPerSecurityGroupLimitExceeded error).
This commit is contained in:
Brian Pandola 2021-03-26 04:23:07 -07:00 committed by GitHub
parent ba0f0bd513
commit 2bae7e4e0d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 28 additions and 4 deletions

View File

@ -2151,10 +2151,11 @@ class SecurityGroup(TaggedEC2Resource, CloudFormationModel):
def add_ingress_rule(self, rule):
if rule in self.ingress_rules:
raise InvalidPermissionDuplicateError()
else:
self.ingress_rules.append(rule)
def add_egress_rule(self, rule):
if rule in self.egress_rules:
raise InvalidPermissionDuplicateError()
self.egress_rules.append(rule)
def get_number_of_ingress_rules(self):

View File

@ -574,7 +574,7 @@ def test_sec_group_rule_limit():
# fill the rules up the limit
# remember that by default, when created a sec group contains 1 egress rule
# so our other_sg rule + 98 CIDR IP rules + 1 by default == 100 the limit
for i in range(98):
for i in range(1, 99):
ec2_conn.authorize_security_group_egress(
group_id=sg.id, ip_protocol="-1", cidr_ip="{0}.0.0.0/0".format(i)
)
@ -645,7 +645,7 @@ def test_sec_group_rule_limit_vpc():
# fill the rules up the limit
# remember that by default, when created a sec group contains 1 egress rule
# so our other_sg rule + 48 CIDR IP rules + 1 by default == 50 the limit
for i in range(48):
for i in range(1, 49):
ec2_conn.authorize_security_group_egress(
group_id=sg.id, ip_protocol="-1", cidr_ip="{0}.0.0.0/0".format(i)
)
@ -677,6 +677,7 @@ def test_add_same_rule_twice_throws_error():
GroupName="sg1", Description="Test security group sg1", VpcId=vpc.id
)
# Ingress
ip_permissions = [
{
"IpProtocol": "tcp",
@ -689,6 +690,28 @@ def test_add_same_rule_twice_throws_error():
with pytest.raises(ClientError) as ex:
sg.authorize_ingress(IpPermissions=ip_permissions)
ex.value.response["Error"]["Code"].should.equal("InvalidPermission.Duplicate")
ex.value.response["Error"]["Message"].should.match(
r"^.* specified rule.*already exists$"
)
# Egress
ip_permissions = [
{
"IpProtocol": "-1",
"IpRanges": [{"CidrIp": "0.0.0.0/0"}],
"Ipv6Ranges": [],
"PrefixListIds": [],
"UserIdGroupPairs": [],
}
]
with pytest.raises(ClientError) as ex:
sg.authorize_egress(IpPermissions=ip_permissions)
ex.value.response["Error"]["Code"].should.equal("InvalidPermission.Duplicate")
ex.value.response["Error"]["Message"].should.match(
r"^.* specified rule.*already exists$"
)
@mock_ec2