From 5895231b5cc4721763589dcae9af66707c542404 Mon Sep 17 00:00:00 2001
From: gruebel <anton.gruebel@gmail.com>
Date: Sun, 24 Nov 2019 17:17:53 +0100
Subject: [PATCH] Fix ec2.revoke_security_group_egress for IpProtocol -1

---
 moto/ec2/models.py                     | 30 +++++++++++++++-----------
 tests/test_ec2/test_security_groups.py | 30 ++++++++++++++++++++++++++
 2 files changed, 47 insertions(+), 13 deletions(-)

diff --git a/moto/ec2/models.py b/moto/ec2/models.py
index afb23dc80..874536225 100644
--- a/moto/ec2/models.py
+++ b/moto/ec2/models.py
@@ -1644,23 +1644,27 @@ class RegionsAndZonesBackend(object):
 class SecurityRule(object):
     def __init__(self, ip_protocol, from_port, to_port, ip_ranges, source_groups):
         self.ip_protocol = ip_protocol
-        self.from_port = from_port
-        self.to_port = to_port
         self.ip_ranges = ip_ranges or []
         self.source_groups = source_groups
 
-    @property
-    def unique_representation(self):
-        return "{0}-{1}-{2}-{3}-{4}".format(
-            self.ip_protocol,
-            self.from_port,
-            self.to_port,
-            self.ip_ranges,
-            self.source_groups,
-        )
+        if ip_protocol != "-1":
+            self.from_port = from_port
+            self.to_port = to_port
 
     def __eq__(self, other):
-        return self.unique_representation == other.unique_representation
+        if self.ip_protocol != other.ip_protocol:
+            return False
+        if self.ip_ranges != other.ip_ranges:
+            return False
+        if self.source_groups != other.source_groups:
+            return False
+        if self.ip_protocol != "-1":
+            if self.from_port != other.from_port:
+                return False
+            if self.to_port != other.to_port:
+                return False
+
+        return True
 
 
 class SecurityGroup(TaggedEC2Resource):
@@ -1670,7 +1674,7 @@ class SecurityGroup(TaggedEC2Resource):
         self.name = name
         self.description = description
         self.ingress_rules = []
-        self.egress_rules = [SecurityRule(-1, None, None, ["0.0.0.0/0"], [])]
+        self.egress_rules = [SecurityRule("-1", None, None, ["0.0.0.0/0"], [])]
         self.enis = {}
         self.vpc_id = vpc_id
         self.owner_id = OWNER_ID
diff --git a/tests/test_ec2/test_security_groups.py b/tests/test_ec2/test_security_groups.py
index d872bdf87..bb9c8f52a 100644
--- a/tests/test_ec2/test_security_groups.py
+++ b/tests/test_ec2/test_security_groups.py
@@ -833,3 +833,33 @@ def test_get_all_security_groups_filter_with_same_vpc_id():
     cm.exception.code.should.equal("InvalidGroup.NotFound")
     cm.exception.status.should.equal(400)
     cm.exception.request_id.should_not.be.none
+
+
+@mock_ec2
+def test_revoke_security_group_egress():
+    ec2 = boto3.resource("ec2", "us-east-1")
+    sg = ec2.create_security_group(Description="Test SG", GroupName="test-sg")
+
+    sg.ip_permissions_egress.should.equal(
+        [
+            {
+                "IpProtocol": "-1",
+                "IpRanges": [{"CidrIp": "0.0.0.0/0"}],
+                "UserIdGroupPairs": [],
+            }
+        ]
+    )
+
+    sg.revoke_egress(
+        IpPermissions=[
+            {
+                "FromPort": 0,
+                "IpProtocol": "-1",
+                "IpRanges": [{"CidrIp": "0.0.0.0/0"},],
+                "ToPort": 123,
+            },
+        ]
+    )
+
+    sg.reload()
+    sg.ip_permissions_egress.should.have.length_of(0)