From 6c9bba2ca1813e3ff8336b594058115df009486d Mon Sep 17 00:00:00 2001 From: Steve Pulec Date: Sat, 14 Mar 2015 18:50:41 -0400 Subject: [PATCH] Cleanup EC2 classic default security group. --- moto/ec2/models.py | 9 +++--- .../test_cloudformation_stack_integration.py | 9 ++---- tests/test_ec2/test_security_groups.py | 32 ++++++++++++------- tests/test_ec2/test_vpcs.py | 4 +-- 4 files changed, 29 insertions(+), 25 deletions(-) diff --git a/moto/ec2/models.py b/moto/ec2/models.py index c5d3c256c..940c412e7 100644 --- a/moto/ec2/models.py +++ b/moto/ec2/models.py @@ -1149,6 +1149,10 @@ class SecurityGroupBackend(object): def __init__(self): # the key in the dict group is the vpc_id or None (non-vpc) self.groups = defaultdict(dict) + + # Create the default security group + self.create_security_group("default", "The default security group") + super(SecurityGroupBackend, self).__init__() def create_security_group(self, name, description, vpc_id=None, force=False): @@ -1212,11 +1216,6 @@ class SecurityGroupBackend(object): if group.name == name: return group - if name == 'default': - # If the request is for the default group and it does not exist, create it - default_group = self.create_security_group("default", "The default security group", vpc_id=vpc_id, force=True) - return default_group - def get_security_group_by_name_or_id(self, group_name_or_id, vpc_id): # try searching by id, fallbacks to name search group = self.get_security_group_from_id(group_name_or_id) diff --git a/tests/test_cloudformation/test_cloudformation_stack_integration.py b/tests/test_cloudformation/test_cloudformation_stack_integration.py index 0ca96db20..e73197361 100644 --- a/tests/test_cloudformation/test_cloudformation_stack_integration.py +++ b/tests/test_cloudformation/test_cloudformation_stack_integration.py @@ -207,12 +207,8 @@ def test_stack_security_groups(): ) ec2_conn = boto.ec2.connect_to_region("us-west-1") - security_groups = ec2_conn.get_all_security_groups() - for group in security_groups: - if "InstanceSecurityGroup" in group.name: - instance_group = group - else: - other_group = group + instance_group = ec2_conn.get_all_security_groups(filters={'description': ['My security group']})[0] + other_group = ec2_conn.get_all_security_groups(filters={'description': ['My other group']})[0] reservation = ec2_conn.get_all_instances()[0] ec2_instance = reservation.instances[0] @@ -1078,7 +1074,6 @@ def test_security_group_ingress_separate_from_security_group_by_id(): security_group1.rules[0].to_port.should.equal('8080') - @mock_cloudformation @mock_ec2 def test_security_group_ingress_separate_from_security_group_by_id(): diff --git a/tests/test_ec2/test_security_groups.py b/tests/test_ec2/test_security_groups.py index e555bd694..b39ffac70 100644 --- a/tests/test_ec2/test_security_groups.py +++ b/tests/test_ec2/test_security_groups.py @@ -26,8 +26,9 @@ def test_create_and_describe_security_group(): cm.exception.request_id.should_not.be.none all_groups = conn.get_all_security_groups() - all_groups.should.have.length_of(1) - all_groups[0].name.should.equal('test security group') + all_groups.should.have.length_of(2) # The default group gets created automatically + group_names = [group.name for group in all_groups] + set(group_names).should.equal(set(["default", "test security group"])) @mock_ec2 @@ -41,6 +42,14 @@ def test_create_security_group_without_description_raises_error(): cm.exception.request_id.should_not.be.none +@mock_ec2 +def test_default_security_group(): + conn = boto.ec2.connect_to_region('us-east-1') + groups = conn.get_all_security_groups() + groups.should.have.length_of(1) + groups[0].name.should.equal("default") + + @mock_ec2 def test_create_and_describe_vpc_security_group(): conn = boto.connect_ec2('the_key', 'the_secret') @@ -59,7 +68,7 @@ def test_create_and_describe_vpc_security_group(): cm.exception.status.should.equal(400) cm.exception.request_id.should_not.be.none - all_groups = conn.get_all_security_groups() + all_groups = conn.get_all_security_groups(filters={'vpc_id': [vpc_id]}) all_groups[0].vpc_id.should.equal(vpc_id) @@ -78,9 +87,10 @@ def test_create_two_security_groups_with_same_name_in_different_vpc(): all_groups = conn.get_all_security_groups() - all_groups.should.have.length_of(2) - all_groups[0].name.should.equal('test security group') - all_groups[1].name.should.equal('test security group') + all_groups.should.have.length_of(3) + group_names = [group.name for group in all_groups] + # The default group is created automatically + set(group_names).should.equal(set(["default", "test security group"])) @mock_ec2 @@ -89,7 +99,7 @@ def test_deleting_security_groups(): security_group1 = conn.create_security_group('test1', 'test1') conn.create_security_group('test2', 'test2') - conn.get_all_security_groups().should.have.length_of(2) + conn.get_all_security_groups().should.have.length_of(3) # We need to include the default security group # Deleting a group that doesn't exist should throw an error with assert_raises(EC2ResponseError) as cm: @@ -100,11 +110,11 @@ def test_deleting_security_groups(): # Delete by name conn.delete_security_group('test2') - conn.get_all_security_groups().should.have.length_of(1) + conn.get_all_security_groups().should.have.length_of(2) # Delete by group id conn.delete_security_group(group_id=security_group1.id) - conn.get_all_security_groups().should.have.length_of(0) + conn.get_all_security_groups().should.have.length_of(1) @mock_ec2 @@ -125,7 +135,7 @@ def test_authorize_ip_range_and_revoke(): success = security_group.authorize(ip_protocol="tcp", from_port="22", to_port="2222", cidr_ip="123.123.123.123/32") assert success.should.be.true - security_group = conn.get_all_security_groups()[0] + security_group = conn.get_all_security_groups(groupnames=['test'])[0] int(security_group.rules[0].to_port).should.equal(2222) security_group.rules[0].grants[0].cidr_ip.should.equal("123.123.123.123/32") @@ -220,7 +230,7 @@ def test_get_all_security_groups(): resp[0].id.should.equal(sg1.id) resp = conn.get_all_security_groups() - resp.should.have.length_of(2) + resp.should.have.length_of(3) # We need to include the default group here @mock_ec2 diff --git a/tests/test_ec2/test_vpcs.py b/tests/test_ec2/test_vpcs.py index 4fecf0974..21ebce826 100644 --- a/tests/test_ec2/test_vpcs.py +++ b/tests/test_ec2/test_vpcs.py @@ -41,13 +41,13 @@ def test_vpc_defaults(): conn.get_all_vpcs().should.have.length_of(1) conn.get_all_route_tables().should.have.length_of(1) - conn.get_all_security_groups().should.have.length_of(1) + conn.get_all_security_groups(filters={'vpc-id': [vpc.id]}).should.have.length_of(1) vpc.delete() conn.get_all_vpcs().should.have.length_of(0) conn.get_all_route_tables().should.have.length_of(0) - conn.get_all_security_groups().should.have.length_of(0) + conn.get_all_security_groups(filters={'vpc-id': [vpc.id]}).should.have.length_of(0) @mock_ec2