Throw exception if same security group rule added twice. Closes #737.
This commit is contained in:
		
							parent
							
								
									6ac8c2b4da
								
							
						
					
					
						commit
						a292150087
					
				| @ -1255,6 +1255,15 @@ class SecurityGroup(TaggedEC2Resource): | |||||||
|             return self.id |             return self.id | ||||||
|         raise UnformattedGetAttTemplateException() |         raise UnformattedGetAttTemplateException() | ||||||
| 
 | 
 | ||||||
|  |     def add_ingress_rule(self, rule): | ||||||
|  |         if rule in self.ingress_rules: | ||||||
|  |             raise InvalidParameterValueError('security_group') | ||||||
|  |         else: | ||||||
|  |             self.ingress_rules.append(rule) | ||||||
|  | 
 | ||||||
|  |     def add_egress_rule(self, rule): | ||||||
|  |         self.egress_rules.append(rule) | ||||||
|  | 
 | ||||||
| 
 | 
 | ||||||
| class SecurityGroupBackend(object): | class SecurityGroupBackend(object): | ||||||
| 
 | 
 | ||||||
| @ -1367,7 +1376,7 @@ class SecurityGroupBackend(object): | |||||||
|                 source_groups.append(source_group) |                 source_groups.append(source_group) | ||||||
| 
 | 
 | ||||||
|         security_rule = SecurityRule(ip_protocol, from_port, to_port, ip_ranges, source_groups) |         security_rule = SecurityRule(ip_protocol, from_port, to_port, ip_ranges, source_groups) | ||||||
|         group.ingress_rules.append(security_rule) |         group.add_ingress_rule(security_rule) | ||||||
| 
 | 
 | ||||||
|     def revoke_security_group_ingress(self, |     def revoke_security_group_ingress(self, | ||||||
|                                       group_name_or_id, |                                       group_name_or_id, | ||||||
| @ -1432,7 +1441,7 @@ class SecurityGroupBackend(object): | |||||||
|                 source_groups.append(source_group) |                 source_groups.append(source_group) | ||||||
| 
 | 
 | ||||||
|         security_rule = SecurityRule(ip_protocol, from_port, to_port, ip_ranges, source_groups) |         security_rule = SecurityRule(ip_protocol, from_port, to_port, ip_ranges, source_groups) | ||||||
|         group.egress_rules.append(security_rule) |         group.add_egress_rule(security_rule) | ||||||
| 
 | 
 | ||||||
|     def revoke_security_group_egress(self, |     def revoke_security_group_egress(self, | ||||||
|                                      group_name_or_id, |                                      group_name_or_id, | ||||||
|  | |||||||
| @ -8,6 +8,7 @@ from nose.tools import assert_raises | |||||||
| 
 | 
 | ||||||
| import boto3 | import boto3 | ||||||
| import boto | import boto | ||||||
|  | from botocore.exceptions import ClientError | ||||||
| from boto.exception import EC2ResponseError, JSONResponseError | from boto.exception import EC2ResponseError, JSONResponseError | ||||||
| import sure  # noqa | import sure  # noqa | ||||||
| 
 | 
 | ||||||
| @ -382,6 +383,26 @@ def test_authorize_all_protocols_with_no_port_specification(): | |||||||
| Boto3 | Boto3 | ||||||
| ''' | ''' | ||||||
| 
 | 
 | ||||||
|  | @mock_ec2 | ||||||
|  | def test_add_same_rule_twice_throws_error(): | ||||||
|  |     ec2 = boto3.resource('ec2', region_name='us-west-1') | ||||||
|  | 
 | ||||||
|  |     vpc = ec2.create_vpc(CidrBlock='10.0.0.0/16') | ||||||
|  |     sg = ec2.create_security_group(GroupName='sg1', Description='Test security group sg1', VpcId=vpc.id) | ||||||
|  | 
 | ||||||
|  |     ip_permissions = [ | ||||||
|  |         { | ||||||
|  |             'IpProtocol': 'tcp', | ||||||
|  |             'FromPort': 27017, | ||||||
|  |             'ToPort': 27017, | ||||||
|  |             'IpRanges': [{"CidrIp": "1.2.3.4/32"}] | ||||||
|  |         }, | ||||||
|  |     ] | ||||||
|  |     sg.authorize_ingress(IpPermissions=ip_permissions) | ||||||
|  | 
 | ||||||
|  |     with assert_raises(ClientError) as ex: | ||||||
|  |         sg.authorize_ingress(IpPermissions=ip_permissions) | ||||||
|  | 
 | ||||||
| 
 | 
 | ||||||
| @mock_ec2 | @mock_ec2 | ||||||
| def test_security_group_tagging_boto3(): | def test_security_group_tagging_boto3(): | ||||||
| @ -423,8 +444,8 @@ def test_authorize_and_revoke_in_bulk(): | |||||||
|         }, |         }, | ||||||
|         { |         { | ||||||
|             'IpProtocol': 'tcp', |             'IpProtocol': 'tcp', | ||||||
|             'FromPort': 27017, |             'FromPort': 27018, | ||||||
|             'ToPort': 27017, |             'ToPort': 27018, | ||||||
|             'UserIdGroupPairs': [{'GroupId': sg02.id, 'UserId': sg02.owner_id}], |             'UserIdGroupPairs': [{'GroupId': sg02.id, 'UserId': sg02.owner_id}], | ||||||
|             'IpRanges': [] |             'IpRanges': [] | ||||||
|         }, |         }, | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user