Merge pull request #2596 from gruebel/fix-ec2-revoke-security-group-egress

Fix ec2.revoke_security_group_egress for IpProtocol -1
2019-12-09 14:06:09 -08:00 · 2019-12-09 14:06:09 -08:00 · b2264feac5
commit b2264feac5
parent 76aaa2df0f 5895231b5c
2 changed files with 47 additions and 13 deletions
--- a/moto/ec2/models.py
+++ b/moto/ec2/models.py
@ -1644,23 +1644,27 @@ class RegionsAndZonesBackend(object):
 class SecurityRule(object):
    def __init__(self, ip_protocol, from_port, to_port, ip_ranges, source_groups):
        self.ip_protocol = ip_protocol
-        self.from_port = from_port
-        self.to_port = to_port
        self.ip_ranges = ip_ranges or []
        self.source_groups = source_groups

-    @property
-    def unique_representation(self):
-        return "{0}-{1}-{2}-{3}-{4}".format(
-            self.ip_protocol,
-            self.from_port,
-            self.to_port,
-            self.ip_ranges,
-            self.source_groups,
-        )
+        if ip_protocol != "-1":
+            self.from_port = from_port
+            self.to_port = to_port

    def __eq__(self, other):
-        return self.unique_representation == other.unique_representation
+        if self.ip_protocol != other.ip_protocol:
+            return False
+        if self.ip_ranges != other.ip_ranges:
+            return False
+        if self.source_groups != other.source_groups:
+            return False
+        if self.ip_protocol != "-1":
+            if self.from_port != other.from_port:
+                return False
+            if self.to_port != other.to_port:
+                return False
+
+        return True


 class SecurityGroup(TaggedEC2Resource):
@ -1670,7 +1674,7 @@ class SecurityGroup(TaggedEC2Resource):
        self.name = name
        self.description = description
        self.ingress_rules = []
-        self.egress_rules = [SecurityRule(-1, None, None, ["0.0.0.0/0"], [])]
+        self.egress_rules = [SecurityRule("-1", None, None, ["0.0.0.0/0"], [])]
        self.enis = {}
        self.vpc_id = vpc_id
        self.owner_id = OWNER_ID
--- a/tests/test_ec2/test_security_groups.py
+++ b/tests/test_ec2/test_security_groups.py
@ -833,3 +833,33 @@ def test_get_all_security_groups_filter_with_same_vpc_id():
    cm.exception.code.should.equal("InvalidGroup.NotFound")
    cm.exception.status.should.equal(400)
    cm.exception.request_id.should_not.be.none
+
+
+@mock_ec2
+def test_revoke_security_group_egress():
+    ec2 = boto3.resource("ec2", "us-east-1")
+    sg = ec2.create_security_group(Description="Test SG", GroupName="test-sg")
+
+    sg.ip_permissions_egress.should.equal(
+        [
+            {
+                "IpProtocol": "-1",
+                "IpRanges": [{"CidrIp": "0.0.0.0/0"}],
+                "UserIdGroupPairs": [],
+            }
+        ]
+    )
+
+    sg.revoke_egress(
+        IpPermissions=[
+            {
+                "FromPort": 0,
+                "IpProtocol": "-1",
+                "IpRanges": [{"CidrIp": "0.0.0.0/0"},],
+                "ToPort": 123,
+            },
+        ]
+    )
+
+    sg.reload()
+    sg.ip_permissions_egress.should.have.length_of(0)