Fix security group ingress authorization for all protocols with no port spec

2016-04-26 10:53:18 +02:00 · 2016-04-26 10:53:18 +02:00 · b32fbf090a
commit b32fbf090a
parent ecbb714757
2 changed files with 17 additions and 0 deletions
--- a/moto/ec2/responses/security_groups.py
+++ b/moto/ec2/responses/security_groups.py
@ -111,8 +111,12 @@ DESCRIBE_SECURITY_GROUPS_RESPONSE = """<DescribeSecurityGroupsResponse xmlns="ht
               {% for rule in group.ingress_rules %}
                    <item>
                       <ipProtocol>{{ rule.ip_protocol }}</ipProtocol>
+                       {% if rule.from_port %}
                       <fromPort>{{ rule.from_port }}</fromPort>
+                       {% endif %}
+                       {% if rule.to_port %}
                       <toPort>{{ rule.to_port }}</toPort>
+                       {% endif %}
                       <groups>
                          {% for source_group in rule.source_groups %}
                              <item>
--- a/tests/test_ec2/test_security_groups.py
+++ b/tests/test_ec2/test_security_groups.py
@ -313,3 +313,16 @@ def test_security_group_tag_filtering():

    groups = conn.get_all_security_groups(filters={"tag:test-tag": "test-value"})
    groups.should.have.length_of(1)
+
+
+@mock_ec2
+def test_authorize_all_protocols_with_no_port_specification():
+    conn = boto.connect_ec2()
+    sg = conn.create_security_group('test', 'test')
+
+    success = sg.authorize(ip_protocol='-1', cidr_ip='0.0.0.0/0')
+    success.should.be.true
+
+    sg = conn.get_all_security_groups('test')[0]
+    sg.rules[0].from_port.should.equal(None)
+    sg.rules[0].to_port.should.equal(None)