Yasuke/moto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

EC2: Fix egress rules used in ingress revoke method (#6180)

Browse Source
This commit is contained in:
Josh Kropf 2023-04-06 14:59:18 -04:00 committed by GitHub
parent bbb07b4e7e
commit dc460a3258
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 50 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
moto/ec2/models/security_groups.py
View File

@ -733,7 +733,7 @@ class SecurityGroupBackend:
if security_rule_ids:
group.ingress_rules = [
rule for rule in group.egress_rules if rule.id not in security_rule_ids
rule for rule in group.ingress_rules if rule.id not in security_rule_ids
]
return

49
tests/test_ec2/test_security_groups.py
View File

@ -1820,3 +1820,52 @@ def test_filter_group_name():
security_groups = list(security_groups)
assert len(security_groups) == 1
assert security_groups[0].group_name == sg1.group_name
@mock_ec2
def test_revoke_security_group_ingress():
ec2 = boto3.client("ec2", region_name="us-east-1")
vpc = ec2.create_vpc(CidrBlock="10.0.0.0/16")
sg = ec2.create_security_group(
Description="Test SG", GroupName=str(uuid4()), VpcId=vpc["Vpc"]["VpcId"]
)
sg_id = sg["GroupId"]
ec2.authorize_security_group_ingress(
GroupId=sg_id,
IpPermissions=[
{
"FromPort": 3000,
"ToPort": 3300,
"IpProtocol": "TCP",
"IpRanges": [{"CidrIp": "10.0.0.1/32"}],
},
{
"FromPort": 8080,
"ToPort": 8080,
"IpProtocol": "TCP",
"IpRanges": [{"CidrIp": "10.0.0.1/32"}],
},
],
)
response = ec2.describe_security_group_rules(
Filters=[{"Name": "group-id", "Values": [sg_id]}]
)
ingress_rules = [r for r in response["SecurityGroupRules"] if not r["IsEgress"]]
assert len(ingress_rules) == 2
# revoke 1 of the 2 ingress rules
ec2.revoke_security_group_ingress(
GroupId=sg_id, SecurityGroupRuleIds=[ingress_rules[0]["SecurityGroupRuleId"]]
)
response = ec2.describe_security_group_rules(
Filters=[{"Name": "group-id", "Values": [sg_id]}]
)
ingress_rules = [r for r in response["SecurityGroupRules"] if not r["IsEgress"]]
assert len(ingress_rules) == 1