EC2: Fix egress rules used in ingress revoke method (#6180)

2023-04-06 14:59:18 -04:00 · 2023-04-06 14:59:18 -04:00 · dc460a3258
commit dc460a3258
parent bbb07b4e7e
2 changed files with 50 additions and 1 deletions
--- a/moto/ec2/models/security_groups.py
+++ b/moto/ec2/models/security_groups.py
@ -733,7 +733,7 @@ class SecurityGroupBackend:
        if security_rule_ids:
            group.ingress_rules = [
-                rule for rule in group.egress_rules if rule.id not in security_rule_ids
+                rule for rule in group.ingress_rules if rule.id not in security_rule_ids
            ]
            return
--- a/tests/test_ec2/test_security_groups.py
+++ b/tests/test_ec2/test_security_groups.py
@ -1820,3 +1820,52 @@ def test_filter_group_name():
    security_groups = list(security_groups)
    assert len(security_groups) == 1
    assert security_groups[0].group_name == sg1.group_name
@mock_ec2
 def test_revoke_security_group_ingress():
    ec2 = boto3.client("ec2", region_name="us-east-1")
    vpc = ec2.create_vpc(CidrBlock="10.0.0.0/16")
    sg = ec2.create_security_group(
        Description="Test SG", GroupName=str(uuid4()), VpcId=vpc["Vpc"]["VpcId"]
    )
    sg_id = sg["GroupId"]
    ec2.authorize_security_group_ingress(
        GroupId=sg_id,
        IpPermissions=[
            {
                "FromPort": 3000,
                "ToPort": 3300,
                "IpProtocol": "TCP",
                "IpRanges": [{"CidrIp": "10.0.0.1/32"}],
            },
            {
                "FromPort": 8080,
                "ToPort": 8080,
                "IpProtocol": "TCP",
                "IpRanges": [{"CidrIp": "10.0.0.1/32"}],
            },
        ],
    )
    response = ec2.describe_security_group_rules(
        Filters=[{"Name": "group-id", "Values": [sg_id]}]
    )
    ingress_rules = [r for r in response["SecurityGroupRules"] if not r["IsEgress"]]
    assert len(ingress_rules) == 2
    # revoke 1 of the 2 ingress rules
    ec2.revoke_security_group_ingress(
        GroupId=sg_id, SecurityGroupRuleIds=[ingress_rules[0]["SecurityGroupRuleId"]]
    )
    response = ec2.describe_security_group_rules(
        Filters=[{"Name": "group-id", "Values": [sg_id]}]
    )
    ingress_rules = [r for r in response["SecurityGroupRules"] if not r["IsEgress"]]
    assert len(ingress_rules) == 1