Skip to content
This repository has been archived by the owner on Jan 20, 2019. It is now read-only.

Fix authorize security group ingress #43

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fix authorize security group ingress #43

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 20 additions & 18 deletions lib/AWS/EC2/security_groups.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ def delete_security_group( options = {} )
# @option options [optional, Integer] :to_port (nil) Required when authorizing CIDR IP permission
# @option options [optional, String] :cidr_ip (nil) Required when authorizing CIDR IP permission
# @option options [optional, String] :source_security_group_name (nil) Required when authorizing user group pair permissions
# @option options [optional, String] :source_security_group_owner_id (nil) Required when authorizing user group pair permissions
# @option options [optional, String] :source_security_group_user_id (nil) Required when authorizing user group pair permissions
#
def authorize_security_group_ingress( options = {} )
options = { :group_name => nil,
Expand All @@ -89,20 +89,21 @@ def authorize_security_group_ingress( options = {} )
:to_port => nil,
:cidr_ip => nil,
:source_security_group_name => nil,
:source_security_group_owner_id => nil }.merge(options)
:source_security_group_user_id => nil }.merge(options)

# lets not validate the rest of the possible permutations of required params and instead let
# EC2 sort it out on the server side. We'll only require :group_name as that is always needed.
raise ArgumentError, "No :group_name provided" if options[:group_name].nil? || options[:group_name].empty?

params = { "GroupName" => options[:group_name],
"IpProtocol" => options[:ip_protocol],
"FromPort" => options[:from_port].to_s,
"ToPort" => options[:to_port].to_s,
"CidrIp" => options[:cidr_ip],
"SourceSecurityGroupName" => options[:source_security_group_name],
"SourceSecurityGroupOwnerId" => options[:source_security_group_owner_id]
}
"IpPermissions.1.IpProtocol" => options[:ip_protocol],
"IpPermissions.1.FromPort" => options[:from_port].to_s,
"IpPermissions.1.ToPort" => options[:to_port].to_s,
"IpPermissions.1.IpRanges.1" => options[:cidr_ip],
"IpPermissions.1.Groups.1.GroupName" => options[:source_security_group_name],
"IpPermissions.1.Groups.1.UserId" => options[:source_security_group_user_id]
}

return response_generator(:action => "AuthorizeSecurityGroupIngress", :params => params)
end

Expand Down Expand Up @@ -131,7 +132,7 @@ def authorize_security_group_ingress( options = {} )
# @option options [optional, Integer] :to_port (nil) Required when revoking CIDR IP permission
# @option options [optional, String] :cidr_ip (nil) Required when revoking CIDR IP permission
# @option options [optional, String] :source_security_group_name (nil) Required when revoking user group pair permissions
# @option options [optional, String] :source_security_group_owner_id (nil) Required when revoking user group pair permissions
# @option options [optional, String] :source_security_group_user_id (nil) Required when revoking user group pair permissions
#
def revoke_security_group_ingress( options = {} )
options = { :group_name => nil,
Expand All @@ -140,20 +141,21 @@ def revoke_security_group_ingress( options = {} )
:to_port => nil,
:cidr_ip => nil,
:source_security_group_name => nil,
:source_security_group_owner_id => nil }.merge(options)
:source_security_group_user_id => nil }.merge(options)

# lets not validate the rest of the possible permutations of required params and instead let
# EC2 sort it out on the server side. We'll only require :group_name as that is always needed.
raise ArgumentError, "No :group_name provided" if options[:group_name].nil? || options[:group_name].empty?

params = { "GroupName" => options[:group_name],
"IpProtocol" => options[:ip_protocol],
"FromPort" => options[:from_port].to_s,
"ToPort" => options[:to_port].to_s,
"CidrIp" => options[:cidr_ip],
"SourceSecurityGroupName" => options[:source_security_group_name],
"SourceSecurityGroupOwnerId" => options[:source_security_group_owner_id]
}
"IpPermissions.1.IpProtocol" => options[:ip_protocol],
"IpPermissions.1.FromPort" => options[:from_port].to_s,
"IpPermissions.1.ToPort" => options[:to_port].to_s,
"IpPermissions.1.IpRanges.1" => options[:cidr_ip],
"IpPermissions.1.Groups.1.GroupName" => options[:source_security_group_name],
"IpPermissions.1.Groups.1.UserId" => options[:source_security_group_user_id]
}

return response_generator(:action => "RevokeSecurityGroupIngress", :params => params)
end

Expand Down
46 changes: 24 additions & 22 deletions test/test_EC2_security_groups.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -162,13 +162,14 @@


specify "permissions should be able to be added to a security group with authorize_security_group_ingress." do
@ec2.stubs(:make_request).with('AuthorizeSecurityGroupIngress', { "GroupName"=>"WebServers",
"IpProtocol"=>"tcp",
"FromPort"=>"8000",
"ToPort"=>"80",
"CidrIp"=>"0.0.0.0/24",
"SourceSecurityGroupName"=>"Source SG Name",
"SourceSecurityGroupOwnerId"=>"123"}).
@ec2.stubs(:make_request).with('AuthorizeSecurityGroupIngress',
{ "GroupName" => "WebServers",
"IpPermissions.1.IpProtocol" => "tcp",
"IpPermissions.1.FromPort" => "8000",
"IpPermissions.1.ToPort" => "80",
"IpPermissions.1.IpRanges.1" => "0.0.0.0/24",
"IpPermissions.1.Groups.1.GroupName" => "Source SG Name",
"IpPermissions.1.Groups.1.UserId" => "123"}).
returns stub(:body => @authorize_security_group_ingress_response_body, :is_a? => true)

@ec2.authorize_security_group_ingress( :group_name => "WebServers",
Expand All @@ -177,29 +178,30 @@
:to_port => "80",
:cidr_ip => "0.0.0.0/24",
:source_security_group_name => "Source SG Name",
:source_security_group_owner_id => "123"
:source_security_group_user_id => "123"
).should.be.an.instance_of Hash
end


specify "permissions should be able to be revoked from a security group with revoke_security_group_ingress." do
@ec2.stubs(:make_request).with('RevokeSecurityGroupIngress', { "GroupName"=>"WebServers",
"IpProtocol"=>"tcp",
"FromPort"=>"8000",
"ToPort"=>"80",
"CidrIp"=>"0.0.0.0/24",
"SourceSecurityGroupName"=>"Source SG Name",
"SourceSecurityGroupOwnerId"=>"123"}).
@ec2.stubs(:make_request).with('RevokeSecurityGroupIngress',
{ "GroupName" => "WebServers",
"IpPermissions.1.IpProtocol" => "tcp",
"IpPermissions.1.FromPort" => "8000",
"IpPermissions.1.ToPort" => "80",
"IpPermissions.1.IpRanges.1" => "0.0.0.0/24",
"IpPermissions.1.Groups.1.GroupName" => "Source SG Name",
"IpPermissions.1.Groups.1.UserId" => "123"}).
returns stub(:body => @revoke_security_group_ingress_response_body, :is_a? => true)

@ec2.revoke_security_group_ingress( :group_name => "WebServers",
:ip_protocol => "tcp",
:from_port => "8000",
:to_port => "80",
:cidr_ip => "0.0.0.0/24",
:source_security_group_name => "Source SG Name",
:source_security_group_owner_id => "123"
).should.be.an.instance_of Hash
:ip_protocol => "tcp",
:from_port => "8000",
:to_port => "80",
:cidr_ip => "0.0.0.0/24",
:source_security_group_name => "Source SG Name",
:source_security_group_user_id => "123"
).should.be.an.instance_of Hash
end

end