diff --git a/lib/fog/aws/requests/compute/authorize_security_group_ingress.rb b/lib/fog/aws/requests/compute/authorize_security_group_ingress.rb index 4360510ea..8bba7f473 100644 --- a/lib/fog/aws/requests/compute/authorize_security_group_ingress.rb +++ b/lib/fog/aws/requests/compute/authorize_security_group_ingress.rb @@ -89,12 +89,12 @@ module Fog group_name = self.data[:security_groups].reject { |k,v| v['groupId'] != options['GroupId'] } .keys.first end - verify_permission_options(options) - response = Excon::Response.new group = self.data[:security_groups][group_name] if group + verify_permission_options(options, group['vpcId'] != nil) + normalized_permissions = normalize_permissions(options) normalized_permissions.each do |permission| @@ -131,11 +131,11 @@ module Fog private - def verify_permission_options(options) + def verify_permission_options(options, is_vpc) if options.size <= 1 raise Fog::Compute::AWS::Error.new("InvalidRequest => The request received was invalid.") end - if options['IpProtocol'] && !['tcp', 'udp', 'icmp'].include?(options['IpProtocol']) + if !is_vpc && options['IpProtocol'] && !['tcp', 'udp', 'icmp'].include?(options['IpProtocol']) raise Fog::Compute::AWS::Error.new("InvalidPermission.Malformed => Unsupported IP protocol \"#{options['IpProtocol']}\" - supported: [tcp, udp, icmp]") end if options['IpProtocol'] && (!options['FromPort'] || !options['ToPort']) @@ -145,7 +145,7 @@ module Fog if !options['IpPermissions'].is_a?(Array) || options['IpPermissions'].empty? raise Fog::Compute::AWS::Error.new("InvalidRequest => The request received was invalid.") end - options['IpPermissions'].each {|p| verify_permission_options(p) } + options['IpPermissions'].each {|p| verify_permission_options(p, is_vpc) } end end diff --git a/lib/fog/aws/requests/compute/revoke_security_group_ingress.rb b/lib/fog/aws/requests/compute/revoke_security_group_ingress.rb index 9e12fbafa..957a2dd77 100644 --- a/lib/fog/aws/requests/compute/revoke_security_group_ingress.rb +++ b/lib/fog/aws/requests/compute/revoke_security_group_ingress.rb @@ -66,12 +66,12 @@ module Fog group_name = self.data[:security_groups].reject { |k,v| v['groupId'] != options['GroupId'] } .keys.first end - verify_permission_options(options) - response = Excon::Response.new group = self.data[:security_groups][group_name] if group + verify_permission_options(options, group['vpcId'] != nil) + normalized_permissions = normalize_permissions(options) normalized_permissions.each do |permission| diff --git a/tests/aws/requests/compute/security_group_tests.rb b/tests/aws/requests/compute/security_group_tests.rb index 481d1e2cf..20270d2a8 100644 --- a/tests/aws/requests/compute/security_group_tests.rb +++ b/tests/aws/requests/compute/security_group_tests.rb @@ -271,11 +271,11 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do group_id = Fog::Compute[:aws].describe_security_groups('group-name' => 'vpc_security_group').body['securityGroupInfo'].first['groupId'] # Access group with name in options array - permission = { 'IpProtocol' => 'tcp', 'FromPort' => '22', 'ToPort' => '22', 'CidrIp' => '10.0.0.0/8' } + permission = { 'IpProtocol' => '42', 'FromPort' => '22', 'ToPort' => '22', 'CidrIp' => '10.0.0.0/8' } expected_permissions = [ {"groups"=>[], "ipRanges"=>[{"cidrIp"=>"10.0.0.0/8"}], - "ipProtocol"=>"tcp", + "ipProtocol"=>"42", "fromPort"=>22, "toPort"=>22} ]