From ec934bdcf65791045e731ad0fbc8da3bd0e01570 Mon Sep 17 00:00:00 2001 From: Dylan Egan Date: Mon, 22 Aug 2011 13:50:18 -0700 Subject: [PATCH 1/4] [compute|aws] Suffix with _tests.rb. --- .../models/aws/{security_groups.rb => security_groups_tests.rb} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename tests/compute/models/aws/{security_groups.rb => security_groups_tests.rb} (100%) diff --git a/tests/compute/models/aws/security_groups.rb b/tests/compute/models/aws/security_groups_tests.rb similarity index 100% rename from tests/compute/models/aws/security_groups.rb rename to tests/compute/models/aws/security_groups_tests.rb From fd708c6a709600f9bc2ab99d71f2dd016fe4fc57 Mon Sep 17 00:00:00 2001 From: Dylan Egan Date: Mon, 22 Aug 2011 13:50:18 -0700 Subject: [PATCH 2/4] [compute|aws] IpPermissionsEgress is returned from AWS. --- tests/compute/requests/aws/security_group_tests.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/compute/requests/aws/security_group_tests.rb b/tests/compute/requests/aws/security_group_tests.rb index 584adaeef..628f889e7 100644 --- a/tests/compute/requests/aws/security_group_tests.rb +++ b/tests/compute/requests/aws/security_group_tests.rb @@ -12,6 +12,7 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do 'ipRanges' => [], 'toPort' => Integer, }], + 'ipPermissionsEgress' => [], 'ownerId' => String }] } From 7829bb73aada96bbe28ab65c68231c5a27ff3454 Mon Sep 17 00:00:00 2001 From: Dylan Egan Date: Tue, 23 Aug 2011 11:47:30 -0700 Subject: [PATCH 3/4] [compute|aws] Simple test to verify revoke_group_and_owner behaviour. --- tests/compute/models/aws/security_group_tests.rb | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/tests/compute/models/aws/security_group_tests.rb b/tests/compute/models/aws/security_group_tests.rb index a2707813c..ac7ce4e25 100644 --- a/tests/compute/models/aws/security_group_tests.rb +++ b/tests/compute/models/aws/security_group_tests.rb @@ -12,6 +12,21 @@ Shindo.tests("Fog::Compute[:aws] | security_group", ['aws']) do @group.description == " fog group desc " end + @other_group = Fog::Compute[:aws].security_groups.create(:name => 'other group', :description => 'another group') + + test("authorize access by another security group") do + @group.authorize_group_and_owner(@other_group.name, @other_group.owner_id) + @group.reload + @group.ip_permissions.size == 3 + end + + test("revoke access from another security group") do + @group.revoke_group_and_owner(@other_group.name, @other_group.owner_id) + @group.reload + @group.ip_permissions.size == 0 + end + + @other_group.destroy @group.destroy end end From 1755190ca4d84a3b4521e7ed39a94fc3f27c7b5f Mon Sep 17 00:00:00 2001 From: Dylan Egan Date: Tue, 23 Aug 2011 12:09:55 -0700 Subject: [PATCH 4/4] [compute|aws] Apparently passing a nil value works against live AWS. Only use SourceSecurityGroupOwnerId in mocks if supplied. --- .../requests/aws/authorize_security_group_ingress.rb | 6 +++--- .../requests/aws/revoke_security_group_ingress.rb | 12 ++++++++---- tests/compute/models/aws/security_group_tests.rb | 2 +- 3 files changed, 12 insertions(+), 8 deletions(-) diff --git a/lib/fog/compute/requests/aws/authorize_security_group_ingress.rb b/lib/fog/compute/requests/aws/authorize_security_group_ingress.rb index 472a2e0e4..10cbef2b6 100644 --- a/lib/fog/compute/requests/aws/authorize_security_group_ingress.rb +++ b/lib/fog/compute/requests/aws/authorize_security_group_ingress.rb @@ -62,10 +62,10 @@ module Fog if group group['ipPermissions'] ||= [] - if group_name && options['SourceSecurityGroupName'] && options['SourceSecurityGroupOwnerId'] + if group_name && source_group_name = options['SourceSecurityGroupName'] ['tcp', 'udp'].each do |protocol| group['ipPermissions'] << { - 'groups' => [{'groupName' => group_name, 'userId' => self.data[:owner_id]}], + 'groups' => [{'groupName' => source_group_name, 'userId' => (options['SourceSecurityGroupOwnerId'] || self.data[:owner_id]) }], 'fromPort' => 1, 'ipRanges' => [], 'ipProtocol' => protocol, @@ -73,7 +73,7 @@ module Fog } end group['ipPermissions'] << { - 'groups' => [{'groupName' => group_name, 'userId' => self.data[:owner_id]}], + 'groups' => [{'groupName' => source_group_name, 'userId' => (options['SourceSecurityGroupOwnerId'] || self.data[:owner_id]) }], 'fromPort' => -1, 'ipRanges' => [], 'ipProtocol' => 'icmp', diff --git a/lib/fog/compute/requests/aws/revoke_security_group_ingress.rb b/lib/fog/compute/requests/aws/revoke_security_group_ingress.rb index 8b4a6bf66..40ab76518 100644 --- a/lib/fog/compute/requests/aws/revoke_security_group_ingress.rb +++ b/lib/fog/compute/requests/aws/revoke_security_group_ingress.rb @@ -58,10 +58,14 @@ module Fog response = Excon::Response.new group = self.data[:security_groups][group_name] if group - if options['SourceSecurityGroupName'] && options['SourceSecurityGroupOwnerId'] - group['ipPermissions'].delete_if {|permission| - permission['groups'].first['groupName'] == group_name - } + if source_group_name = options['SourceSecurityGroupName'] + group['ipPermissions'].delete_if do |permission| + if source_owner_id = options['SourceSecurityGroupOwnerId'] + permission['groups'].first['groupName'] == source_group_name && permission['groups'].first['userId'] == source_owner_id + else + permission['groups'].first['groupName'] == source_group_name + end + end else ingress = group['ipPermissions'].select {|permission| permission['fromPort'] == options['FromPort'] && diff --git a/tests/compute/models/aws/security_group_tests.rb b/tests/compute/models/aws/security_group_tests.rb index ac7ce4e25..add4a4eda 100644 --- a/tests/compute/models/aws/security_group_tests.rb +++ b/tests/compute/models/aws/security_group_tests.rb @@ -23,7 +23,7 @@ Shindo.tests("Fog::Compute[:aws] | security_group", ['aws']) do test("revoke access from another security group") do @group.revoke_group_and_owner(@other_group.name, @other_group.owner_id) @group.reload - @group.ip_permissions.size == 0 + @group.ip_permissions.empty? end @other_group.destroy