diff --git a/lib/fog/aws/compute.rb b/lib/fog/aws/compute.rb index 21d6046dc..bc119c665 100644 --- a/lib/fog/aws/compute.rb +++ b/lib/fog/aws/compute.rb @@ -117,6 +117,7 @@ module Fog @data ||= Hash.new do |hash, region| hash[region] = Hash.new do |region_hash, key| owner_id = Fog::AWS::Mock.owner_id + security_group_id = Fog::AWS::Mock.security_group_id region_hash[key] = { :deleted_at => {}, :addresses => {}, @@ -135,25 +136,25 @@ module Fog 'default' => { 'groupDescription' => 'default group', 'groupName' => 'default', - 'groupId' => 'sg-11223344', + 'groupId' => security_group_id, 'ipPermissionsEgress' => [], 'ipPermissions' => [ { - 'groups' => [{'groupName' => 'default', 'userId' => owner_id}], + 'groups' => [{'groupName' => 'default', 'userId' => owner_id, 'groupId' => security_group_id }], 'fromPort' => -1, 'toPort' => -1, 'ipProtocol' => 'icmp', 'ipRanges' => [] }, { - 'groups' => [{'groupName' => 'default', 'userId' => owner_id}], + 'groups' => [{'groupName' => 'default', 'userId' => owner_id, 'groupId' => security_group_id}], 'fromPort' => 0, 'toPort' => 65535, 'ipProtocol' => 'tcp', 'ipRanges' => [] }, { - 'groups' => [{'groupName' => 'default', 'userId' => owner_id}], + 'groups' => [{'groupName' => 'default', 'userId' => owner_id, 'groupId' => security_group_id}], 'fromPort' => 0, 'toPort' => 65535, 'ipProtocol' => 'udp', diff --git a/lib/fog/aws/models/compute/subnet.rb b/lib/fog/aws/models/compute/subnet.rb index 4f79d52dd..afe0eede8 100644 --- a/lib/fog/aws/models/compute/subnet.rb +++ b/lib/fog/aws/models/compute/subnet.rb @@ -44,7 +44,6 @@ module Fog def save requires :vpc_id, :cidr_block data = connection.create_subnet(vpc_id, cidr_block).body['subnetSet'].first - puts data new_attributes = data.reject {|key,value| key == 'requestId'} merge_attributes(new_attributes) true diff --git a/lib/fog/aws/requests/compute/authorize_security_group_ingress.rb b/lib/fog/aws/requests/compute/authorize_security_group_ingress.rb index 8bba7f473..d47acf76e 100644 --- a/lib/fog/aws/requests/compute/authorize_security_group_ingress.rb +++ b/lib/fog/aws/requests/compute/authorize_security_group_ingress.rb @@ -138,7 +138,7 @@ module Fog if !is_vpc && options['IpProtocol'] && !['tcp', 'udp', 'icmp'].include?(options['IpProtocol']) raise Fog::Compute::AWS::Error.new("InvalidPermission.Malformed => Unsupported IP protocol \"#{options['IpProtocol']}\" - supported: [tcp, udp, icmp]") end - if options['IpProtocol'] && (!options['FromPort'] || !options['ToPort']) + if !is_vpc && (options['IpProtocol'] && (!options['FromPort'] || !options['ToPort'])) raise Fog::Compute::AWS::Error.new("InvalidPermission.Malformed => TCP/UDP port (-1) out of range") end if options.has_key?('IpPermissions') @@ -151,14 +151,14 @@ module Fog def normalize_permissions(options) normalized_permissions = [] - if options['SourceSecurityGroupName'] + source_group_id=self.data[:security_groups][options['SourceSecurityGroupName']]['groupId'] ['tcp', 'udp'].each do |protocol| normalized_permissions << { 'ipProtocol' => protocol, 'fromPort' => 1, 'toPort' => 65535, - 'groups' => [{'groupName' => options['SourceSecurityGroupName'], 'userId' => options['SourceSecurityGroupOwnerId'] || self.data[:owner_id]}], + 'groups' => [{'groupName' => options['SourceSecurityGroupName'], 'userId' => options['SourceSecurityGroupOwnerId'] || self.data[:owner_id], 'groupId' => source_group_id }], 'ipRanges' => [] } end @@ -166,7 +166,7 @@ module Fog 'ipProtocol' => 'icmp', 'fromPort' => -1, 'toPort' => -1, - 'groups' => [{'groupName' => options['SourceSecurityGroupName'], 'userId' => options['SourceSecurityGroupOwnerId'] || self.data[:owner_id]}], + 'groups' => [{'groupName' => options['SourceSecurityGroupName'], 'userId' => options['SourceSecurityGroupOwnerId'] || self.data[:owner_id], 'groupId' => source_group_id }], 'ipRanges' => [] } elsif options['CidrIp'] @@ -179,13 +179,21 @@ module Fog } elsif options['IpPermissions'] options['IpPermissions'].each do |permission| - normalized_permissions << { - 'ipProtocol' => permission['IpProtocol'], - 'fromPort' => Integer(permission['FromPort']), - 'toPort' => Integer(permission['ToPort']), - 'groups' => (permission['Groups'] || []).map {|g| {'groupName' => g['GroupName'], 'userId' => g['UserId'] || self.data[:owner_id]} }, - 'ipRanges' => (permission['IpRanges'] || []).map {|r| { 'cidrIp' => r['CidrIp'] } } - } + if ['tcp', 'udp', 'icmp'].include?(permission['IpProtocol']) + normalized_permissions << { + 'ipProtocol' => permission['IpProtocol'], + 'fromPort' => Integer(permission['FromPort']), + 'toPort' => Integer(permission['ToPort']), + 'groups' => (permission['Groups'] || []).map {|g| {'groupName' => g['GroupName'], 'userId' => g['UserId'] || self.data[:owner_id], 'groupId' => self.data[:security_groups][g['GroupName']]['groupId']} }, + 'ipRanges' => (permission['IpRanges'] || []).map {|r| { 'cidrIp' => r['CidrIp'] } } + } + else + normalized_permissions << { + 'ipProtocol' => permission['IpProtocol'], + 'groups' => (permission['Groups'] || []).map {|g| {'groupName' => g['GroupName'], 'userId' => g['UserId'] || self.data[:owner_id], 'groupId' => self.data[:security_groups][g['GroupName']]['groupId']} }, + 'ipRanges' => (permission['IpRanges'] || []).map {|r| { 'cidrIp' => r['CidrIp'] } } + } + end end end diff --git a/lib/fog/aws/requests/compute/describe_security_groups.rb b/lib/fog/aws/requests/compute/describe_security_groups.rb index c0bb12a78..cff146aca 100644 --- a/lib/fog/aws/requests/compute/describe_security_groups.rb +++ b/lib/fog/aws/requests/compute/describe_security_groups.rb @@ -71,7 +71,7 @@ module Fog } for filter_key, filter_value in filters if permission_key = filter_key.split('ip-permission.')[1] - if permission_key == 'group-name' + if permission_key == 'group-name' security_group_info = security_group_info.reject{|security_group| !security_group['ipPermissions']['groups'].detect {|group| [*filter_value].include?(group['groupName'])}} elsif permission_key == 'group-id' security_group_info = security_group_info.reject{|security_group| !security_group['ipPermissions']['groups'].detect {|group| [*filter_value].include?(group['groupId'])}} diff --git a/tests/aws/requests/compute/security_group_tests.rb b/tests/aws/requests/compute/security_group_tests.rb index aaba70028..b15dd4d6c 100644 --- a/tests/aws/requests/compute/security_group_tests.rb +++ b/tests/aws/requests/compute/security_group_tests.rb @@ -13,7 +13,7 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do 'groupName' => String, 'ipPermissions' => [{ 'fromPort' => Fog::Nullable::Integer, - 'groups' => [{ 'groupName' => Fog::Nullable::String, 'userId' => String }], + 'groups' => [{ 'groupName' => Fog::Nullable::String, 'userId' => String, 'groupId' => String }], 'ipProtocol' => String, 'ipRanges' => [], 'toPort' => Fog::Nullable::Integer, @@ -25,17 +25,17 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do } @owner_id = Fog::Compute[:aws].describe_security_groups('group-name' => 'default').body['securityGroupInfo'].first['ownerId'] + @group_id_default = Fog::Compute[:aws].describe_security_groups('group-name' => 'default').body['securityGroupInfo'].first['groupId'] tests('success') do tests("#create_security_group('fog_security_group', 'tests group')").formats(@create_security_group_format) do Fog::Compute[:aws].create_security_group('fog_security_group', 'tests group').body end - tests("#create_security_group('fog_security_group_two', 'tests group')").formats(@create_security_group_format) do Fog::Compute[:aws].create_security_group('fog_security_group_two', 'tests group').body end - + @group_id_two = Fog::Compute[:aws].describe_security_groups('group-name' => 'fog_security_group_two').body['securityGroupInfo'].first['groupId'] group_id = Fog::Compute[:aws].describe_security_groups('group-name' => 'fog_security_group').body['securityGroupInfo'].first['groupId'] to_be_revoked = [] expected_permissions = [] @@ -48,17 +48,17 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do to_be_revoked.push([permission, expected_permissions.dup]) expected_permissions = [ - {"groups"=>[{"groupName"=>"default", "userId"=>@owner_id}], + {"groups"=>[{"groupName"=>"default", "userId"=>@owner_id, "groupId"=>@group_id_default}], "fromPort"=>1, "ipRanges"=>[], "ipProtocol"=>"tcp", "toPort"=>65535}, - {"groups"=>[{"groupName"=>"default", "userId"=>@owner_id}], + {"groups"=>[{"groupName"=>"default", "userId"=>@owner_id, "groupId"=>@group_id_default}], "fromPort"=>1, "ipRanges"=>[], "ipProtocol"=>"udp", "toPort"=>65535}, - {"groups"=>[{"groupName"=>"default", "userId"=>@owner_id}], + {"groups"=>[{"groupName"=>"default", "userId"=>@owner_id, "groupId"=>@group_id_default}], "fromPort"=>-1, "ipRanges"=>[], "ipProtocol"=>"icmp", @@ -82,22 +82,22 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do expected_permissions = [ {"groups"=> - [{"userId"=>@owner_id, "groupName"=>"default"}, - {"userId"=>@owner_id, "groupName"=>"fog_security_group_two"}], + [{"userId"=>@owner_id, "groupName"=>"default", "groupId"=>@group_id_default}, + {"userId"=>@owner_id, "groupName"=>"fog_security_group_two", "groupId"=>@group_id_two}], "ipRanges"=>[], "ipProtocol"=>"tcp", "fromPort"=>1, "toPort"=>65535}, {"groups"=> - [{"userId"=>@owner_id, "groupName"=>"default"}, - {"userId"=>@owner_id, "groupName"=>"fog_security_group_two"}], + [{"userId"=>@owner_id, "groupName"=>"default", "groupId"=>@group_id_default}, + {"userId"=>@owner_id, "groupName"=>"fog_security_group_two", "groupId"=>@group_id_two}], "ipRanges"=>[], "ipProtocol"=>"udp", "fromPort"=>1, "toPort"=>65535}, {"groups"=> - [{"userId"=>@owner_id, "groupName"=>"default"}, - {"userId"=>@owner_id, "groupName"=>"fog_security_group_two"}], + [{"userId"=>@owner_id, "groupName"=>"default", "groupId"=>@group_id_default}, + {"userId"=>@owner_id, "groupName"=>"fog_security_group_two", "groupId"=>@group_id_two}], "ipRanges"=>[], "ipProtocol"=>"icmp", "fromPort"=>-1, @@ -199,13 +199,12 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do to_be_revoked.push([permissions, expected_permissions.dup]) expected_permissions += [ - {"groups"=>[{"userId"=>@owner_id, "groupName"=>"fog_security_group_two"}], + {"groups"=>[{"userId"=>@owner_id, "groupName"=>"fog_security_group_two", "groupId"=>@group_id_two}], "ipRanges"=>[], "ipProtocol"=>"tcp", "fromPort"=>8000, "toPort"=>8000} ] - tests("#describe_security_groups('group-name' => 'fog_security_group')").returns([]) do array_differences(expected_permissions, Fog::Compute[:aws].describe_security_groups('group-name' => 'fog_security_group').body['securityGroupInfo'].first['ipPermissions']) end @@ -229,7 +228,7 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do expected_permissions += [ {"groups"=> - [{"userId"=>@owner_id, "groupName"=>"fog_security_group_two"}], + [{"userId"=>@owner_id, "groupName"=>"fog_security_group_two", "groupId"=>@group_id_two}], "ipRanges"=>[{"cidrIp"=>"172.16.0.0/24"}], "ipProtocol"=>"tcp", "fromPort"=>9000, @@ -275,32 +274,22 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do group_id = Fog::Compute[:aws].describe_security_groups('group-name' => 'vpc_security_group').body['securityGroupInfo'].first['groupId'] - # Access group with name in options array - permission = { 'IpProtocol' => '42', 'FromPort' => '22', 'ToPort' => '22', 'CidrIp' => '10.0.0.0/8' } + permissions = { + 'IpPermissions' => [ + { + 'IpProtocol' => '42', + 'IpRanges' => [{ 'CidrIp' => '10.0.0.0/8' }], + } + ] + } + expected_permissions = [ {"groups"=>[], "ipRanges"=>[{"cidrIp"=>"10.0.0.0/8"}], - "ipProtocol"=>"42", - "fromPort"=>22, - "toPort"=>22} + "ipProtocol"=>"42"} ] - options = permission.clone - options['GroupName'] = 'vpc_security_group' - tests("#authorize_security_group_ingress(#{options.inspect})").formats(AWS::Compute::Formats::BASIC) do - Fog::Compute[:aws].authorize_security_group_ingress(options).body - end - - tests("#describe_security_groups('group-name' => 'vpc_security_group')").returns([]) do - array_differences(expected_permissions, Fog::Compute[:aws].describe_security_groups('group-name' => 'vpc_security_group').body['securityGroupInfo'].first['ipPermissions']) - end - - tests("#revoke_security_group_ingress(#{options.inspect})").formats(AWS::Compute::Formats::BASIC) do - Fog::Compute[:aws].revoke_security_group_ingress(options).body - end - - # Access group with id in options array - options = permission.clone + options = permissions.clone options['GroupId'] = group_id tests("#authorize_security_group_ingress(#{options.inspect})").formats(AWS::Compute::Formats::BASIC) do Fog::Compute[:aws].authorize_security_group_ingress(options).body @@ -314,9 +303,13 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do Fog::Compute[:aws].revoke_security_group_ingress(options).body end + vpc_group=Fog::Compute[:aws].security_groups.get_by_id(group_id) + vpc_group.destroy + Fog::Compute[:aws].delete_vpc(vpc_id) end + ## Rate limiting seems to want us to take a break otherwise it will throw errors tests('failure') do @security_group = Fog::Compute[:aws].security_groups.create(:description => 'tests group', :name => 'fog_security_group')