Path: blob/develop/tests/functional/ec2/test_security_group_operations.py
1567 views
#!/usr/bin/env python1# Copyright 2013-2014 Amazon.com, Inc. or its affiliates. All Rights Reserved.2#3# Licensed under the Apache License, Version 2.0 (the "License"). You4# may not use this file except in compliance with the License. A copy of5# the License is located at6#7# http://aws.amazon.com/apache2.0/8#9# or in the "license" file accompanying this file. This file is10# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF11# ANY KIND, either express or implied. See the License for the specific12# language governing permissions and limitations under the License.13from awscli.testutils import BaseAWSCommandParamsTest141516class TestAuthorizeSecurityGroupIngress(BaseAWSCommandParamsTest):1718prefix = 'ec2 authorize-security-group-ingress '1920def test_simple_cidr(self):21args = self.prefix + (22'--group-name foobar --protocol tcp --port 22-25 --cidr 0.0.0.0/0')23result = {'GroupName': 'foobar',24'IpPermissions': [{'FromPort': 22, 'IpProtocol': 'tcp',25'IpRanges': [{'CidrIp': '0.0.0.0/0'}],26'ToPort': 25}]}27self.assert_params_for_cmd(args, result)2829def test_all_port(self):30args = self.prefix + (31'--group-name foobar --protocol tcp --port all --cidr 0.0.0.0/0')32result = {'GroupName': 'foobar',33'IpPermissions': [{'FromPort': -1, 'IpProtocol': 'tcp',34'IpRanges': [{'CidrIp': '0.0.0.0/0'}],35'ToPort': -1}]}36self.assert_params_for_cmd(args, result)3738def test_icmp_echo_request(self):39# This corresponds to a from port of 8 and a to port of -1, i.e40# --port 8--1.41args = self.prefix + (42'--group-name foobar --protocol tcp --port 8--1 --cidr 0.0.0.0/0')43result = {'GroupName': 'foobar',44'IpPermissions': [{'FromPort': 8, 'IpProtocol': 'tcp',45'IpRanges': [{'CidrIp': '0.0.0.0/0'}],46'ToPort': -1}]}47self.assert_params_for_cmd(args, result)4849def test_all_protocol(self):50args = self.prefix + (51'--group-name foobar --protocol all --port all --cidr 0.0.0.0/0')52result = {'GroupName': 'foobar',53# This is correct, the expected value is the *string*54# '-1'. This is because the IpProtocol is modeled55# as a string.56'IpPermissions': [{'FromPort': -1, 'IpProtocol': '-1',57'IpRanges': [{'CidrIp': '0.0.0.0/0'}],58'ToPort': -1}]}5960self.assert_params_for_cmd(args, result)6162def test_numeric_protocol(self):63args = self.prefix + (64'--group-name foobar --protocol 200 --cidr 0.0.0.0/0')65result = {'GroupName': 'foobar',66'IpPermissions': [{'IpProtocol': '200', 'IpRanges':67[{'CidrIp': '0.0.0.0/0'}]}]}68self.assert_params_for_cmd(args, result)6970def test_negative_one_protocol(self):71args = self.prefix + (72'--group-name foobar --protocol -1 --cidr 0.0.0.0/0')73result = {'GroupName': 'foobar',74'IpPermissions': [{'IpProtocol': '-1', 'IpRanges':75[{'CidrIp': '0.0.0.0/0'}]}]}76self.assert_params_for_cmd(args, result)7778def test_classic_group(self):79args = self.prefix + (80'--group-name foobar --protocol udp '81'--source-group fiebaz --group-owner 11111111')82result = {'GroupName': 'foobar',83'IpPermissions': [{'IpProtocol': 'udp', 'UserIdGroupPairs':84[{'GroupName': 'fiebaz', 'UserId':85'11111111'}]}]}86self.assert_params_for_cmd(args, result)8788def test_vpc_group(self):89args = self.prefix + (90'--group-name foobar --protocol icmp --source-group sg-12345678')91result = {'GroupName': 'foobar',92'IpPermissions': [{'IpProtocol': 'icmp', 'UserIdGroupPairs':93[{'GroupId': 'sg-12345678'}]}]}94self.assert_params_for_cmd(args, result)9596def test_IpPermissions(self):97json = (98'[{"FromPort":8000,"ToPort":9000,'99'"IpProtocol":"tcp","IpRanges":[{"CidrIp":"192.168.100.0/24"}]}]')100args = self.prefix + '--group-name foobar --ip-permissions %s' % json101result = {'GroupName': 'foobar',102'IpPermissions': [{'FromPort': 8000, 'ToPort': 9000,103'IpProtocol': 'tcp', 'IpRanges':104[{'CidrIp': '192.168.100.0/24'}]}]}105self.assert_params_for_cmd(args, result)106107def test_IpPermissions_with_group_id(self):108json = (109'[{"FromPort":8000,"ToPort":9000,"IpProtocol":"tcp",'110'"IpRanges":[{"CidrIp":"192.168.100.0/24"}]}]')111args = self.prefix + '--group-id sg-12345678 --ip-permissions %s' % json112result = {'GroupId': 'sg-12345678',113'IpPermissions': [{'FromPort': 8000, 'ToPort': 9000,114'IpProtocol': 'tcp', 'IpRanges':115[{'CidrIp': '192.168.100.0/24'}]}]}116self.assert_params_for_cmd(args, result)117118def test_both(self):119json = (120'[{"FromPort":8000,"ToPort":9000,"IpProtocol":"tcp",'121'"IpRanges":[{"CidrIp":"192.168.100.0/24"}]}]')122args = self.prefix + '--group-name foobar --port 100 --ip-permissions %s' % json123self.assert_params_for_cmd(args, expected_rc=255)124125126127class TestRevokeSecurityGroupIngress(TestAuthorizeSecurityGroupIngress):128129prefix = 'ec2 revoke-security-group-ingress '130131132