update_security_group_rule_descriptions_ingress updates all IpRanges to the same description
marcinraczynski-bpi opened this issue · comments
Marcin Raczyński commented
Updating IpRanges with update_security_group_rule_descriptions_ingress
results in all IpRanges having the same description.
The following test illustrates the issue:
________________________________________________________________ test_update_security_group_rule_descriptions_ingress ________________________________________________________________
@mock_aws
def test_update_security_group_rule_descriptions_ingress():
ec2 = boto3.resource("ec2", REGION)
client = boto3.client("ec2", REGION)
vpc = ec2.create_vpc(CidrBlock="10.0.0.0/16")
sg_name = str(uuid4())
sg = ec2.create_security_group(
Description="Test SG", GroupName=sg_name, VpcId=vpc.id
)
sg_id = sg.id
expected_ip_ranges = [
{"CidrIp": "1.2.3.4/32", "Description": "first desc"},
{"CidrIp": "1.2.3.5/32", "Description": "first desc"},
{"CidrIp": "1.2.3.6/32", "Description": "first desc"},
]
ip_permissions = [
{
"IpProtocol": "tcp",
"FromPort": 27017,
"ToPort": 27017,
"IpRanges": expected_ip_ranges,
}
]
client.authorize_security_group_ingress(
GroupId=sg_id,
IpPermissions=ip_permissions,
)
client.describe_security_group_rules(
Filters=[{"Name": "tag:Partner", "Values": ["test"]}]
)
ip_ranges = client.describe_security_groups(GroupIds=[sg_id])["SecurityGroups"][0][
"IpPermissions"
][0]["IpRanges"]
assert ip_ranges == expected_ip_ranges
client.update_security_group_rule_descriptions_ingress(
GroupName=sg_name,
IpPermissions=[
{
"IpProtocol": "tcp",
"FromPort": 27017,
"ToPort": 27017,
"IpRanges": [
{"CidrIp": "1.2.3.4/32", "Description": "second desc"},
{"CidrIp": "1.2.3.6/32", "Description": "third desc"},
],
}
],
)
expected_ip_ranges[0]["Description"] = "second desc"
expected_ip_ranges[2]["Description"] = "third desc"
ip_ranges = client.describe_security_groups(GroupIds=[sg_id])["SecurityGroups"][0][
"IpPermissions"
][0]["IpRanges"]
> assert ip_ranges == expected_ip_ranges
E AssertionError: assert [{'CidrIp': '1.2.3.4/32', 'Description': 'third desc'}, {'CidrIp': '1.2.3.5/32', 'Description': 'third desc'}, {'CidrIp': '1.2.3.6/32', 'Description': 'third desc'}] == [{'CidrIp': '1.2.3.4/32', 'Description': 'second desc'}, {'CidrIp': '1.2.3.5/32', 'Description': 'first desc'}, {'CidrIp': '1.2.3.6/32', 'Description': 'third desc'}]
E
E At index 0 diff: {'CidrIp': '1.2.3.4/32', 'Description': 'third desc'} != {'CidrIp': '1.2.3.4/32', 'Description': 'second desc'}
E
E Full diff:
E [
E {
E 'CidrIp': '1.2.3.4/32',
E - 'Description': 'second desc',
E ? ^^^^^
E + 'Description': 'third desc',
E ? ^^^^
E },
E {
E 'CidrIp': '1.2.3.5/32',
E - 'Description': 'first desc',
E ? ^ ^^
E + 'Description': 'third desc',
E ? ^^ ^
E },
E {
E 'CidrIp': '1.2.3.6/32',
E 'Description': 'third desc',
E },
E ]
test_security_groups.py:1332: AssertionError