chef-provisioning-aws 2.2.2 → 3.0.0.pre.rc1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (87) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +1 -1
  3. data/chef-provisioning-aws.gemspec +0 -1
  4. data/lib/chef/provider/aws_auto_scaling_group.rb +9 -6
  5. data/lib/chef/provider/aws_dhcp_options.rb +21 -11
  6. data/lib/chef/provider/aws_ebs_volume.rb +26 -24
  7. data/lib/chef/provider/aws_eip_address.rb +11 -12
  8. data/lib/chef/provider/aws_image.rb +1 -1
  9. data/lib/chef/provider/aws_internet_gateway.rb +18 -10
  10. data/lib/chef/provider/aws_key_pair.rb +6 -6
  11. data/lib/chef/provider/aws_launch_configuration.rb +7 -9
  12. data/lib/chef/provider/aws_nat_gateway.rb +2 -2
  13. data/lib/chef/provider/aws_network_acl.rb +11 -8
  14. data/lib/chef/provider/aws_network_interface.rb +34 -29
  15. data/lib/chef/provider/aws_rds_parameter_group.rb +1 -1
  16. data/lib/chef/provider/aws_rds_subnet_group.rb +1 -1
  17. data/lib/chef/provider/aws_route_table.rb +7 -7
  18. data/lib/chef/provider/aws_s3_bucket.rb +24 -12
  19. data/lib/chef/provider/aws_security_group.rb +202 -25
  20. data/lib/chef/provider/aws_server_certificate.rb +3 -4
  21. data/lib/chef/provider/aws_sns_topic.rb +4 -3
  22. data/lib/chef/provider/aws_sqs_queue.rb +7 -3
  23. data/lib/chef/provider/aws_subnet.rb +45 -21
  24. data/lib/chef/provider/aws_vpc.rb +59 -30
  25. data/lib/chef/provisioning/aws_driver/aws_provider.rb +12 -3
  26. data/lib/chef/provisioning/aws_driver/aws_resource.rb +2 -2
  27. data/lib/chef/provisioning/aws_driver/aws_resource_with_entry.rb +1 -1
  28. data/lib/chef/provisioning/aws_driver/aws_tagger.rb +2 -2
  29. data/lib/chef/provisioning/aws_driver/credentials.rb +1 -1
  30. data/lib/chef/provisioning/aws_driver/credentials2.rb +5 -1
  31. data/lib/chef/provisioning/aws_driver/driver.rb +124 -34
  32. data/lib/chef/provisioning/aws_driver/tagging_strategy/rds.rb +4 -4
  33. data/lib/chef/provisioning/aws_driver/tagging_strategy/s3.rb +1 -1
  34. data/lib/chef/provisioning/aws_driver/version.rb +1 -1
  35. data/lib/chef/resource/aws_auto_scaling_group.rb +2 -2
  36. data/lib/chef/resource/aws_cache_cluster.rb +4 -4
  37. data/lib/chef/resource/aws_cache_replication_group.rb +3 -3
  38. data/lib/chef/resource/aws_cache_subnet_group.rb +4 -4
  39. data/lib/chef/resource/aws_cloudsearch_domain.rb +1 -1
  40. data/lib/chef/resource/aws_cloudwatch_alarm.rb +1 -1
  41. data/lib/chef/resource/aws_dhcp_options.rb +10 -3
  42. data/lib/chef/resource/aws_ebs_volume.rb +10 -4
  43. data/lib/chef/resource/aws_eip_address.rb +4 -4
  44. data/lib/chef/resource/aws_elasticsearch_domain.rb +1 -1
  45. data/lib/chef/resource/aws_iam_role.rb +1 -1
  46. data/lib/chef/resource/aws_internet_gateway.rb +11 -4
  47. data/lib/chef/resource/aws_key_pair.rb +4 -3
  48. data/lib/chef/resource/aws_launch_configuration.rb +5 -4
  49. data/lib/chef/resource/aws_load_balancer.rb +14 -3
  50. data/lib/chef/resource/aws_nat_gateway.rb +2 -2
  51. data/lib/chef/resource/aws_network_acl.rb +10 -10
  52. data/lib/chef/resource/aws_network_interface.rb +12 -6
  53. data/lib/chef/resource/aws_rds_parameter_group.rb +6 -6
  54. data/lib/chef/resource/aws_rds_subnet_group.rb +4 -5
  55. data/lib/chef/resource/aws_route53_record_set.rb +1 -1
  56. data/lib/chef/resource/aws_route_table.rb +1 -1
  57. data/lib/chef/resource/aws_s3_bucket.rb +3 -2
  58. data/lib/chef/resource/aws_security_group.rb +6 -6
  59. data/lib/chef/resource/aws_server_certificate.rb +4 -5
  60. data/lib/chef/resource/aws_sns_topic.rb +4 -4
  61. data/lib/chef/resource/aws_sqs_queue.rb +3 -3
  62. data/lib/chef/resource/aws_subnet.rb +5 -5
  63. data/lib/chef/resource/aws_vpc.rb +12 -6
  64. data/lib/chef/resource/aws_vpc_peering_connection.rb +2 -2
  65. data/spec/aws_support.rb +12 -9
  66. data/spec/aws_support/deep_matcher/match_values_failure_messages.rb +15 -5
  67. data/spec/integration/aws_dhcp_options_spec.rb +7 -7
  68. data/spec/integration/aws_ebs_volume_spec.rb +1 -1
  69. data/spec/integration/aws_internet_gateway_spec.rb +19 -18
  70. data/spec/integration/aws_key_pair_spec.rb +1 -1
  71. data/spec/integration/aws_nat_gateway_spec.rb +3 -6
  72. data/spec/integration/aws_network_acl_spec.rb +19 -11
  73. data/spec/integration/aws_network_interface_spec.rb +26 -20
  74. data/spec/integration/aws_rds_instance_spec.rb +6 -7
  75. data/spec/integration/aws_rds_subnet_group_spec.rb +6 -6
  76. data/spec/integration/aws_route53_hosted_zone_spec.rb +1 -1
  77. data/spec/integration/aws_s3_bucket_spec.rb +1 -2
  78. data/spec/integration/aws_security_group_spec.rb +272 -198
  79. data/spec/integration/aws_server_certificate_spec.rb +60 -78
  80. data/spec/integration/aws_subnet_spec.rb +8 -4
  81. data/spec/integration/aws_vpc_spec.rb +29 -23
  82. data/spec/integration/machine_spec.rb +1 -1
  83. data/spec/unit/chef/provisioning/aws_driver/credentials_spec.rb +13 -0
  84. data/spec/unit/chef/provisioning/aws_driver/driver_spec.rb +1 -1
  85. data/spec/unit/chef/provisioning/aws_driver/route53_spec.rb +1 -1
  86. metadata +5 -20
  87. data/spec/persistence_file.txt +0 -220
data/spec/integration/aws_key_pair_spec.rb CHANGED
@@ -6,7 +6,7 @@ describe Chef::Resource::AwsKeyPair do
6
6
  when_the_chef_12_server "exists", organization: 'foo', server_scope: :context do
7
7
  with_aws "when connected to AWS" do
8
8
  before :each do
9
- driver.ec2.key_pairs['test_key_pair'].delete
9
+ driver.ec2.delete_key_pair({key_name: 'test_key_pair'})
10
10
  end
11
11
 
12
12
  it "aws_key_pair 'test_key_pair' creates a key pair" do
data/spec/integration/aws_nat_gateway_spec.rb CHANGED
@@ -9,17 +9,14 @@ describe Chef::Resource::AwsNatGateway do
9
9
  purge_all
10
10
  setup_public_vpc
11
11
 
12
- aws_network_interface 'test_network_interface' do
13
- subnet 'test_public_subnet'
14
- end
15
-
16
- aws_eip_address 'test_eip'
12
+ aws_eip_address "test_eip"
17
13
 
18
14
  describe 'action :create' do #, :super_slow do
19
15
  it 'creates an aws_nat_gateway in the specified subnet' do
20
16
  expect_recipe {
17
+ sub_id = test_public_subnet.aws_object.id
21
18
  aws_nat_gateway 'test_nat_gateway' do
22
- subnet 'test_public_subnet'
19
+ subnet sub_id
23
20
  eip_address 'test_eip'
24
21
  end
25
22
  }.to create_an_aws_nat_gateway('test_nat_gateway',
data/spec/integration/aws_network_acl_spec.rb CHANGED
@@ -26,20 +26,28 @@ describe Chef::Resource::AwsNetworkAcl do
26
26
  vpc 'test_vpc'
27
27
  inbound_rules(
28
28
  [
29
- { rule_number: 100, action: :deny, protocol: -1, cidr_block: '10.0.0.0/24' },
30
- { rule_number: 200, action: :allow, protocol: -1, cidr_block: '0.0.0.0/0' },
31
- { rule_number: 300, action: :allow, protocol: 6, port_range: 22..23, cidr_block: '172.31.0.0/22' }
29
+ { rule_number: 100, rule_action: :deny, protocol: "-1", cidr_block: '10.0.0.0/24' },
30
+ { rule_number: 200, rule_action: :allow, protocol: "-1", cidr_block: '0.0.0.0/0' },
31
+ { rule_number: 300,
32
+ rule_action: :allow,
33
+ protocol: "6",
34
+ port_range:
35
+ {
36
+ :from => 22,
37
+ :to => 23
38
+ },
39
+ cidr_block: '172.31.0.0/22' }
32
40
  ]
33
41
  )
34
42
  outbound_rules(
35
43
  [
36
- { rule_number: 500, action: :allow, protocol: -1, cidr_block: '0.0.0.0/0' }
44
+ { rule_number: 500, rule_action: :allow, protocol: "-1", cidr_block: '0.0.0.0/0' }
37
45
  ]
38
46
  )
39
47
  end
40
48
  }.to create_an_aws_network_acl('test_network_acl',
41
49
  vpc_id: test_vpc.aws_object.id,
42
- entry_set:
50
+ entries:
43
51
  [
44
52
  { :rule_number=>500, :protocol=>"-1", :rule_action=>"allow", :egress=>true, :cidr_block=>"0.0.0.0/0" },
45
53
  { :rule_number=>32767, :protocol=>"-1", :rule_action=>"deny", :egress=>true, :cidr_block=>"0.0.0.0/0" },
@@ -54,8 +62,8 @@ describe Chef::Resource::AwsNetworkAcl do
54
62
  context 'when rules are empty' do
55
63
  aws_network_acl 'test_network_acl' do
56
64
  vpc 'test_vpc'
57
- inbound_rules(rule_number: 100, action: :deny, protocol: -1, cidr_block: '10.0.0.0/24')
58
- outbound_rules(rule_number: 500, action: :allow, protocol: -1, cidr_block: '0.0.0.0/0')
65
+ inbound_rules(rule_number: 100, rule_action: :deny, protocol: "-1", cidr_block: '10.0.0.0/24')
66
+ outbound_rules(rule_number: 500, rule_action: :allow, protocol: "-1", cidr_block: '0.0.0.0/0')
59
67
  end
60
68
 
61
69
  it "aws_network_acl 'test_network_acl' removes current rules" do
@@ -67,7 +75,7 @@ describe Chef::Resource::AwsNetworkAcl do
67
75
  end
68
76
  }.to create_an_aws_network_acl('test_network_acl',
69
77
  vpc_id: test_vpc.aws_object.id,
70
- entry_set:
78
+ entries:
71
79
  [
72
80
  { :rule_number=>32767, :protocol=>"-1", :rule_action=>"deny", :egress=>true, :cidr_block=>"0.0.0.0/0" },
73
81
  { :rule_number=>32767, :protocol=>"-1", :rule_action=>"deny", :egress=>false, :cidr_block=>"0.0.0.0/0" }
@@ -79,8 +87,8 @@ describe Chef::Resource::AwsNetworkAcl do
79
87
  context 'when rules are nil' do
80
88
  aws_network_acl 'test_network_acl' do
81
89
  vpc 'test_vpc'
82
- inbound_rules(rule_number: 100, action: :deny, protocol: -1, cidr_block: '10.0.0.0/24')
83
- outbound_rules(rule_number: 500, action: :allow, protocol: -1, cidr_block: '0.0.0.0/0')
90
+ inbound_rules(rule_number: 100, rule_action: :deny, protocol: "-1", cidr_block: '10.0.0.0/24')
91
+ outbound_rules(rule_number: 500, rule_action: :allow, protocol: "-1", cidr_block: '0.0.0.0/0')
84
92
  end
85
93
 
86
94
  it "aws_network_acl 'test_network_acl' with a nil rules array leaves current rules alone" do
@@ -92,7 +100,7 @@ describe Chef::Resource::AwsNetworkAcl do
92
100
  end
93
101
  }.to match_an_aws_network_acl('test_network_acl',
94
102
  vpc_id: test_vpc.aws_object.id,
95
- entry_set:
103
+ entries:
96
104
  [
97
105
  { :rule_number=>500, :protocol=>"-1", :rule_action=>"allow", :egress=>true, :cidr_block=>"0.0.0.0/0" },
98
106
  { :rule_number=>32767, :protocol=>"-1", :rule_action=>"deny", :egress=>true, :cidr_block=>"0.0.0.0/0" },
data/spec/integration/aws_network_interface_spec.rb CHANGED
@@ -6,29 +6,35 @@ describe "AwsNetworkInterface" do
6
6
 
7
7
  context "setting up public VPC" do
8
8
 
9
+ purge_all
9
10
  setup_public_vpc
10
11
 
11
- it "creates an aws_network_interface resource with maximum attributes", :super_slow do
12
- expect_recipe {
13
- machine "test_machine" do
14
- machine_options bootstrap_options: {
15
- subnet_id: 'test_public_subnet',
16
- security_group_ids: ['test_security_group']
17
- }
18
- action :ready
19
- end
12
+ context "with machines", :super_slow do
20
13
 
21
- aws_network_interface 'test_network_interface' do
22
- subnet 'test_public_subnet'
23
- private_ip_address '10.0.0.25'
24
- description "test_network_interface"
25
- security_groups ['test_security_group']
26
- machine "test_machine"
27
- device_index 1
28
- end
29
- }.to create_an_aws_instance('test_machine'
30
- ).and create_an_aws_network_interface('test_network_interface'
31
- ).and be_idempotent
14
+ machine "test_machine" do
15
+ machine_options bootstrap_options: {
16
+ subnet_id: 'test_public_subnet',
17
+ security_group_ids: ['test_security_group']
18
+ }
19
+ action :ready
20
+ end
21
+
22
+ it "creates an aws_network_interface resource with maximum attributes" do
23
+ expect_recipe {
24
+ sub_id = test_public_subnet.aws_object.id
25
+ sg_id = test_security_group.aws_object.id
26
+ machine_id = test_machine.aws_object.id
27
+ aws_network_interface 'test_network_interface' do
28
+ subnet sub_id
29
+ private_ip_address '10.0.0.25'
30
+ description "test_network_interface"
31
+ security_groups [sg_id]
32
+ machine machine_id
33
+ device_index 1
34
+ end
35
+ }.to create_an_aws_network_interface('test_network_interface'
36
+ ).and be_idempotent
37
+ end
32
38
  end
33
39
 
34
40
  it "creates aws_network_interface tags" do
data/spec/integration/aws_rds_instance_spec.rb CHANGED
@@ -7,12 +7,11 @@ describe Chef::Resource::AwsRdsInstance do
7
7
  with_aws "with a connection to AWS, a VPC, two subnets, a db subnet group, and a db parameter group" do
8
8
 
9
9
  azs = []
10
- driver.ec2.availability_zones.each do |az|
10
+ driver.ec2.describe_availability_zones.availability_zones.each do |az|
11
11
  azs << az
12
12
  end
13
- az_1 = azs[0].name
14
- az_2 = azs[1].name
15
-
13
+ az_1 = azs[0].zone_name
14
+ az_2 = azs[1].zone_name
16
15
  aws_vpc "test_vpc" do
17
16
  cidr_block '10.0.5.0/24'
18
17
  internet_gateway true
@@ -123,7 +122,7 @@ describe Chef::Resource::AwsRdsInstance do
123
122
  it "updates aws_rds_instance tags" do
124
123
  expect_recipe {
125
124
  aws_rds_instance "test-rds-instance-tagging-#{tagging_id}" do
126
- aws_tags key1: "value2", key2: nil
125
+ aws_tags key1: "value1", key2: "value2"
127
126
  allocated_storage 5
128
127
  db_instance_class "db.t2.micro"
129
128
  engine "postgres"
@@ -132,8 +131,8 @@ describe Chef::Resource::AwsRdsInstance do
132
131
  end
133
132
  }.to have_aws_rds_instance_tags("test-rds-instance-tagging-#{tagging_id}",
134
133
  {
135
- 'key1' => 'value2',
136
- 'key2' => nil
134
+ 'key1' => 'value1',
135
+ 'key2' => 'value2'
137
136
  }
138
137
  ).and be_idempotent
139
138
  end
data/spec/integration/aws_rds_subnet_group_spec.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  require 'spec_helper'
2
- require 'aws'
2
+ require 'aws-sdk'
3
3
  require 'set'
4
4
 
5
5
  describe Chef::Resource::AwsRdsSubnetGroup do
@@ -11,11 +11,11 @@ describe Chef::Resource::AwsRdsSubnetGroup do
11
11
  #region = ENV['AWS_TEST_DRIVER'][5..-1]
12
12
 
13
13
  azs = []
14
- driver.ec2.availability_zones.each do |az|
14
+ driver.ec2.describe_availability_zones.availability_zones.each do |az|
15
15
  azs << az
16
16
  end
17
- az_1 = azs[0].name
18
- az_2 = azs[1].name
17
+ az_1 = azs[0].zone_name
18
+ az_2 = azs[1].zone_name
19
19
 
20
20
  aws_vpc "test_vpc" do
21
21
  cidr_block '10.0.0.0/24'
@@ -78,12 +78,12 @@ describe Chef::Resource::AwsRdsSubnetGroup do
78
78
  aws_rds_subnet_group "test-db-subnet-group" do
79
79
  description "some_description"
80
80
  subnets ["test_subnet", test_subnet_2.aws_object.id]
81
- aws_tags key1: "value2", key2: nil
81
+ aws_tags key1: "value2", key2: ''
82
82
  end
83
83
  }.to have_aws_rds_subnet_group_tags("test-db-subnet-group",
84
84
  {
85
85
  'key1' => 'value2',
86
- 'key2' => nil
86
+ 'key2' => ''
87
87
  }
88
88
  ).and be_idempotent
89
89
  end
data/spec/integration/aws_route53_hosted_zone_spec.rb CHANGED
@@ -269,7 +269,7 @@ describe Chef::Resource::AwsRoute53HostedZone do
269
269
  end
270
270
  }
271
271
  end
272
- }.to raise_error(Aws::Route53::Errors::InvalidChangeBatch, /Tried to delete.*the values provided do not match the current values/)
272
+ }.to raise_error(::Aws::Route53::Errors::InvalidChangeBatch, /Tried to delete.*the values provided do not match the current values/)
273
273
  end
274
274
 
275
275
  it "uses the resource name as the :rr_name" do
data/spec/integration/aws_s3_bucket_spec.rb CHANGED
@@ -51,7 +51,6 @@ describe Chef::Resource::AwsS3Bucket do
51
51
  end
52
52
 
53
53
  it "removes all aws_s3_bucket tags" do
54
- pending
55
54
 
56
55
  expect_recipe {
57
56
  aws_s3_bucket bucket_name do
@@ -70,7 +69,7 @@ describe Chef::Resource::AwsS3Bucket do
70
69
 
71
70
  ruby_block "upload s3 object" do
72
71
  block do
73
- AWS::S3.new.buckets[bucket_name].objects["test-object"].write("test-content")
72
+ ::Aws::S3::Resource.new(driver.s3_client).buckets.find { |b| b.name == bucket_name }.object("test-object").put( { body: "test-content" } )
74
73
  end
75
74
  end
76
75
  }
data/spec/integration/aws_security_group_spec.rb CHANGED
@@ -5,6 +5,17 @@ require 'chef/provisioning/aws_driver/exceptions'
5
5
  describe Chef::Resource::AwsSecurityGroup do
6
6
  extend AWSSupport
7
7
 
8
+ def set_ip_pemissions_mock_object(options = {})
9
+ mock_object = Aws::EC2::Types::IpPermission.new(
10
+ from_port: options[:from_port] || nil,
11
+ to_port: options[:to_port] || nil ,
12
+ ip_protocol: options[:ip_protocol] || nil,
13
+ ip_ranges: options[:ip_ranges] || [],
14
+ ipv_6_ranges: options[:ipv_6_ranges] || [],
15
+ prefix_list_ids: options[:prefix_list_ids] || [],
16
+ user_id_group_pairs: options[:user_id_group_pairs] || [])
17
+ end
18
+
8
19
  when_the_chef_12_server "exists", organization: 'foo', server_scope: :context do
9
20
  with_aws "without a VPC" do
10
21
 
@@ -14,9 +25,9 @@ describe Chef::Resource::AwsSecurityGroup do
14
25
  end
15
26
  }.to create_an_aws_security_group('test_sg',
16
27
  description: 'test_sg',
17
- vpc_id: default_vpc.id,
18
- ip_permissions_list: [],
19
- ip_permissions_list_egress: [{:groups=>[], :ip_ranges=>[{:cidr_ip=>"0.0.0.0/0"}], :ip_protocol=>"-1"}]
28
+ vpc_id: default_vpc.vpc_id,
29
+ ip_permissions: [],
30
+ ip_permissions_egress: [set_ip_pemissions_mock_object(ip_protocol: "-1", ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "0.0.0.0/0")])]
20
31
  ).and be_idempotent
21
32
  end
22
33
 
@@ -34,26 +45,22 @@ describe Chef::Resource::AwsSecurityGroup do
34
45
  end
35
46
  }.to create_an_aws_security_group('test_sg',
36
47
  description: 'test_sg',
37
- vpc_id: default_vpc.id,
38
- ip_permissions_list: [
39
- { groups: [], ip_ranges: [{cidr_ip: "0.0.0.0/0"}], ip_protocol: "tcp", from_port: 22, to_port: 22},
40
- ],
41
- ip_permissions_list_egress: [
42
- {groups: [], ip_ranges: [{cidr_ip: "0.0.0.0/0"}], ip_protocol: "tcp", from_port: 22, to_port: 22 }
43
- ]
44
-
48
+ vpc_id: default_vpc.vpc_id,
49
+ ip_permissions: [set_ip_pemissions_mock_object(from_port: 22, to_port: 22, ip_protocol: "tcp", ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "0.0.0.0/0")])],
50
+ ip_permissions_egress: [set_ip_pemissions_mock_object(from_port: 22, to_port: 22, ip_protocol: "tcp", ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "0.0.0.0/0")])]
45
51
  ).and be_idempotent
46
52
  end
47
53
 
48
54
  it "raises an error trying to reference a security group by an unknown id" do
49
55
  expect_converge {
50
56
  aws_security_group 'sg-12345678'
51
- }.to raise_error(RuntimeError, /Chef::Resource::AwsSecurityGroup\[sg-12345678\] does not exist!/)
57
+ }.to raise_error(Aws::EC2::Errors::InvalidGroupNotFound, /aws_security_group\[sg-12345678\]/)
58
+
52
59
  expect_converge {
53
60
  aws_security_group 'test_sg' do
54
61
  security_group_id 'sg-12345678'
55
62
  end
56
- }.to raise_error(RuntimeError, /Chef::Resource::AwsSecurityGroup\[sg-12345678\] does not exist!/)
63
+ }.to raise_error(Aws::EC2::Errors::InvalidGroupNotFound, /aws_security_group\[test_sg\]/)
57
64
  end
58
65
 
59
66
  it "creates aws_security_group tags" do
@@ -108,27 +115,167 @@ describe Chef::Resource::AwsSecurityGroup do
108
115
  purge_all
109
116
  setup_public_vpc
110
117
 
111
- load_balancer "testloadbalancer" do
112
- load_balancer_options({
113
- subnets: ["test_public_subnet"],
114
- security_groups: ["test_security_group"]
115
- })
116
- end
118
+ # TODO Uncomment and test spec once the load balancer resource is fixed as per version 2
119
+ # load_balancer "testloadbalancer" do
120
+ # load_balancer_options({
121
+ # subnets: ["test_public_subnet"],
122
+ # security_groups: ["test_security_group"]
123
+ # })
124
+ # end
117
125
 
118
- it "aws_security_group 'test_sg' with no attributes works" do
126
+ it "aws_security_group 'test_sg' with no attributes works" do
119
127
  expect_recipe {
120
128
  aws_security_group 'test_sg' do
121
129
  vpc 'test_vpc'
122
130
  end
123
131
  }.to create_an_aws_security_group('test_sg',
124
132
  vpc_id: test_vpc.aws_object.id,
125
- ip_permissions_list: [],
126
- ip_permissions_list_egress: [{:groups=>[], :ip_ranges=>[{:cidr_ip=>"0.0.0.0/0"}], :ip_protocol=>"-1"}]
133
+ ip_permissions: [],
134
+ ip_permissions_egress: [set_ip_pemissions_mock_object(ip_protocol: "-1", ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "0.0.0.0/0")])]
127
135
  ).and be_idempotent
128
136
  end
129
137
 
130
- it "can specify rules as a mapping from source/destination to port and protocol" do
138
+ it "adds inbound and outbound_rules for source security_group " do
131
139
  expect_recipe {
140
+ aws_security_group 'test_sg' do
141
+ vpc 'test_vpc'
142
+ inbound_rules(
143
+ 'test_security_group' => 1200,
144
+ test_security_group.aws_object.id => 1201,
145
+ test_security_group.aws_object => 1202,
146
+ test_security_group => 1203,
147
+ {group_name: 'test_security_group'} => 1204,
148
+ {security_group: 'test_security_group'} => 1205
149
+ )
150
+ outbound_rules(
151
+ 1200 => 'test_security_group',
152
+ 1201 => test_security_group.aws_object.id,
153
+ 1202 => test_security_group.aws_object,
154
+ 1203 => test_security_group,
155
+ 1204 => {group_name: 'test_security_group'},
156
+ 1205 => {security_group: 'test_security_group'}
157
+ )
158
+ end
159
+ }.to create_an_aws_security_group('test_sg',
160
+ vpc_id: test_vpc.aws_object.id,
161
+ ip_permissions: [
162
+ set_ip_pemissions_mock_object(from_port: 1204, to_port: 1204, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)]),
163
+ set_ip_pemissions_mock_object(from_port: 1201, to_port: 1201, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)]),
164
+ set_ip_pemissions_mock_object(from_port: 1200, to_port: 1200, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)]),
165
+ set_ip_pemissions_mock_object(from_port: 1203, to_port: 1203, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)]),
166
+ set_ip_pemissions_mock_object(from_port: 1202, to_port: 1202, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)]),
167
+ set_ip_pemissions_mock_object(from_port: 1205, to_port: 1205, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)])
168
+ ],
169
+ ip_permissions_egress: [
170
+ set_ip_pemissions_mock_object(from_port: 1204, to_port: 1204, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)]),
171
+ set_ip_pemissions_mock_object(from_port: 1201, to_port: 1201, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)]),
172
+ set_ip_pemissions_mock_object(from_port: 1200, to_port: 1200, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)]),
173
+ set_ip_pemissions_mock_object(from_port: 1203, to_port: 1203, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)]),
174
+ set_ip_pemissions_mock_object(from_port: 1202, to_port: 1202, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)]),
175
+ set_ip_pemissions_mock_object(from_port: 1205, to_port: 1205, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)])
176
+ ]
177
+ ).and be_idempotent
178
+ end
179
+
180
+ it "adds inbound and outbound_rules for source security_group specified in hash " do
181
+ expect_recipe {
182
+ aws_security_group 'test_sg' do
183
+ vpc 'test_vpc'
184
+ inbound_rules([
185
+ { port: 1206, sources: 'test_security_group' },
186
+ { port: 1207, sources: test_security_group.aws_object.id },
187
+ { port: 1208, sources: test_security_group.aws_object },
188
+ { port: 1209, sources: test_security_group },
189
+ { port: 1210, sources: {group_name: 'test_security_group'} },
190
+ { port: 1211, sources: {security_group: 'test_security_group'} }
191
+ ])
192
+ outbound_rules([
193
+ { port: 1206, destinations: 'test_security_group' },
194
+ { port: 1207, destinations: test_security_group.aws_object.id },
195
+ { port: 1208, destinations: test_security_group.aws_object },
196
+ { port: 1209, destinations: test_security_group },
197
+ { port: 1210, destinations: {group_name: 'test_security_group'} },
198
+ { port: 1211, destinations: {security_group: 'test_security_group'} }
199
+ ])
200
+ end
201
+ }.to create_an_aws_security_group('test_sg',
202
+ vpc_id: test_vpc.aws_object.id,
203
+ ip_permissions: [
204
+ set_ip_pemissions_mock_object(from_port: 1207, to_port: 1207, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)]),
205
+ set_ip_pemissions_mock_object(from_port: 1209, to_port: 1209, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)]),
206
+ set_ip_pemissions_mock_object(from_port: 1206, to_port: 1206, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)]),
207
+ set_ip_pemissions_mock_object(from_port: 1211, to_port: 1211, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)]),
208
+ set_ip_pemissions_mock_object(from_port: 1210, to_port: 1210, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)]),
209
+ set_ip_pemissions_mock_object(from_port: 1208, to_port: 1208, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)]),
210
+ ],
211
+ ip_permissions_egress: [
212
+ set_ip_pemissions_mock_object(from_port: 1207, to_port: 1207, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)]),
213
+ set_ip_pemissions_mock_object(from_port: 1209, to_port: 1209, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)]),
214
+ set_ip_pemissions_mock_object(from_port: 1206, to_port: 1206, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)]),
215
+ set_ip_pemissions_mock_object(from_port: 1211, to_port: 1211, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)]),
216
+ set_ip_pemissions_mock_object(from_port: 1210, to_port: 1210, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)]),
217
+ set_ip_pemissions_mock_object(from_port: 1208, to_port: 1208, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)])
218
+ ]
219
+ ).and be_idempotent
220
+ end
221
+
222
+
223
+
224
+ # TODO : ADD when load balancer resource is fixed as per version 2
225
+ # it "adds inbound and outbound_rules for source load_balancer" do
226
+ # expect_recipe {
227
+ # aws_security_group 'test_sg' do
228
+ # vpc 'test_vpc'
229
+ # inbound_rules(
230
+ # testloadbalancer.aws_object => 1206,
231
+ # {load_balancer: 'testloadbalancer'} => 1207,
232
+ # )
233
+ # outbound_rules(
234
+ # 1206 => testloadbalancer.aws_object,
235
+ # 1207 => {load_balancer: 'testloadbalancer'},
236
+ # )
237
+ # end
238
+ # }.to create_an_aws_security_group('test_sg',
239
+ # vpc_id: test_vpc.aws_object.id,
240
+ # ip_permissions: [
241
+ # set_ip_pemissions_mock_object(from_port: 1206, to_port: 1206, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)]),
242
+ # set_ip_pemissions_mock_object(from_port: 1207, to_port: 1207, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)])
243
+ # ],
244
+ # ip_permissions_egress: [
245
+ # set_ip_pemissions_mock_object(from_port: 1206, to_port: 1206, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)]),
246
+ # set_ip_pemissions_mock_object(from_port: 1207, to_port: 1207, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)])
247
+ # ]
248
+ # ).and be_idempotent
249
+ # end
250
+
251
+ # it "adds inbound and outbound_rules for source load_balancer specified in hash" do
252
+ # expect_recipe {
253
+ # aws_security_group 'test_sg' do
254
+ # vpc 'test_vpc'
255
+ # inbound_rules([
256
+ # { port: 1206, sources: testloadbalancer.aws_object },
257
+ # { port: 1207, sources: {load_balancer: 'testloadbalancer'}}
258
+ # ])
259
+ # outbound_rules([
260
+ # { port: 1206, destinations: testloadbalancer.aws_object },
261
+ # { port: 1207, destinations: {load_balancer: 'testloadbalancer'}}
262
+ # ])
263
+ # end
264
+ # }.to create_an_aws_security_group('test_sg',
265
+ # vpc_id: test_vpc.aws_object.id,
266
+ # ip_permissions: [
267
+ # set_ip_pemissions_mock_object(from_port: 1206, to_port: 1206, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)]),
268
+ # set_ip_pemissions_mock_object(from_port: 1207, to_port: 1207, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)])
269
+ # ],
270
+ # ip_permissions_egress: [
271
+ # set_ip_pemissions_mock_object(from_port: 1206, to_port: 1206, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)]),
272
+ # set_ip_pemissions_mock_object(from_port: 1207, to_port: 1207, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)])
273
+ # ]
274
+ # ).and be_idempotent
275
+ # end
276
+
277
+ it "can specify rules as a mapping from source/destination to port and protocol" do
278
+ expect_recipe {
132
279
  aws_security_group 'test_sg' do
133
280
  # We need to define a list of ports and its easier to use a method than
134
281
  # have to add a new number when changing this test
@@ -145,19 +292,18 @@ describe Chef::Resource::AwsSecurityGroup do
145
292
  "10.0.0.#{counter}/32" => { ports: 1003..1003, protocol: -1 },
146
293
  "10.0.0.#{counter}/32" => { port_range: 1004..1005, protocol: -1 },
147
294
  "10.0.0.#{counter}/32" => { port_range: [1006, 1007, 1108], protocol: -1 },
148
- # If the protocol isn't `-1` and you don't specify all the ports
149
- # aws wants `port_range` to be nil
295
+ # If the protocol isn't `-1` and you don't specify all the ports
296
+ # aws wants `port_range` to be nil
150
297
  "10.0.0.#{counter}/32" => { ports: nil, protocol: :tcp },
151
298
  "10.0.0.#{counter}/32" => { port_range: 0..65535, protocol: :udp },
152
299
  "10.0.0.#{counter}/32" => { port_range: -1, protocol: :icmp },
153
- "10.0.0.#{counter}/32" => { port_range: 1..2, protocol: :icmp },
154
300
  "10.0.0.#{counter}/32" => { port_range: 1011, protocol: :any },
155
301
  "10.0.0.#{counter}/32" => { port_range: 1012, protocol: nil },
156
302
  "10.0.0.#{counter}/32" => { port: 1013 },
157
303
  "10.0.0.#{counter}/32" => { port: 1014..1014 },
158
304
  "10.0.0.#{counter}/32" => { port: [1015, 1016, 1117] },
159
305
  "10.0.0.#{counter}/32" => { port: :icmp },
160
- "10.0.0.#{counter}/32" => { port: 'tCp' },
306
+ "10.0.0.#{counter}/32" => { port: 'tcp' },
161
307
  "10.0.0.#{counter}/32" => { port: nil },
162
308
  "10.0.0.#{counter}/32" => { protocol: -1 },
163
309
  "10.0.0.#{counter}/32" => { protocol: :any },
@@ -174,19 +320,8 @@ describe Chef::Resource::AwsSecurityGroup do
174
320
  "10.0.0.#{counter}/32" => -1,
175
321
  "10.0.0.#{counter}/32" => :"-1",
176
322
  ["10.0.0.#{counter}/32", "10.0.0.#{counter}/32"] => :all,
177
- 'test_security_group' => 1200,
178
- test_security_group.aws_object.id => 1201,
179
- test_security_group.aws_object => 1202,
180
- test_security_group => 1203,
181
- # cannot get the ID from the v1 api object
182
- #testloadbalancer.aws_object.id => 1205,
183
- testloadbalancer.aws_object => 1206,
184
- # Cannot specify a LoadBalancer resource, only AwsLoadBalancer
185
- #testloadbalancer => 1207,
186
- {group_name: 'test_security_group'} => 1208,
187
- {load_balancer: 'testloadbalancer'} => 1209,
188
- {security_group: 'test_security_group'} => 1210,
189
- )
323
+ "10.0.0.#{counter}/32" => { port_range: 1..2, protocol: :icmp }
324
+ )
190
325
  outbound_rules(
191
326
  { port_range: -1..-1, protocol: -1 } => "10.0.0.#{counter}/32",
192
327
  { port: -1, protocol: -1 } => "10.0.0.#{counter}/32",
@@ -194,8 +329,8 @@ describe Chef::Resource::AwsSecurityGroup do
194
329
  { ports: 1003..1003, protocol: -1 } => "10.0.0.#{counter}/32",
195
330
  { port_range: 1004..1005, protocol: -1 } => "10.0.0.#{counter}/32",
196
331
  { port_range: [1006, 1007, 1108], protocol: -1 } => "10.0.0.#{counter}/32",
197
- # If the protocol isn't `-1` and you don't specify all the ports
198
- # aws wants `port_range` to be nil{ ports: nil, protocol: :tcp } => "10.0.0.#{counter}/32",
332
+ # # If the protocol isn't `-1` and you don't specify all the ports
333
+ # # aws wants `port_range` to be nil{ ports: nil, protocol: :tcp } => "10.0.0.#{counter}/32",
199
334
  { port_range: 0..65535, protocol: :udp } => "10.0.0.#{counter}/32",
200
335
  { port_range: -1, protocol: :icmp } => "10.0.0.#{counter}/32",
201
336
  { port_range: 1..2, protocol: :icmp } => "10.0.0.#{counter}/32",
@@ -221,81 +356,57 @@ describe Chef::Resource::AwsSecurityGroup do
221
356
  nil => "10.0.0.#{counter}/32",
222
357
  -1 => "10.0.0.#{counter}/32",
223
358
  :"-1" => "10.0.0.#{counter}/32",
224
- :all => ["10.0.0.#{counter}/32", "10.0.0.#{counter}/32"],
225
- 1200 => 'test_security_group',
226
- 1201 => test_security_group.aws_object.id,
227
- 1202 => test_security_group.aws_object,
228
- 1203 => test_security_group,
229
- # cannot get the ID from the v1 api object
230
- #1205 => testloadbalancer.aws_object.id,
231
- 1206 => testloadbalancer.aws_object,
232
- # Cannot specify a LoadBalancer resource, only AwsLoadBalancer
233
- #1207 => testloadbalancer,
234
- 1208 => {group_name: 'test_security_group'},
235
- 1209 => {load_balancer: 'testloadbalancer'},
236
- 1210 => {security_group: 'test_security_group'},
237
- )
359
+ :all => ["10.0.0.#{counter}/32", "10.0.0.#{counter}/32"]
360
+ )
238
361
  end
239
- }.to create_an_aws_security_group('test_sg',
240
- vpc_id: test_vpc.aws_object.id,
241
- ip_permissions_list: Set[
242
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.1/32"}, {:cidr_ip=>"10.0.0.11/32"}, {:cidr_ip=>"10.0.0.19/32"}, {:cidr_ip=>"10.0.0.2/32"}, {:cidr_ip=>"10.0.0.20/32"}, {:cidr_ip=>"10.0.0.3/32"}, {:cidr_ip=>"10.0.0.30/32"}, {:cidr_ip=>"10.0.0.32/32"}, {:cidr_ip=>"10.0.0.33/32"}, {:cidr_ip=>"10.0.0.34/32"}, {:cidr_ip=>"10.0.0.4/32"}, {:cidr_ip=>"10.0.0.5/32"}, {:cidr_ip=>"10.0.0.6/32"}], :ip_protocol=>"-1"},
243
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.17/32"}, {:cidr_ip=>"10.0.0.18/32"}, {:cidr_ip=>"10.0.0.22/32"}, {:cidr_ip=>"10.0.0.28/32"}, {:cidr_ip=>"10.0.0.31/32"}, {:cidr_ip=>"10.0.0.7/32"}], :ip_protocol=>"tcp", :from_port=>0, :to_port=>0},
244
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.8/32"}], :ip_protocol=>"udp", :from_port=>0, :to_port=>65535},
245
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.9/32"}], :ip_protocol=>"icmp", :from_port=>-1, :to_port=>-1},
246
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.10/32"}], :ip_protocol=>"icmp", :from_port=>1, :to_port=>2},
247
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.12/32"}], :ip_protocol=>"tcp", :from_port=>1012, :to_port=>1012},
248
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.13/32"}], :ip_protocol=>"tcp", :from_port=>1013, :to_port=>1013},
249
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.14/32"}], :ip_protocol=>"tcp", :from_port=>1014, :to_port=>1014},
250
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.15/32"}], :ip_protocol=>"tcp", :from_port=>1117, :to_port=>1117},
251
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.15/32"}], :ip_protocol=>"tcp", :from_port=>1015, :to_port=>1015},
252
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.15/32"}], :ip_protocol=>"tcp", :from_port=>1016, :to_port=>1016},
253
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.16/32"}, {:cidr_ip=>"10.0.0.26/32"}, {:cidr_ip=>"10.0.0.27/32"}], :ip_protocol=>"icmp", :from_port=>0, :to_port=>0},
254
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.21/32"}, {:cidr_ip=>"10.0.0.29/32"}], :ip_protocol=>"udp", :from_port=>0, :to_port=>0},
255
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.23/32"}], :ip_protocol=>"tcp", :from_port=>1020, :to_port=>1020},
256
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.24/32"}], :ip_protocol=>"tcp", :from_port=>1021, :to_port=>1023},
257
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.25/32"}], :ip_protocol=>"tcp", :from_port=>1024, :to_port=>1024},
258
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.25/32"}], :ip_protocol=>"tcp", :from_port=>1025, :to_port=>1025},
259
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.25/32"}], :ip_protocol=>"tcp", :from_port=>1125, :to_port=>1125},
260
- {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1200, :to_port=>1200},
261
- {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1201, :to_port=>1201},
262
- {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1202, :to_port=>1202},
263
- {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1203, :to_port=>1203},
264
- {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1206, :to_port=>1206},
265
- {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1208, :to_port=>1208},
266
- {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1209, :to_port=>1209},
267
- {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1210, :to_port=>1210}
268
- ],
269
- ip_permissions_list_egress: Set[
270
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.35/32"}, {:cidr_ip=>"10.0.0.36/32"}, {:cidr_ip=>"10.0.0.37/32"}, {:cidr_ip=>"10.0.0.38/32"}, {:cidr_ip=>"10.0.0.39/32"}, {:cidr_ip=>"10.0.0.40/32"}, {:cidr_ip=>"10.0.0.44/32"}, {:cidr_ip=>"10.0.0.52/32"}, {:cidr_ip=>"10.0.0.53/32"}, {:cidr_ip=>"10.0.0.63/32"}, {:cidr_ip=>"10.0.0.65/32"}, {:cidr_ip=>"10.0.0.66/32"}, {:cidr_ip=>"10.0.0.67/32"}], :ip_protocol=>"-1"},
271
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.41/32"}], :ip_protocol=>"udp", :from_port=>0, :to_port=>65535},
272
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.42/32"}], :ip_protocol=>"icmp", :from_port=>-1, :to_port=>-1},
273
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.43/32"}], :ip_protocol=>"icmp", :from_port=>1, :to_port=>2},
274
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.45/32"}], :ip_protocol=>"tcp", :from_port=>1012, :to_port=>1012},
275
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.46/32"}], :ip_protocol=>"tcp", :from_port=>1013, :to_port=>1013},
276
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.47/32"}], :ip_protocol=>"tcp", :from_port=>1014, :to_port=>1014},
277
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.48/32"}], :ip_protocol=>"tcp", :from_port=>1015, :to_port=>1015},
278
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.48/32"}], :ip_protocol=>"tcp", :from_port=>1016, :to_port=>1016},
279
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.48/32"}], :ip_protocol=>"tcp", :from_port=>1117, :to_port=>1117},
280
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.49/32"}, {:cidr_ip=>"10.0.0.59/32"}, {:cidr_ip=>"10.0.0.60/32"}], :ip_protocol=>"icmp", :from_port=>0, :to_port=>0},
281
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.50/32"}, {:cidr_ip=>"10.0.0.51/32"}, {:cidr_ip=>"10.0.0.55/32"}, {:cidr_ip=>"10.0.0.61/32"}, {:cidr_ip=>"10.0.0.64/32"}], :ip_protocol=>"tcp", :from_port=>0, :to_port=>0},
282
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.54/32"}, {:cidr_ip=>"10.0.0.62/32"}], :ip_protocol=>"udp", :from_port=>0, :to_port=>0},
283
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.56/32"}], :ip_protocol=>"tcp", :from_port=>1020, :to_port=>1020},
284
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.57/32"}], :ip_protocol=>"tcp", :from_port=>1021, :to_port=>1023},
285
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.58/32"}], :ip_protocol=>"tcp", :from_port=>1024, :to_port=>1024},
286
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.58/32"}], :ip_protocol=>"tcp", :from_port=>1025, :to_port=>1025},
287
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.58/32"}], :ip_protocol=>"tcp", :from_port=>1125, :to_port=>1125},
288
- {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1200, :to_port=>1200},
289
- {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1201, :to_port=>1201},
290
- {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1202, :to_port=>1202},
291
- {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1203, :to_port=>1203},
292
- {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1206, :to_port=>1206},
293
- {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1208, :to_port=>1208},
294
- {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1209, :to_port=>1209},
295
- {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1210, :to_port=>1210}
296
- ]
297
- ).and be_idempotent
298
- end
362
+ }.to create_an_aws_security_group('test_sg',
363
+ vpc_id: test_vpc.aws_object.id,
364
+ ip_permissions: [
365
+ set_ip_pemissions_mock_object(from_port: 1125, to_port: 1125, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.24/32")], ip_protocol: "tcp"),
366
+ set_ip_pemissions_mock_object(from_port: 1025, to_port: 1025, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.24/32")], ip_protocol: "tcp"),
367
+ set_ip_pemissions_mock_object(from_port: 1012, to_port: 1012, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.11/32")], ip_protocol: "tcp"),
368
+ set_ip_pemissions_mock_object(from_port: 0, to_port: 0, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.7/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.16/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.17/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.21/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.27/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.30/32")], ip_protocol: "tcp"),
369
+ # Note: Sometimes response ip_ranges array sequence changes and test fails
370
+ # set_ip_pemissions_mock_object(from_port: 0, to_port: 0, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.16/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.17/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.21/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.27/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.30/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.7/32")], ip_protocol: "tcp"),
371
+ set_ip_pemissions_mock_object(from_port: -1, to_port: -1, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.9/32")], ip_protocol: "icmp"),
372
+ set_ip_pemissions_mock_object(from_port: 1117, to_port: 1117, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.14/32")], ip_protocol: "tcp"),
373
+ set_ip_pemissions_mock_object(from_port: 1014, to_port: 1014, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.13/32")], ip_protocol: "tcp"),
374
+ set_ip_pemissions_mock_object(from_port: 0, to_port: 0, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.15/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.25/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.26/32")], ip_protocol: "icmp"),
375
+ set_ip_pemissions_mock_object(from_port: 0, to_port: 0, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.20/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.28/32")], ip_protocol: "udp"),
376
+ set_ip_pemissions_mock_object(from_port: 1013, to_port: 1013, ip_ranges: [ Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.12/32")], ip_protocol: "tcp"),
377
+ set_ip_pemissions_mock_object(ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.1/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.2/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.3/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.4/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.5/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.6/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.10/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.18/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.19/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.29/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.31/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.32/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.33/32")], ip_protocol: "-1"),
378
+ # Note: Sometimes response ip_ranges array sequence changes and test fails
379
+ # set_ip_pemissions_mock_object(ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.1/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.10/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.18/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.19/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.2/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.29/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.3/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.31/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.32/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.33/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.4/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.5/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.6/32")], ip_protocol: "-1"),
380
+ set_ip_pemissions_mock_object(from_port: 1016, to_port: 1016, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.14/32")], ip_protocol: "tcp"),
381
+ set_ip_pemissions_mock_object(from_port: 1024, to_port: 1024, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.24/32")], ip_protocol: "tcp"),
382
+ set_ip_pemissions_mock_object(from_port: 1, to_port: 2, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.34/32")], ip_protocol: "icmp"),
383
+ set_ip_pemissions_mock_object(from_port: 1015, to_port: 1015, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.14/32")], ip_protocol: "tcp"),
384
+ set_ip_pemissions_mock_object(from_port: 1021, to_port: 1023, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.23/32")], ip_protocol: "tcp"),
385
+ set_ip_pemissions_mock_object(from_port: 1020, to_port: 1020, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.22/32")], ip_protocol: "tcp"),
386
+ set_ip_pemissions_mock_object(from_port: 0, to_port: 65535, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.8/32")], ip_protocol: "udp")
387
+ ],
388
+ ip_permissions_egress: [
389
+ set_ip_pemissions_mock_object(from_port: 1125, to_port: 1125, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.58/32")], ip_protocol: "tcp"),
390
+ set_ip_pemissions_mock_object(from_port: 1025, to_port: 1025, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.58/32")], ip_protocol: "tcp"),
391
+ set_ip_pemissions_mock_object(from_port: 1012, to_port: 1012, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.45/32")], ip_protocol: "tcp"),
392
+ set_ip_pemissions_mock_object(from_port: 0, to_port: 0, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.50/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.51/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.55/32"),Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.61/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.64/32")], ip_protocol: "tcp"),
393
+ set_ip_pemissions_mock_object(from_port: -1, to_port: -1, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.42/32")], ip_protocol: "icmp"),
394
+ set_ip_pemissions_mock_object(from_port: 1117, to_port: 1117, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.48/32")], ip_protocol: "tcp"),
395
+ set_ip_pemissions_mock_object(from_port: 1014, to_port: 1014, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.47/32")], ip_protocol: "tcp"),
396
+ set_ip_pemissions_mock_object(from_port: 0, to_port: 0, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.49/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.59/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.60/32")], ip_protocol: "icmp"),
397
+ set_ip_pemissions_mock_object(from_port: 0, to_port: 0, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.54/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.62/32")], ip_protocol: "udp"),
398
+ set_ip_pemissions_mock_object(from_port: 1013, to_port: 1013, ip_ranges: [ Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.46/32")], ip_protocol: "tcp"),
399
+ set_ip_pemissions_mock_object(ip_protocol: "-1", ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.35/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.36/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.37/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.38/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.39/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.40/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.44/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.52/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.53/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.63/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.65/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.66/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.67/32") ]),
400
+ set_ip_pemissions_mock_object(from_port: 1016, to_port: 1016, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.48/32")], ip_protocol: "tcp"),
401
+ set_ip_pemissions_mock_object(from_port: 1024, to_port: 1024, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.58/32")], ip_protocol: "tcp"),
402
+ set_ip_pemissions_mock_object(from_port: 1, to_port: 2, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.43/32")], ip_protocol: "icmp"),
403
+ set_ip_pemissions_mock_object(from_port: 1015, to_port: 1015, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.48/32")], ip_protocol: "tcp"),
404
+ set_ip_pemissions_mock_object(from_port: 1021, to_port: 1023, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.57/32")], ip_protocol: "tcp"),
405
+ set_ip_pemissions_mock_object(from_port: 1020, to_port: 1020, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.56/32")], ip_protocol: "tcp"),
406
+ set_ip_pemissions_mock_object(from_port: 0, to_port: 65535, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.41/32")], ip_protocol: "udp")
407
+ ]
408
+ ).and be_idempotent
409
+ end
299
410
 
300
411
  it "can specify rules as a hash" do
301
412
  expect_recipe {
@@ -320,7 +431,6 @@ describe Chef::Resource::AwsSecurityGroup do
320
431
  { sources: "10.0.0.#{counter}/32", ports: nil, protocol: :tcp },
321
432
  { sources: "10.0.0.#{counter}/32", port_range: 0..65535, protocol: :udp },
322
433
  { sources: "10.0.0.#{counter}/32", port_range: -1, protocol: :icmp },
323
- { sources: "10.0.0.#{counter}/32", port_range: 1..2, protocol: :icmp },
324
434
  { sources: "10.0.0.#{counter}/32", port_range: 1011, protocol: :any },
325
435
  { sources: "10.0.0.#{counter}/32", port_range: 1012, protocol: nil },
326
436
  { sources: "10.0.0.#{counter}/32", port: 1013 },
@@ -344,18 +454,7 @@ describe Chef::Resource::AwsSecurityGroup do
344
454
  { sources: "10.0.0.#{counter}/32", port_range: -1 },
345
455
  { sources: "10.0.0.#{counter}/32", port_range: :"-1" },
346
456
  { sources: ["10.0.0.#{counter}/32", "10.0.0.#{counter}/32"], port_range: :all },
347
- { sources: 'test_security_group', port: 1200 },
348
- { sources: test_security_group.aws_object.id, port: 1201 },
349
- { sources: test_security_group.aws_object, port: 1202 },
350
- { sources: test_security_group, port: 1203 },
351
- # cannot get the ID from the v1 api object
352
- #testloadbalancer.aws_object.id => 1205,
353
- { sources: testloadbalancer.aws_object, port: 1206 },
354
- # Cannot specify a LoadBalancer resource, only AwsLoadBalancer
355
- #testloadbalancer => 1207,
356
- { sources: {group_name: 'test_security_group'}, port: 1208 },
357
- { sources: {load_balancer: 'testloadbalancer'}, port: 1209 },
358
- { sources: {security_group: 'test_security_group'}, port: 1210 },
457
+ { sources: "10.0.0.#{counter}/32", port_range: 1..2, protocol: :icmp }
359
458
  ])
360
459
  outbound_rules([
361
460
  { port_range: -1..-1, protocol: -1, destinations: "10.0.0.#{counter}/32" },
@@ -392,78 +491,52 @@ describe Chef::Resource::AwsSecurityGroup do
392
491
  { port_range: -1, destinations: "10.0.0.#{counter}/32" },
393
492
  { port_range: :"-1", destinations: "10.0.0.#{counter}/32" },
394
493
  { port_range: :all, destinations: ["10.0.0.#{counter}/32", "10.0.0.#{counter}/32"] },
395
- { port: 1200, destinations: 'test_security_group' },
396
- { port: 1201, destinations: test_security_group.aws_object.id },
397
- { port: 1202, destinations: test_security_group.aws_object },
398
- { port: 1203, destinations: test_security_group },
399
- # cannot get the ID from the v1 api object
400
- #{ port: 1205, destinations: testloadbalancer.aws_object.id },
401
- { port: 1206, destinations: testloadbalancer.aws_object },
402
- # Cannot specify a LoadBalancer resource, only AwsLoadBalancer
403
- #{ port: 1207, destinations: testloadbalancer },
404
- { port: 1208, destinations: {group_name: 'test_security_group'} },
405
- { port: 1209, destinations: {load_balancer: 'testloadbalancer'} },
406
- { port: 1210, destinations: {security_group: 'test_security_group'} },
407
494
  ])
408
495
  end
409
496
  }.to create_an_aws_security_group('test_sg',
410
497
  vpc_id: test_vpc.aws_object.id,
411
- ip_permissions_list: Set[
412
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.1/32"}, {:cidr_ip=>"10.0.0.11/32"}, {:cidr_ip=>"10.0.0.19/32"}, {:cidr_ip=>"10.0.0.2/32"}, {:cidr_ip=>"10.0.0.20/32"}, {:cidr_ip=>"10.0.0.3/32"}, {:cidr_ip=>"10.0.0.32/32"}, {:cidr_ip=>"10.0.0.33/32"}, {:cidr_ip=>"10.0.0.34/32"}, {:cidr_ip=>"10.0.0.4/32"}, {:cidr_ip=>"10.0.0.5/32"}, {:cidr_ip=>"10.0.0.6/32"}], :ip_protocol=>"-1"},
413
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.17/32"}, {:cidr_ip=>"10.0.0.18/32"}, {:cidr_ip=>"10.0.0.22/32"}, {:cidr_ip=>"10.0.0.28/32"}, {:cidr_ip=>"10.0.0.30/32"}, {:cidr_ip=>"10.0.0.31/32"}, {:cidr_ip=>"10.0.0.7/32"}], :ip_protocol=>"tcp", :from_port=>0, :to_port=>0},
414
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.8/32"}], :ip_protocol=>"udp", :from_port=>0, :to_port=>65535},
415
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.9/32"}], :ip_protocol=>"icmp", :from_port=>-1, :to_port=>-1},
416
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.10/32"}], :ip_protocol=>"icmp", :from_port=>1, :to_port=>2},
417
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.12/32"}], :ip_protocol=>"tcp", :from_port=>1012, :to_port=>1012},
418
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.13/32"}], :ip_protocol=>"tcp", :from_port=>1013, :to_port=>1013},
419
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.14/32"}], :ip_protocol=>"tcp", :from_port=>1014, :to_port=>1014},
420
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.15/32"}], :ip_protocol=>"tcp", :from_port=>1117, :to_port=>1117},
421
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.15/32"}], :ip_protocol=>"tcp", :from_port=>1015, :to_port=>1015},
422
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.15/32"}], :ip_protocol=>"tcp", :from_port=>1016, :to_port=>1016},
423
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.16/32"}, {:cidr_ip=>"10.0.0.26/32"}, {:cidr_ip=>"10.0.0.27/32"}], :ip_protocol=>"icmp", :from_port=>0, :to_port=>0},
424
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.21/32"}, {:cidr_ip=>"10.0.0.29/32"}], :ip_protocol=>"udp", :from_port=>0, :to_port=>0},
425
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.23/32"}], :ip_protocol=>"tcp", :from_port=>1020, :to_port=>1020},
426
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.24/32"}], :ip_protocol=>"tcp", :from_port=>1021, :to_port=>1023},
427
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.25/32"}], :ip_protocol=>"tcp", :from_port=>1024, :to_port=>1024},
428
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.25/32"}], :ip_protocol=>"tcp", :from_port=>1025, :to_port=>1025},
429
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.25/32"}], :ip_protocol=>"tcp", :from_port=>1125, :to_port=>1125},
430
- {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1200, :to_port=>1200},
431
- {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1201, :to_port=>1201},
432
- {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1202, :to_port=>1202},
433
- {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1203, :to_port=>1203},
434
- {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1206, :to_port=>1206},
435
- {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1208, :to_port=>1208},
436
- {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1209, :to_port=>1209},
437
- {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1210, :to_port=>1210}
438
- ],
439
- ip_permissions_list_egress: Set[
440
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.35/32"}, {:cidr_ip=>"10.0.0.36/32"}, {:cidr_ip=>"10.0.0.37/32"}, {:cidr_ip=>"10.0.0.38/32"}, {:cidr_ip=>"10.0.0.39/32"}, {:cidr_ip=>"10.0.0.40/32"}, {:cidr_ip=>"10.0.0.44/32"}, {:cidr_ip=>"10.0.0.52/32"}, {:cidr_ip=>"10.0.0.53/32"}, {:cidr_ip=>"10.0.0.65/32"}, {:cidr_ip=>"10.0.0.66/32"}, {:cidr_ip=>"10.0.0.67/32"}], :ip_protocol=>"-1"},
441
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.41/32"}], :ip_protocol=>"udp", :from_port=>0, :to_port=>65535},
442
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.42/32"}], :ip_protocol=>"icmp", :from_port=>-1, :to_port=>-1},
443
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.43/32"}], :ip_protocol=>"icmp", :from_port=>1, :to_port=>2},
444
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.45/32"}], :ip_protocol=>"tcp", :from_port=>1012, :to_port=>1012},
445
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.46/32"}], :ip_protocol=>"tcp", :from_port=>1013, :to_port=>1013},
446
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.47/32"}], :ip_protocol=>"tcp", :from_port=>1014, :to_port=>1014},
447
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.48/32"}], :ip_protocol=>"tcp", :from_port=>1015, :to_port=>1015},
448
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.48/32"}], :ip_protocol=>"tcp", :from_port=>1016, :to_port=>1016},
449
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.48/32"}], :ip_protocol=>"tcp", :from_port=>1117, :to_port=>1117},
450
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.49/32"}, {:cidr_ip=>"10.0.0.59/32"}, {:cidr_ip=>"10.0.0.60/32"}], :ip_protocol=>"icmp", :from_port=>0, :to_port=>0},
451
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.50/32"}, {:cidr_ip=>"10.0.0.51/32"}, {:cidr_ip=>"10.0.0.55/32"}, {:cidr_ip=>"10.0.0.61/32"}, {:cidr_ip=>"10.0.0.63/32"}, {:cidr_ip=>"10.0.0.64/32"}], :ip_protocol=>"tcp", :from_port=>0, :to_port=>0},
452
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.54/32"}, {:cidr_ip=>"10.0.0.62/32"}], :ip_protocol=>"udp", :from_port=>0, :to_port=>0},
453
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.56/32"}], :ip_protocol=>"tcp", :from_port=>1020, :to_port=>1020},
454
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.57/32"}], :ip_protocol=>"tcp", :from_port=>1021, :to_port=>1023},
455
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.58/32"}], :ip_protocol=>"tcp", :from_port=>1024, :to_port=>1024},
456
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.58/32"}], :ip_protocol=>"tcp", :from_port=>1025, :to_port=>1025},
457
- {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.58/32"}], :ip_protocol=>"tcp", :from_port=>1125, :to_port=>1125},
458
- {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1200, :to_port=>1200},
459
- {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1201, :to_port=>1201},
460
- {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1202, :to_port=>1202},
461
- {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1203, :to_port=>1203},
462
- {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1206, :to_port=>1206},
463
- {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1208, :to_port=>1208},
464
- {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1209, :to_port=>1209},
465
- {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1210, :to_port=>1210}
466
- ]
498
+ ip_permissions: [
499
+ set_ip_pemissions_mock_object(from_port: 1125, to_port: 1125, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.24/32")], ip_protocol: "tcp"),
500
+ set_ip_pemissions_mock_object(from_port: 1025, to_port: 1025, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.24/32")], ip_protocol: "tcp"),
501
+ set_ip_pemissions_mock_object(from_port: 1012, to_port: 1012, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.11/32")], ip_protocol: "tcp"),
502
+ # Note: Sometimes response ip_ranges array sequence changes and test fails
503
+ set_ip_pemissions_mock_object(from_port: 0, to_port: 0, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.7/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.16/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.17/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.21/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.27/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.29/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.30/32")], ip_protocol: "tcp"),
504
+ set_ip_pemissions_mock_object(from_port: -1, to_port: -1, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.9/32")], ip_protocol: "icmp"),
505
+ set_ip_pemissions_mock_object(from_port: 1117, to_port: 1117, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.14/32")], ip_protocol: "tcp"),
506
+ set_ip_pemissions_mock_object(from_port: 1014, to_port: 1014, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.13/32")], ip_protocol: "tcp"),
507
+ set_ip_pemissions_mock_object(from_port: 0, to_port: 0, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.15/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.25/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.26/32")], ip_protocol: "icmp"),
508
+ set_ip_pemissions_mock_object(from_port: 0, to_port: 0, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.20/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.28/32")], ip_protocol: "udp"),
509
+ set_ip_pemissions_mock_object(from_port: 1013, to_port: 1013, ip_ranges: [ Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.12/32")], ip_protocol: "tcp"),
510
+ # Note: Sometimes response ip_ranges array sequence changes and test fails
511
+ set_ip_pemissions_mock_object(ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.1/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.2/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.3/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.4/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.5/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.6/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.10/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.18/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.19/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.31/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.32/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.33/32")], ip_protocol: "-1"),
512
+ set_ip_pemissions_mock_object(from_port: 1016, to_port: 1016, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.14/32")], ip_protocol: "tcp"),
513
+ set_ip_pemissions_mock_object(from_port: 1024, to_port: 1024, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.24/32")], ip_protocol: "tcp"),
514
+ set_ip_pemissions_mock_object(from_port: 1, to_port: 2, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.34/32")], ip_protocol: "icmp"),
515
+ set_ip_pemissions_mock_object(from_port: 1015, to_port: 1015, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.14/32")], ip_protocol: "tcp"),
516
+ set_ip_pemissions_mock_object(from_port: 1021, to_port: 1023, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.23/32")], ip_protocol: "tcp"),
517
+ set_ip_pemissions_mock_object(from_port: 1020, to_port: 1020, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.22/32")], ip_protocol: "tcp"),
518
+ set_ip_pemissions_mock_object(from_port: 0, to_port: 65535, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.8/32")], ip_protocol: "udp")
519
+ ],
520
+ ip_permissions_egress: [
521
+ set_ip_pemissions_mock_object(from_port: 1125, to_port: 1125, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.58/32")], ip_protocol: "tcp"),
522
+ set_ip_pemissions_mock_object(from_port: 1025, to_port: 1025, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.58/32")], ip_protocol: "tcp"),
523
+ set_ip_pemissions_mock_object(from_port: 1012, to_port: 1012, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.45/32")], ip_protocol: "tcp"),
524
+ set_ip_pemissions_mock_object(from_port: 0, to_port: 0, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.50/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.51/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.55/32"),Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.61/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.63/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.64/32")], ip_protocol: "tcp"),
525
+ set_ip_pemissions_mock_object(from_port: -1, to_port: -1, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.42/32")], ip_protocol: "icmp"),
526
+ set_ip_pemissions_mock_object(from_port: 1117, to_port: 1117, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.48/32")], ip_protocol: "tcp"),
527
+ set_ip_pemissions_mock_object(from_port: 1014, to_port: 1014, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.47/32")], ip_protocol: "tcp"),
528
+ set_ip_pemissions_mock_object(from_port: 0, to_port: 0, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.49/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.59/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.60/32")], ip_protocol: "icmp"),
529
+ set_ip_pemissions_mock_object(from_port: 0, to_port: 0, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.54/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.62/32")], ip_protocol: "udp"),
530
+ set_ip_pemissions_mock_object(from_port: 1013, to_port: 1013, ip_ranges: [ Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.46/32")], ip_protocol: "tcp"),
531
+ set_ip_pemissions_mock_object(ip_protocol: "-1", ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.35/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.36/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.37/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.38/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.39/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.40/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.44/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.52/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.53/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.65/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.66/32"), Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.67/32") ]),
532
+ set_ip_pemissions_mock_object(from_port: 1016, to_port: 1016, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.48/32")], ip_protocol: "tcp"),
533
+ set_ip_pemissions_mock_object(from_port: 1024, to_port: 1024, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.58/32")], ip_protocol: "tcp"),
534
+ set_ip_pemissions_mock_object(from_port: 1, to_port: 2, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.43/32")], ip_protocol: "icmp"),
535
+ set_ip_pemissions_mock_object(from_port: 1015, to_port: 1015, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.48/32")], ip_protocol: "tcp"),
536
+ set_ip_pemissions_mock_object(from_port: 1021, to_port: 1023, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.57/32")], ip_protocol: "tcp"),
537
+ set_ip_pemissions_mock_object(from_port: 1020, to_port: 1020, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.56/32")], ip_protocol: "tcp"),
538
+ set_ip_pemissions_mock_object(from_port: 0, to_port: 65535, ip_ranges: [Aws::EC2::Types::IpRange.new(cidr_ip: "10.0.0.41/32")], ip_protocol: "udp")
539
+ ]
467
540
  ).and be_idempotent
468
541
  end
469
542
  end
@@ -472,6 +545,7 @@ describe Chef::Resource::AwsSecurityGroup do
472
545
  aws_vpc 'test_vpc1' do
473
546
  cidr_block '10.0.0.0/24'
474
547
  end
548
+
475
549
  aws_vpc 'test_vpc2' do
476
550
  cidr_block '10.0.0.0/24'
477
551
  end
@@ -512,7 +586,7 @@ describe Chef::Resource::AwsSecurityGroup do
512
586
  end
513
587
  aws_obj = r.aws_object
514
588
  }.to_not raise_error
515
- expect(aws_obj.vpc.tags['Name']).to eq('test_vpc1')
589
+ expect(aws_obj.vpc_id).to eq(driver.ec2.describe_vpcs({filters: [{name: "tag-value", values: ["test_vpc1"]}]})[:vpcs].first.vpc_id)
516
590
  end
517
591
  end
518
592