def test_clear_ips_name(self):
all_ips = [
'1.2.3.4',
'1.2.3.5',
]
ignore_ips = [
'1.2.3.4',
'87.65.43.21'
]
self.add_ips(self.target_security_group, all_ips)
self.add_ips(self.admin_security_group, ignore_ips)
self.assertTrue(
all(self.group_contains_ip(self.target_security_group, ip) for ip in all_ips)
)
self.assertTrue(
all(self.group_contains_ip(self.admin_security_group, ip) for ip in ignore_ips)
)
cleared_ips = clear_ips(self.target_security_group.group_name)
self.assertEqual(
sorted(all_ips),
sorted(cleared_ips)
)
self.assertFalse(
any(self.group_contains_ip(self.target_security_group, ip) for ip in all_ips)
)
self.assertTrue(
all(self.group_contains_ip(self.admin_security_group, ip) for ip in ignore_ips)
)
def test_clear_ips_ignore_ports(self):
all_ips = [
'1.2.3.4',
'1.2.3.5',
]
keep_ports = [
(443, 443),
(22, 443),
(443, 22)
]
keep_ips = [
'56.78.99.99',
'12.34.56.78',
'123.45.67.89',
]
self.add_ips(self.target_security_group, all_ips)
for kidx, keep_ip in enumerate(keep_ips):
to_port, from_port = keep_ports[kidx]
self.add_ips(self.target_security_group, [keep_ip], from_port=from_port, to_port=to_port)
self.assertTrue(
all(self.group_contains_ip(self.target_security_group, ip) for ip in all_ips + keep_ips)
)
cleared_ips = clear_ips(self.target_security_group)
self.assertEqual(
sorted(all_ips),
sorted(cleared_ips)
)
self.assertFalse(
any(self.group_contains_ip(self.target_security_group, ip) for ip in all_ips)
)
self.assertTrue(
all(self.group_contains_ip(self.target_security_group, ip) for ip in keep_ips)
)
def test_clear_ips_missing_values(self):
missing_values_ip='77.66.55.44'
all_ips = ['44.55.66.77', '55.66.77.88']
self.add_ips(self.target_security_group, all_ips)
self.add_ips(self.target_security_group, [missing_values_ip], to_port=None, from_port=None, protocol=None)
cleared_ips = clear_ips(self.target_security_group)
self.assertEqual(
sorted(all_ips),
sorted(cleared_ips)
)
self.assertTrue(ip_is_in_group(self.target_security_group, missing_values_ip, port=None, protocol=None))
def test_clear_ips_ignore_ranges(self):
all_ips = [
'1.2.3.4',
'1.2.3.5',
]
keep_ips = [
'56.78.99.99/20',
'12.34.56.78/31'
]
self.add_ips(self.target_security_group, all_ips + keep_ips)
self.assertTrue(
all(self.group_contains_ip(self.target_security_group, ip) for ip in all_ips + keep_ips)
)
cleared_ips = clear_ips(self.target_security_group)
self.assertEqual(
sorted(all_ips),
sorted(cleared_ips)
)
self.assertFalse(
any(self.group_contains_ip(self.target_security_group, ip) for ip in all_ips)
)
self.assertTrue(
all(self.group_contains_ip(self.target_security_group, ip) for ip in keep_ips)
)
def test_clear_ips_name_nonexistent(self):
with self.assertRaises(RuntimeError):
clear_ips('nonexistent-group')