def test_clear_ips_name(self): all_ips = [ '1.2.3.4', '1.2.3.5', ] ignore_ips = [ '1.2.3.4', '87.65.43.21' ] self.add_ips(self.target_security_group, all_ips) self.add_ips(self.admin_security_group, ignore_ips) self.assertTrue( all(self.group_contains_ip(self.target_security_group, ip) for ip in all_ips) ) self.assertTrue( all(self.group_contains_ip(self.admin_security_group, ip) for ip in ignore_ips) ) cleared_ips = clear_ips(self.target_security_group.group_name) self.assertEqual( sorted(all_ips), sorted(cleared_ips) ) self.assertFalse( any(self.group_contains_ip(self.target_security_group, ip) for ip in all_ips) ) self.assertTrue( all(self.group_contains_ip(self.admin_security_group, ip) for ip in ignore_ips) )
def test_clear_ips_ignore_ports(self): all_ips = [ '1.2.3.4', '1.2.3.5', ] keep_ports = [ (443, 443), (22, 443), (443, 22) ] keep_ips = [ '56.78.99.99', '12.34.56.78', '123.45.67.89', ] self.add_ips(self.target_security_group, all_ips) for kidx, keep_ip in enumerate(keep_ips): to_port, from_port = keep_ports[kidx] self.add_ips(self.target_security_group, [keep_ip], from_port=from_port, to_port=to_port) self.assertTrue( all(self.group_contains_ip(self.target_security_group, ip) for ip in all_ips + keep_ips) ) cleared_ips = clear_ips(self.target_security_group) self.assertEqual( sorted(all_ips), sorted(cleared_ips) ) self.assertFalse( any(self.group_contains_ip(self.target_security_group, ip) for ip in all_ips) ) self.assertTrue( all(self.group_contains_ip(self.target_security_group, ip) for ip in keep_ips) )
def test_clear_ips_missing_values(self): missing_values_ip='77.66.55.44' all_ips = ['44.55.66.77', '55.66.77.88'] self.add_ips(self.target_security_group, all_ips) self.add_ips(self.target_security_group, [missing_values_ip], to_port=None, from_port=None, protocol=None) cleared_ips = clear_ips(self.target_security_group) self.assertEqual( sorted(all_ips), sorted(cleared_ips) ) self.assertTrue(ip_is_in_group(self.target_security_group, missing_values_ip, port=None, protocol=None))
def test_clear_ips_ignore_ranges(self): all_ips = [ '1.2.3.4', '1.2.3.5', ] keep_ips = [ '56.78.99.99/20', '12.34.56.78/31' ] self.add_ips(self.target_security_group, all_ips + keep_ips) self.assertTrue( all(self.group_contains_ip(self.target_security_group, ip) for ip in all_ips + keep_ips) ) cleared_ips = clear_ips(self.target_security_group) self.assertEqual( sorted(all_ips), sorted(cleared_ips) ) self.assertFalse( any(self.group_contains_ip(self.target_security_group, ip) for ip in all_ips) ) self.assertTrue( all(self.group_contains_ip(self.target_security_group, ip) for ip in keep_ips) )
def test_clear_ips_name_nonexistent(self): with self.assertRaises(RuntimeError): clear_ips('nonexistent-group')