validate rds server security group associations

fog · Aug 21, 2015 · 2c6c36c · 2c6c36c
1 parent aca110a
commit 2c6c36c
Show file tree

Hide file tree

Showing 2 changed files with 51 additions and 9 deletions.
diff --git a/lib/fog/aws/requests/rds/create_db_instance.rb b/lib/fog/aws/requests/rds/create_db_instance.rb
@@ -82,6 +82,32 @@ def create_db_instance(db_name, options={})
             raise Fog::AWS::RDS::InvalidParameterCombination.new('Requesting a specific availability zone is not valid for Multi-AZ instances.')
           end
 
+          db_security_group_names = Array(options.delete("DBSecurityGroups"))
+
+          rds_security_groups = self.data[:security_groups].values
+
+          db_security_groups = db_security_group_names.map do |group_name|
+            unless rds_security_groups.find { |sg| sg["DBSecurityGroupName"] == group_name }
+              raise Fog::AWS::RDS::Error.new("InvalidParameterValue => Invalid security group , groupId= , groupName=#{group_name}")
+            end
+
+            {"Status" => "active", "DBSecurityGroupName" => group_name }
+          end
+
+          if db_security_groups.empty?
+            db_security_groups << { "Status" => "active", "DBSecurityGroupName" => "default" }
+          end
+
+          ec2_security_groups = Fog::Compute::AWS::Mock.data[@region][@aws_access_key_id][:security_groups].values
+
+          vpc_security_groups = Array(options.delete("VpcSecurityGroups")).map do |group_id|
+            unless ec2_security_groups.find { |sg| sg["groupId"] == group_id }
+              raise Fog::AWS::RDS::Error.new("InvalidParameterValue => Invalid security group , groupId=#{group_id} , groupName=")
+            end
+
+            {"Status" => "active", "VpcSecurityGroupId" => group_id }
+          end
+
           data = {
             "AllocatedStorage"                 => options["AllocatedStorage"],
             "AutoMinorVersionUpgrade"          => options["AutoMinorVersionUpgrade"].nil? ? true : options["AutoMinorVersionUpgrade"],
@@ -93,7 +119,7 @@ def create_db_instance(db_name, options={})
             "DBInstanceStatus"                 =>"creating",
             "DBName"                           => options["DBName"],
             "DBParameterGroups"                => [{ "DBParameterGroupName" => "default.mysql5.5", "ParameterApplyStatus" => "in-sync" }],
-            "DBSecurityGroups"                 => [{ "Status" => "active", "DBSecurityGroupName" => "default" }],
+            "DBSecurityGroups"                 => db_security_groups,
             "DBSubnetGroupName"                => options["DBSubnetGroupName"],
             "Endpoint"                         =>{},
             "Engine"                           => options["Engine"],
@@ -110,7 +136,7 @@ def create_db_instance(db_name, options={})
             "ReadReplicaDBInstanceIdentifiers" => [],
             "StorageEncrypted"                 => options["StorageEncrypted"] || false,
             "StorageType"                      => options["StorageType"] || "standard",
-            "VpcSecurityGroups"                => options["VpcSecurityGroups"],
+            "VpcSecurityGroups"                => vpc_security_groups,
           }
 
           self.data[:servers][db_name] = data

diff --git a/lib/fog/aws/requests/rds/modify_db_instance.rb b/lib/fog/aws/requests/rds/modify_db_instance.rb
@@ -63,21 +63,37 @@ def modify_db_instance(db_name, apply_immediately, _options={})
               #  modified_server = server["PendingModifiedValues"].merge!(options) # it appends
               #end
 
-              db_security_group_names = options.delete("DBSecurityGroups")
-              if db_security_group_names && db_security_group_names.any?
-                db_security_groups =
-                  db_security_group_names.inject([]) do |r, security_group_name|
-                  r << {"Status" => "active", "DBSecurityGroupName" => security_group_name }
+              db_security_group_names = Array(options.delete("DBSecurityGroups"))
+
+              rds_security_groups = self.data[:security_groups].values
+
+              db_security_groups = db_security_group_names.map do |r, group_name|
+                unless rds_security_groups.find { |sg| sg["DBSecurityGroupName"] == group_name }
+                  raise Fog::AWS::RDS::Error.new("InvalidParameterValue => Invalid security group , groupId= , groupName=#{group_name}")
                 end
+                r << {"Status" => "active", "DBSecurityGroupName" => group_name }
+              end
+
+              ec2_security_groups = Fog::Compute::AWS::Mock.data[@region][@aws_access_key_id][:security_groups].values
 
-                options.merge!("DBSecurityGroups" => db_security_groups)
+              vpc_security_groups = Array(options.delete("VpcSecurityGroups")).map do |group_id|
+                unless ec2_security_groups.find { |sg| sg["groupId"] == group_id }
+                  raise Fog::AWS::RDS::Error.new("InvalidParameterValue => Invalid security group , groupId=#{group_id} , groupName=")
+                end
+
+                {"Status" => "active", "VpcSecurityGroupId" => group_id }
               end
 
+              options.merge!(
+                "DBSecurityGroups"  => db_security_groups,
+                "VpcSecurityGroups" => vpc_security_groups,
+              )
+
               self.data[:servers][db_name]["PendingModifiedValues"].merge!(options) # it appends
               self.data[:servers][db_name]["DBInstanceStatus"] = "modifying"
               response.status = 200
               response.body = {
-                "ResponseMetadata"=>{ "RequestId"=> Fog::AWS::Mock.request_id },
+                "ResponseMetadata"       => { "RequestId"  => Fog::AWS::Mock.request_id },
                 "ModifyDBInstanceResult" => { "DBInstance" => self.data[:servers][db_name] }
               }
               response