From 2c6c36c194555762ddcd0681aaf4b94478520af0 Mon Sep 17 00:00:00 2001 From: Josh Lane Date: Fri, 21 Aug 2015 16:26:16 -0700 Subject: [PATCH] validate rds server security group associations --- .../aws/requests/rds/create_db_instance.rb | 30 +++++++++++++++++-- .../aws/requests/rds/modify_db_instance.rb | 30 ++++++++++++++----- 2 files changed, 51 insertions(+), 9 deletions(-) diff --git a/lib/fog/aws/requests/rds/create_db_instance.rb b/lib/fog/aws/requests/rds/create_db_instance.rb index c881aa55ac..2cb03d9d65 100644 --- a/lib/fog/aws/requests/rds/create_db_instance.rb +++ b/lib/fog/aws/requests/rds/create_db_instance.rb @@ -82,6 +82,32 @@ def create_db_instance(db_name, options={}) raise Fog::AWS::RDS::InvalidParameterCombination.new('Requesting a specific availability zone is not valid for Multi-AZ instances.') end + db_security_group_names = Array(options.delete("DBSecurityGroups")) + + rds_security_groups = self.data[:security_groups].values + + db_security_groups = db_security_group_names.map do |group_name| + unless rds_security_groups.find { |sg| sg["DBSecurityGroupName"] == group_name } + raise Fog::AWS::RDS::Error.new("InvalidParameterValue => Invalid security group , groupId= , groupName=#{group_name}") + end + + {"Status" => "active", "DBSecurityGroupName" => group_name } + end + + if db_security_groups.empty? + db_security_groups << { "Status" => "active", "DBSecurityGroupName" => "default" } + end + + ec2_security_groups = Fog::Compute::AWS::Mock.data[@region][@aws_access_key_id][:security_groups].values + + vpc_security_groups = Array(options.delete("VpcSecurityGroups")).map do |group_id| + unless ec2_security_groups.find { |sg| sg["groupId"] == group_id } + raise Fog::AWS::RDS::Error.new("InvalidParameterValue => Invalid security group , groupId=#{group_id} , groupName=") + end + + {"Status" => "active", "VpcSecurityGroupId" => group_id } + end + data = { "AllocatedStorage" => options["AllocatedStorage"], "AutoMinorVersionUpgrade" => options["AutoMinorVersionUpgrade"].nil? ? true : options["AutoMinorVersionUpgrade"], @@ -93,7 +119,7 @@ def create_db_instance(db_name, options={}) "DBInstanceStatus" =>"creating", "DBName" => options["DBName"], "DBParameterGroups" => [{ "DBParameterGroupName" => "default.mysql5.5", "ParameterApplyStatus" => "in-sync" }], - "DBSecurityGroups" => [{ "Status" => "active", "DBSecurityGroupName" => "default" }], + "DBSecurityGroups" => db_security_groups, "DBSubnetGroupName" => options["DBSubnetGroupName"], "Endpoint" =>{}, "Engine" => options["Engine"], @@ -110,7 +136,7 @@ def create_db_instance(db_name, options={}) "ReadReplicaDBInstanceIdentifiers" => [], "StorageEncrypted" => options["StorageEncrypted"] || false, "StorageType" => options["StorageType"] || "standard", - "VpcSecurityGroups" => options["VpcSecurityGroups"], + "VpcSecurityGroups" => vpc_security_groups, } self.data[:servers][db_name] = data diff --git a/lib/fog/aws/requests/rds/modify_db_instance.rb b/lib/fog/aws/requests/rds/modify_db_instance.rb index da3f6cb235..e25ee3e0e3 100644 --- a/lib/fog/aws/requests/rds/modify_db_instance.rb +++ b/lib/fog/aws/requests/rds/modify_db_instance.rb @@ -63,21 +63,37 @@ def modify_db_instance(db_name, apply_immediately, _options={}) # modified_server = server["PendingModifiedValues"].merge!(options) # it appends #end - db_security_group_names = options.delete("DBSecurityGroups") - if db_security_group_names && db_security_group_names.any? - db_security_groups = - db_security_group_names.inject([]) do |r, security_group_name| - r << {"Status" => "active", "DBSecurityGroupName" => security_group_name } + db_security_group_names = Array(options.delete("DBSecurityGroups")) + + rds_security_groups = self.data[:security_groups].values + + db_security_groups = db_security_group_names.map do |r, group_name| + unless rds_security_groups.find { |sg| sg["DBSecurityGroupName"] == group_name } + raise Fog::AWS::RDS::Error.new("InvalidParameterValue => Invalid security group , groupId= , groupName=#{group_name}") end + r << {"Status" => "active", "DBSecurityGroupName" => group_name } + end + + ec2_security_groups = Fog::Compute::AWS::Mock.data[@region][@aws_access_key_id][:security_groups].values - options.merge!("DBSecurityGroups" => db_security_groups) + vpc_security_groups = Array(options.delete("VpcSecurityGroups")).map do |group_id| + unless ec2_security_groups.find { |sg| sg["groupId"] == group_id } + raise Fog::AWS::RDS::Error.new("InvalidParameterValue => Invalid security group , groupId=#{group_id} , groupName=") + end + + {"Status" => "active", "VpcSecurityGroupId" => group_id } end + options.merge!( + "DBSecurityGroups" => db_security_groups, + "VpcSecurityGroups" => vpc_security_groups, + ) + self.data[:servers][db_name]["PendingModifiedValues"].merge!(options) # it appends self.data[:servers][db_name]["DBInstanceStatus"] = "modifying" response.status = 200 response.body = { - "ResponseMetadata"=>{ "RequestId"=> Fog::AWS::Mock.request_id }, + "ResponseMetadata" => { "RequestId" => Fog::AWS::Mock.request_id }, "ModifyDBInstanceResult" => { "DBInstance" => self.data[:servers][db_name] } } response