Merge pull request #209 from CashStar/egress

adding ability to list egress rules and revoke egress rules
mitchellh · Feb 17, 2015 · 9767345 · 9767345
2 parents 92c82db + 1a97819
commit 9767345
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 9 deletions.
diff --git a/ec2/ec2.go b/ec2/ec2.go
@@ -1895,9 +1895,10 @@ type SecurityGroupsResp struct {
 // See http://goo.gl/CIdyP for more details.
 type SecurityGroupInfo struct {
 	SecurityGroup
-	OwnerId     string   `xml:"ownerId"`
-	Description string   `xml:"groupDescription"`
-	IPPerms     []IPPerm `xml:"ipPermissions>item"`
+	OwnerId       string   `xml:"ownerId"`
+	Description   string   `xml:"groupDescription"`
+	IPPerms       []IPPerm `xml:"ipPermissions>item"`
+	IPPermsEgress []IPPerm `xml:"ipPermissionsEgress>item"`
 }
 
 // IPPerm represents an allowance within an EC2 security group.
@@ -2019,6 +2020,13 @@ func (ec2 *EC2) RevokeSecurityGroup(group SecurityGroup, perms []IPPerm) (resp *
 	return ec2.authOrRevoke("RevokeSecurityGroupIngress", group, perms)
 }
 
+// RevokeSecurityGroupEgress revokes egress permissions from a group
+//
+// see http://goo.gl/Zv4wh8
+func (ec2 *EC2) RevokeSecurityGroupEgress(group SecurityGroup, perms []IPPerm) (resp *SimpleResp, err error) {
+	return ec2.authOrRevoke("RevokeSecurityGroupEgress", group, perms)
+}
+
 func (ec2 *EC2) authOrRevoke(op string, group SecurityGroup, perms []IPPerm) (resp *SimpleResp, err error) {
 	params := makeParams(op)
 	if group.Id != "" {

diff --git a/ec2/ec2_test.go b/ec2/ec2_test.go
@@ -1,11 +1,12 @@
 package ec2_test
 
 import (
+	"testing"
+
 	"github.com/mitchellh/goamz/aws"
 	"github.com/mitchellh/goamz/ec2"
 	"github.com/mitchellh/goamz/testutil"
 	. "github.com/motain/gocheck"
-	"testing"
 )
 
 func Test(t *testing.T) {
@@ -759,13 +760,20 @@ func (s *S) TestDescribeSecurityGroupsExample(c *C) {
 	c.Assert(g0.Id, Equals, "sg-67ad940e")
 	c.Assert(g0.Description, Equals, "Web Servers")
 	c.Assert(g0.IPPerms, HasLen, 1)
+	c.Assert(g0.IPPermsEgress, HasLen, 1)
 
 	g0ipp := g0.IPPerms[0]
 	c.Assert(g0ipp.Protocol, Equals, "tcp")
 	c.Assert(g0ipp.FromPort, Equals, 80)
 	c.Assert(g0ipp.ToPort, Equals, 80)
 	c.Assert(g0ipp.SourceIPs, DeepEquals, []string{"0.0.0.0/0"})
 
+	g0ippe := g0.IPPermsEgress[0]
+	c.Assert(g0ippe.Protocol, Equals, "tcp")
+	c.Assert(g0ippe.FromPort, Equals, 80)
+	c.Assert(g0ippe.ToPort, Equals, 80)
+	c.Assert(g0ippe.SourceIPs, DeepEquals, []string{"0.0.0.0/0"})
+
 	g1 := resp.Groups[1]
 	c.Assert(g1.OwnerId, Equals, "999988887777")
 	c.Assert(g1.Name, Equals, "RangedPortsBySource")

diff --git a/ec2/responses_test.go b/ec2/responses_test.go
@@ -605,6 +605,19 @@ var DescribeSecurityGroupsExample = `
            </ipRanges>
         </item>
       </ipPermissions>
+      <ipPermissionsEgress>
+        <item>
+          <ipProtocol>tcp</ipProtocol>
+          <fromPort>80</fromPort>
+          <toPort>80</toPort>
+          <groups/>
+          <ipRanges>
+            <item>
+              <cidrIp>0.0.0.0/0</cidrIp>
+            </item>
+          </ipRanges>
+        </item>
+      </ipPermissionsEgress>
     </item>
     <item>
       <ownerId>999988887777</ownerId>
@@ -995,7 +1008,7 @@ var ResetImageAttributeExample = `
 // http://goo.gl/ylxT4R
 var DescribeAvailabilityZonesExample1 = `
 <DescribeAvailabilityZonesResponse xmlns="http://ec2.amazonaws.com/doc/2014-05-01/">
-   <requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId> 
+   <requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId>
    <availabilityZoneInfo>
    <item>
       <zoneName>us-east-1a</zoneName>
@@ -1028,7 +1041,7 @@ var DescribeAvailabilityZonesExample1 = `
 // http://goo.gl/ylxT4R
 var DescribeAvailabilityZonesExample2 = `
 <DescribeAvailabilityZonesResponse xmlns="http://ec2.amazonaws.com/doc/2014-05-01/">
-   <requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId> 
+   <requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId>
    <availabilityZoneInfo>
    <item>
       <zoneName>us-east-1a</zoneName>
@@ -1051,7 +1064,7 @@ var DescribeAvailabilityZonesExample2 = `
 // http://goo.gl/sdomyE
 var CreateNetworkAclExample = `
 <CreateNetworkAclResponse xmlns="http://ec2.amazonaws.com/doc/2014-10-01/">
-   <requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId> 
+   <requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId>
    <networkAcl>
       <networkAclId>acl-5fb85d36</networkAclId>
       <vpcId>vpc-11ad4878</vpcId>
@@ -1089,7 +1102,7 @@ var CreateNetworkAclEntryRespExample = `
 // http://goo.gl/5tqceF
 var DescribeNetworkAclsExample = `
 <DescribeNetworkAclsResponse xmlns="http://ec2.amazonaws.com/doc/2014-10-01/">
-   <requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId> 
+   <requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId>
    <networkAclSet>
    <item>
      <networkAclId>acl-5566953c</networkAclId>
@@ -1201,7 +1214,7 @@ var DescribeNetworkAclsExample = `
 
 var ReplaceNetworkAclAssociationResponseExample = `
 <ReplaceNetworkAclAssociationResponse xmlns="http://ec2.amazonaws.com/doc/2014-10-01/">
-   <requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId> 
+   <requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId>
    <newAssociationId>aclassoc-17b85d7e</newAssociationId>
 </ReplaceNetworkAclAssociationResponse>
 `