[aws|compute] Test for more invalid security group request input when…

… mocking.

lib/fog/aws/requests/compute/authorize_security_group_ingress.rb

@@ -91,6 +91,8 @@ def authorize_security_group_ingress(group_name, options = {})
             group_name = options.delete('GroupName')
           end
 
+          verify_permission_options(options)
+
           response = Excon::Response.new
           group = self.data[:security_groups][group_name]
 
@@ -131,6 +133,24 @@ def authorize_security_group_ingress(group_name, options = {})
 
         private
 
+        def verify_permission_options(options)
+          if options.empty?
+            raise Fog::Compute::AWS::Error.new("InvalidRequest => The request received was invalid.")
+          end
+          if options['IpProtocol'] && !['tcp', 'udp', 'icmp'].include?(options['IpProtocol'])
+            raise Fog::Compute::AWS::Error.new("InvalidPermission.Malformed => Unsupported IP protocol \"#{options['IpProtocol']}\"  - supported: [tcp, udp, icmp]")
+          end
+          if options['IpProtocol'] && (!options['FromPort'] || !options['ToPort'])
+            raise Fog::Compute::AWS::Error.new("InvalidPermission.Malformed => TCP/UDP port (-1) out of range")
+          end
+          if options.has_key?('IpPermissions')
+            if !options['IpPermissions'].is_a?(Array) || options['IpPermissions'].empty?
+              raise Fog::Compute::AWS::Error.new("InvalidRequest => The request received was invalid.")
+            end
+            options['IpPermissions'].each {|p| verify_permission_options(p) }
+          end
+        end
+
         def normalize_permissions(options)
           normalized_permissions = []
 

lib/fog/aws/requests/compute/revoke_security_group_ingress.rb

@@ -68,6 +68,8 @@ def revoke_security_group_ingress(group_name, options = {})
             group_name = options.delete('GroupName')
           end
 
+          verify_permission_options(options)
+
           response = Excon::Response.new
           group = self.data[:security_groups][group_name]
 

tests/aws/requests/compute/security_group_tests.rb

@@ -301,6 +301,30 @@
       Fog::Compute[:aws].delete_security_group(@other_security_group.name)
     end
 
+    broken_params = [
+      {},
+      { "IpProtocol" => "what" },
+      { "IpProtocol" => "tcp" },
+      { "IpProtocol" => "what", "FromPort" => 1, "ToPort" => 1 },
+    ]
+    broken_params += broken_params.map do |broken_params_item|
+      { "IpPermissions" => [broken_params_item] }
+    end
+    broken_params += [
+      { "IpPermissions" => [] },
+      { "IpPermissions" => nil }
+    ]
+
+    broken_params.each do |broken_params_item|
+      tests("#authorize_security_group_ingress('fog_security_group', #{broken_params_item.inspect})").raises(Fog::Compute::AWS::Error) do
+        Fog::Compute[:aws].authorize_security_group_ingress('fog_security_group', broken_params_item)
+      end
+
+      tests("#revoke_security_group_ingress('fog_security_group', #{broken_params_item.inspect})").raises(Fog::Compute::AWS::Error) do
+        Fog::Compute[:aws].revoke_security_group_ingress('fog_security_group', broken_params_item)
+      end
+    end
+
     tests("#revoke_security_group_ingress('not_a_group_name', {'FromPort' => 80, 'IpProtocol' => 'tcp', 'toPort' => 80})").raises(Fog::Compute::AWS::NotFound) do
       Fog::Compute[:aws].revoke_security_group_ingress(
         'not_a_group_name',