k1LoW
commented
4 years ago Hi @carolinebeauchamp ! Looks Great to Me !
Closed carolinebeauchamp closed 3 years ago
k1LoW
commented
4 years ago Hi @carolinebeauchamp ! Looks Great to Me !
carolinebeauchamp
commented
4 years ago https://github.com/k1LoW/awspec/pull/514
Pull request
glasswalk3r
commented
3 years ago @k1LoW , the PR #514 is already merged, I think this issue can be closed.
k1LoW
commented
3 years ago 👍
With the current method of testing security groups - creating rules which test whether a port is open, it seems not possible to test if a certain range of ports is closed. I've tried changing the rspec tests in the repo, so that they should fail (ie, specifying ports which are open - eg. this line: https://github.com/k1LoW/awspec/blob/master/spec/type/security_group_spec.rb#L14 - if you change 50010 to 50000 the test still passes) but the test still passes. It also relies on the destination IP address being present.
To get us round this, I've added rule tests to Security groups - where you can specify in a test the whole rule and ensure that the existing rules match. This, combined with checking the number of rules, should ensure no new rules are introduced without detection. I'm about to do a PR for this branch...