fix(aws-ec2): fix code generation of IcmpPing (#1235)

IcmpPing used to generate a piece of ingress/egress rule that would not deploy. Added to integration test to make sure. Fixes #1231.
aws · Nov 22, 2018 · 6a13a18 · 6a13a18
1 parent 8e17500
commit 6a13a18
Show file tree

Hide file tree

Showing 3 changed files with 93 additions and 17 deletions.
diff --git a/packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts b/packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts
@@ -350,6 +350,7 @@ export class IcmpPing implements IPortRange {
     return {
       ipProtocol: Protocol.Icmp,
       fromPort: 8,
+      toPort: -1
     };
   }
 

diff --git a/packages/@aws-cdk/aws-ec2/test/integ.vpc.expected.json b/packages/@aws-cdk/aws-ec2/test/integ.vpc.expected.json
@@ -67,9 +67,6 @@
     },
     "MyVpcPublicSubnet1DefaultRoute95FDF9EB": {
       "Type": "AWS::EC2::Route",
-      "DependsOn": [
-        "MyVpcVPCGW488ACE0D"
-      ],
       "Properties": {
         "RouteTableId": {
           "Ref": "MyVpcPublicSubnet1RouteTableC46AB2F4"
@@ -78,7 +75,10 @@
         "GatewayId": {
           "Ref": "MyVpcIGW5C4A4F63"
         }
-      }
+      },
+      "DependsOn": [
+        "MyVpcVPCGW488ACE0D"
+      ]
     },
     "MyVpcPublicSubnet1EIP096967CB": {
       "Type": "AWS::EC2::EIP",
@@ -158,9 +158,6 @@
     },
     "MyVpcPublicSubnet2DefaultRoute052936F6": {
       "Type": "AWS::EC2::Route",
-      "DependsOn": [
-        "MyVpcVPCGW488ACE0D"
-      ],
       "Properties": {
         "RouteTableId": {
           "Ref": "MyVpcPublicSubnet2RouteTable1DF17386"
@@ -169,7 +166,10 @@
         "GatewayId": {
           "Ref": "MyVpcIGW5C4A4F63"
         }
-      }
+      },
+      "DependsOn": [
+        "MyVpcVPCGW488ACE0D"
+      ]
     },
     "MyVpcPublicSubnet2EIP8CCBA239": {
       "Type": "AWS::EC2::EIP",
@@ -249,9 +249,6 @@
     },
     "MyVpcPublicSubnet3DefaultRoute3A83AB36": {
       "Type": "AWS::EC2::Route",
-      "DependsOn": [
-        "MyVpcVPCGW488ACE0D"
-      ],
       "Properties": {
         "RouteTableId": {
           "Ref": "MyVpcPublicSubnet3RouteTable15028F08"
@@ -260,7 +257,10 @@
         "GatewayId": {
           "Ref": "MyVpcIGW5C4A4F63"
         }
-      }
+      },
+      "DependsOn": [
+        "MyVpcVPCGW488ACE0D"
+      ]
     },
     "MyVpcPublicSubnet3EIPC5ACADAB": {
       "Type": "AWS::EC2::EIP",
@@ -495,6 +495,66 @@
           "Ref": "MyVpcIGW5C4A4F63"
         }
       }
+    },
+    "SGADB53937": {
+      "Type": "AWS::EC2::SecurityGroup",
+      "Properties": {
+        "GroupDescription": "aws-cdk-ec2-vpc/SG",
+        "SecurityGroupEgress": [
+          {
+            "CidrIp": "0.0.0.0/0",
+            "Description": "Allow all outbound traffic by default",
+            "IpProtocol": "-1"
+          }
+        ],
+        "SecurityGroupIngress": [
+          {
+            "CidrIp": "0.0.0.0/0",
+            "Description": "from 0.0.0.0/0:ICMP PING",
+            "FromPort": 8,
+            "IpProtocol": "icmp",
+            "ToPort": -1
+          },
+          {
+            "CidrIp": "0.0.0.0/0",
+            "Description": "from 0.0.0.0/0:ICMP Type 128",
+            "FromPort": 128,
+            "IpProtocol": "icmp",
+            "ToPort": -1
+          },
+          {
+            "CidrIp": "0.0.0.0/0",
+            "Description": "from 0.0.0.0/0:ALL ICMP",
+            "FromPort": -1,
+            "IpProtocol": "icmp",
+            "ToPort": -1
+          },
+          {
+            "CidrIp": "0.0.0.0/0",
+            "Description": "from 0.0.0.0/0:UDP ALL PORTS",
+            "FromPort": 0,
+            "IpProtocol": "udp",
+            "ToPort": 65535
+          },
+          {
+            "CidrIp": "0.0.0.0/0",
+            "Description": "from 0.0.0.0/0:UDP 123",
+            "FromPort": 123,
+            "IpProtocol": "udp",
+            "ToPort": 123
+          },
+          {
+            "CidrIp": "0.0.0.0/0",
+            "Description": "from 0.0.0.0/0:UDP 800-801",
+            "FromPort": 800,
+            "IpProtocol": "udp",
+            "ToPort": 801
+          }
+        ],
+        "VpcId": {
+          "Ref": "MyVpcF9F0CA6F"
+        }
+      }
     }
   }
 }
diff --git a/packages/@aws-cdk/aws-ec2/test/integ.vpc.ts b/packages/@aws-cdk/aws-ec2/test/integ.vpc.ts
@@ -1,10 +1,25 @@
-import { App, Stack } from '@aws-cdk/cdk';
-import { VpcNetwork } from '../lib';
+import cdk = require('@aws-cdk/cdk');
+import ec2 = require('../lib');
 
-const app = new App();
+const app = new cdk.App();
+const stack = new cdk.Stack(app, 'aws-cdk-ec2-vpc');
 
-const stack = new Stack(app, 'aws-cdk-ec2-vpc');
+const vpc = new ec2.VpcNetwork(stack, 'MyVpc');
 
-new VpcNetwork(stack, 'MyVpc');
+// Test Security Group Rules
+const sg = new ec2.SecurityGroup(stack, 'SG', { vpc });
+
+const rules = [
+  new ec2.IcmpPing(),
+  new ec2.IcmpAllTypeCodes(128),
+  new ec2.IcmpAllTypesAndCodes(),
+  new ec2.UdpAllPorts(),
+  new ec2.UdpPort(123),
+  new ec2.UdpPortRange(800, 801),
+];
+
+for (const rule of rules) {
+  sg.addIngressRule(new ec2.AnyIPv4(), rule);
+}
 
 app.run();