Add 0.0.0.0/0 edge case fix

convox · Aug 30, 2023 · d10e237 · d10e237
1 parent 1a5261d
commit d10e237
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 9 deletions.
diff --git a/provider/aws/lambda/formation/handler/sg_ingress.go b/provider/aws/lambda/formation/handler/sg_ingress.go
@@ -58,7 +58,6 @@ func sgIngressApply(req Request) error {
 		GroupIds: []*string{sgId},
 	})
 	if err != nil {
-		fmt.Println("1")
 		return err
 	}
 
@@ -139,19 +138,22 @@ func sgIngressApply(req Request) error {
 			},
 		})
 		if err != nil {
-			fmt.Println("3")
 			return err
 		}
 	}
 
 	var deleteIps []*ec2.IpRange
 	for i := range prevIps {
 		if prevIps[i].CidrIp != nil {
-			if val, _ := prevIpMap[*prevIps[i].CidrIp]; val == 1 {
+			if val := prevIpMap[*prevIps[i].CidrIp]; val == 1 {
+				if *prevIps[i].CidrIp == "0.0.0.0/0" && len(req.ResourceProperties["Ips"].(string)) == 0 {
+					continue
+				}
 				deleteIps = append(deleteIps, prevIps[i])
 			}
 		}
 	}
+
 	if len(deleteIps) > 0 {
 		_, err = EC2(req).RevokeSecurityGroupIngress(&ec2.RevokeSecurityGroupIngressInput{
 			GroupId: sgId,
@@ -165,7 +167,6 @@ func sgIngressApply(req Request) error {
 			},
 		})
 		if err != nil {
-			fmt.Println("2")
 			return err
 		}
 	}
@@ -207,7 +208,6 @@ func sgIngressApply(req Request) error {
 			},
 		})
 		if err != nil {
-			fmt.Println("4")
 			return err
 		}
 	}

diff --git a/provider/aws/lambda/formation/handler/sg_ingress_test.go b/provider/aws/lambda/formation/handler/sg_ingress_test.go
@@ -5,14 +5,16 @@ import (
 	"testing"
 )
 
+const sgID = "sg-062c937b3e674adc3"
+
 func TestSGIngress(t *testing.T) {
 	if os.Getenv("MANUAL_TEST") != "true" {
 		t.Skip()
 	}
 
 	err := sgIngressApply(Request{
 		ResourceProperties: map[string]interface{}{
-			"SecurityGroupID": "sg-019eb79e77bba7daa",
+			"SecurityGroupID": sgID,
 			"Ips":             "",
 			"SgIDs":           "",
 		},
@@ -29,7 +31,7 @@ func TestSGIngress2(t *testing.T) {
 
 	err := sgIngressApply(Request{
 		ResourceProperties: map[string]interface{}{
-			"SecurityGroupID": "sg-019eb79e77bba7daa",
+			"SecurityGroupID": sgID,
 			"Ips":             "10.0.0.0/16",
 			"SgIDs":           "",
 		},
@@ -46,7 +48,7 @@ func TestSGIngress4(t *testing.T) {
 
 	err := sgIngressApply(Request{
 		ResourceProperties: map[string]interface{}{
-			"SecurityGroupID": "sg-019eb79e77bba7daa",
+			"SecurityGroupID": sgID,
 			"Ips":             "10.0.0.0/16,173.0.0.0/8",
 			"SgIDs":           "",
 		},
@@ -62,7 +64,7 @@ func TestSGIngress3(t *testing.T) {
 	}
 	err := sgIngressApply(Request{
 		ResourceProperties: map[string]interface{}{
-			"SecurityGroupID": "sg-019eb79e77bba7daa",
+			"SecurityGroupID": sgID,
 			"Ips":             "10.0.0.0/16",
 			"SgIDs":           "sg-0cb8ec0e8c9505ffa", //sg-0e1a179a4c9307a55",
 		},
@@ -71,3 +73,19 @@ func TestSGIngress3(t *testing.T) {
 		t.Fatal(err)
 	}
 }
+
+func TestSGIngress5(t *testing.T) {
+	if os.Getenv("MANUAL_TEST") != "true" {
+		t.Skip()
+	}
+	err := sgIngressApply(Request{
+		ResourceProperties: map[string]interface{}{
+			"SecurityGroupID": sgID,
+			"Ips":             "0.0.0.0/0,10.0.0.0/16",
+			"SgIDs":           "", //sg-0e1a179a4c9307a55",
+		},
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+}