Cannot do a negative test for security groups
carolinebeauchamp opened this issue · 4 comments
With the current method of testing security groups - creating rules which test whether a port is open, it seems not possible to test if a certain range of ports is closed. I've tried changing the rspec tests in the repo, so that they should fail (ie, specifying ports which are open - eg. this line: https://github.com/k1LoW/awspec/blob/master/spec/type/security_group_spec.rb#L14 - if you change 50010 to 50000 the test still passes) but the test still passes. It also relies on the destination IP address being present.
To get us round this, I've added rule tests to Security groups - where you can specify in a test the whole rule and ensure that the existing rules match. This, combined with checking the number of rules, should ensure no new rules are introduced without detection. I'm about to do a PR for this branch...
Hi @carolinebeauchamp ! Looks Great to Me !
Pull request
👍