k1LoW/awspec

Cannot do a negative test for security groups

carolinebeauchamp opened this issue · 4 comments

With the current method of testing security groups - creating rules which test whether a port is open, it seems not possible to test if a certain range of ports is closed. I've tried changing the rspec tests in the repo, so that they should fail (ie, specifying ports which are open - eg. this line: https://github.com/k1LoW/awspec/blob/master/spec/type/security_group_spec.rb#L14 - if you change 50010 to 50000 the test still passes) but the test still passes. It also relies on the destination IP address being present.

To get us round this, I've added rule tests to Security groups - where you can specify in a test the whole rule and ensure that the existing rules match. This, combined with checking the number of rules, should ensure no new rules are introduced without detection. I'm about to do a PR for this branch...

k1LoW commented

Hi @carolinebeauchamp ! Looks Great to Me !

#514

Pull request

@k1LoW , the PR #514 is already merged, I think this issue can be closed.

k1LoW commented

👍