cloud/aws: unit tests for extra security group logic

croissanne · thozza · commit 976f005ff4f5 · 2025-10-07T08:05:40.000+02:00
diff --git a/internal/cloud/awscloud/mocks_test.go b/internal/cloud/awscloud/mocks_test.go
@@ -49,6 +49,13 @@ func newEc2Mock(t *testing.T) *ec2mock {
 	}
 }
 
+func (m *ec2mock) AuthorizeSecurityGroupEgress(ctx context.Context, input *ec2.AuthorizeSecurityGroupEgressInput, optfns ...func(*ec2.Options)) (*ec2.AuthorizeSecurityGroupEgressOutput, error) {
+	m.calledFn["AuthorizeSecurityGroupEgress"] += 1
+	return &ec2.AuthorizeSecurityGroupEgressOutput{
+		Return: aws.Bool(true),
+	}, nil
+}
+
 func (m *ec2mock) AuthorizeSecurityGroupIngress(ctx context.Context, input *ec2.AuthorizeSecurityGroupIngressInput, optfns ...func(*ec2.Options)) (*ec2.AuthorizeSecurityGroupIngressOutput, error) {
 	m.calledFn["AuthorizeSecurityGroupIngress"] += 1
 	return &ec2.AuthorizeSecurityGroupIngressOutput{
@@ -90,6 +97,25 @@ func (m *ec2mock) DescribeSecurityGroups(ctx context.Context, input *ec2.Describ
 	}, nil
 }
 
+func (m *ec2mock) DescribeSecurityGroupRules(ctx context.Context, input *ec2.DescribeSecurityGroupRulesInput, optfns ...func(*ec2.Options)) (*ec2.DescribeSecurityGroupRulesOutput, error) {
+	m.calledFn["DescribeSecurityGroupRules"] += 1
+	return &ec2.DescribeSecurityGroupRulesOutput{
+		SecurityGroupRules: []ec2types.SecurityGroupRule{
+			{
+				IsEgress:            aws.Bool(true),
+				SecurityGroupRuleId: aws.String("sgr-id"),
+			},
+		},
+	}, nil
+}
+
+func (m *ec2mock) RevokeSecurityGroupEgress(ctx context.Context, input *ec2.RevokeSecurityGroupEgressInput, optfns ...func(*ec2.Options)) (*ec2.RevokeSecurityGroupEgressOutput, error) {
+	m.calledFn["RevokeSecurityGroupEgress"] += 1
+	return &ec2.RevokeSecurityGroupEgressOutput{
+		Return: aws.Bool(true),
+	}, nil
+}
+
 func (m *ec2mock) CreateSubnet(ctx context.Context, input *ec2.CreateSubnetInput, optfns ...func(*ec2.Options)) (*ec2.CreateSubnetOutput, error) {
 	m.calledFn["CreateSubnet"] += 1
 	return nil, nil
diff --git a/internal/cloud/awscloud/secure-instance_test.go b/internal/cloud/awscloud/secure-instance_test.go
@@ -71,6 +71,9 @@ func TestSIRunSecureInstance(t *testing.T) {
 	require.Equal(t, 1, m.calledFn["CreateFleet"])
 	require.Equal(t, 1, m.calledFn["CreateSecurityGroup"])
 	require.Equal(t, 1, m.calledFn["CreateLaunchTemplate"])
+	require.Equal(t, 1, m.calledFn["AuthorizeSecurityGroupEgress"])
+	require.Equal(t, 1, m.calledFn["AuthorizeSecurityGroupIngress"])
+	require.Equal(t, 1, m.calledFn["RevokeSecurityGroupEgress"])
 }
 
 func TestSITerminateSecureInstance(t *testing.T) {

Original file line number	Diff line number	Diff line change
`@@ -71,6 +71,9 @@ func TestSIRunSecureInstance(t *testing.T) {`
`71`	`71`	`require.Equal(t, 1, m.calledFn["CreateFleet"])`
`72`	`72`	`require.Equal(t, 1, m.calledFn["CreateSecurityGroup"])`
`73`	`73`	`require.Equal(t, 1, m.calledFn["CreateLaunchTemplate"])`
	`74`	`+ require.Equal(t, 1, m.calledFn["AuthorizeSecurityGroupEgress"])`
	`75`	`+ require.Equal(t, 1, m.calledFn["AuthorizeSecurityGroupIngress"])`
	`76`	`+ require.Equal(t, 1, m.calledFn["RevokeSecurityGroupEgress"])`
`74`	`77`	`}`
`75`	`78`
`76`	`79`	`func TestSITerminateSecureInstance(t *testing.T) {`