Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inconsistent methods for UpdateSecurityGroupRuleDescriptionsIngressRequest.Builder and AuthorizeSecurityGroupIngressRequest.Builder #5217

Closed
xsimo opened this issue May 10, 2024 · 4 comments
Closed

Inconsistent methods for UpdateSecurityGroupRuleDescriptionsIngressRequest.Builder and AuthorizeSecurityGroupIngressRequest.Builder #5217

xsimo opened this issue May 10, 2024 · 4 comments
Assignees
@debora-ito
Labels
closing-soon This issue will close in 4 days unless further comments are made. guidance Question that needs advice or information.

Comments

@xsimo
Copy link

xsimo commented May 10, 2024

Describe the bug

Version 2.25.50
Can not programmatically annotate Security group rules with a description

Expected Behavior

  1. AuthorizeSecurityGroupIngressRequest.Builder should have a description() method
  2. UpdateSecurityGroupRuleDescriptionsIngressRequest.Builder should not have an ipPermission() method
  3. UpdateSecurityGroupRuleDescriptionsIngressRequest.Builder should have a securityGroupRuleId() method

Current Behavior

  1. AuthorizeSecurityGroupIngressRequest.Builder does not have a description() method
  2. UpdateSecurityGroupRuleDescriptionsIngressRequest.Builder has ipPermission() ( not supported by server )
  3. UpdateSecurityGroupRuleDescriptionsIngressRequest.Builder does not have securityGroupRuleId()

Reproduction Steps

Issue an ec2Client.updateSecurityGroupRuleDescriptionsIngress(updateSecurityGroupRuleDescriptionsIngressRequest)
with the updateSecurityGroupRuleDescriptionsIngressRequest containing an ipPermission, the server answers 400 with message
The parameter 'ipPermissions' may not be used in combination with 'securityGroupRuleDescriptions'. (Service: Ec2, Status Code: 400,

Possible Solution

No response

Additional Information/Context

No response

AWS Java SDK version used

2.25.50

JDK version used

1.8.0_351-b10

Operating System and version

Windows 11
@xsimo xsimo added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels May 10, 2024
@debora-ito
Copy link
Member

@xsimo to avoid getting the error message

The parameter 'ipPermissions' may not be used in combination with 'securityGroupRuleDescriptions'

you need to add a validation in your code to not send both attributes 'ipPermissions' and 'securityGroupRuleDescriptions' in the same request. We cannot remove attributes from the request at this point, it's a breaking change.

As for

UpdateSecurityGroupRuleDescriptionsIngressRequest.Builder should have a securityGroupRuleId() method

'securityGroupRuleId' can be found under SecurityGroupRuleDescription.Builder, and then you can provide the SecurityGroupRuleDescription to the UpdateSecurityGroupRuleDescriptionsIngressRequest::securityGroupRuleDescriptions request attribute.

Let us know if you have any follow-up question.

@debora-ito debora-ito added guidance Question that needs advice or information. closing-soon This issue will close in 4 days unless further comments are made. and removed bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels May 14, 2024
@debora-ito debora-ito self-assigned this May 14, 2024
@xsimo
Copy link
Author

xsimo commented May 15, 2024

Ok, thank you very much for this explanation.
One last precision: Is it possible to add a rule to an existing security group and specify the rule description in the same ec2Client call ?

@github-actions github-actions bot removed the closing-soon This issue will close in 4 days unless further comments are made. label May 16, 2024
@debora-ito
Copy link
Member

I don't think it's possible, you need to call separate APIs: 'ModifyInstanceAttribute' to assign a security group to an instance, and 'ModifySecurityGroupRules' to change the description.

Please refer to the EC2 User Guide for more info: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/working-with-security-groups.html

@debora-ito debora-ito added the closing-soon This issue will close in 4 days unless further comments are made. label May 22, 2024
@xsimo xsimo closed this as completed May 23, 2024
@github-actions GitHub Actions
Copy link

This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@debora-ito debora-ito

Labels
closing-soon This issue will close in 4 days unless further comments are made. guidance Question that needs advice or information.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@debora-ito @xsimo