Introduce a limit to number of destinations per rule

Signed-off-by: Marc Paquette <[email protected]>
Signed-off-by: Geoff Franks <[email protected]>

Author: geofffranks

app/messages/validators/security_group_rule_validator.rb

@@ -11,6 +11,8 @@ class RulesValidator < ActiveModel::Validator
     type
   ].freeze
 
+  MAX_DESTINATIONS_PER_RULE = 6000
+
   def validate(record)
     unless record.rules.is_a?(Array)
       record.errors.add :rules, 'must be an array'
@@ -28,7 +30,10 @@ def validate(record)
       add_rule_error("protocol must be 'tcp', 'udp', 'icmp', or 'all'", record, index) unless valid_protocol(rule[:protocol])
 
       if valid_destination_type(rule[:destination], record, index)
-        rule[:destination].split(',').each do |d|
+        rules = rule[:destination].split(',')
+        add_rule_error("maximum destinations per rule exceeded - must be under #{MAX_DESTINATIONS_PER_RULE}", record, index) unless rules.length <= MAX_DESTINATIONS_PER_RULE
+
+        rules.each do |d|
           validate_destination(d, record, index)
         end
       end

spec/unit/messages/validators/security_group_rule_validator_spec.rb

@@ -388,6 +388,22 @@ def self.name
             expect(subject.errors.full_messages).to include expected_error
           end
         end
+
+        context 'more than 6000 destinations per rule' do
+          let(:rules) do
+            [
+              {
+                protocol: 'all',
+                destination: (['192.168.1.3'] * 7000).join(',')
+              }
+            ]
+          end
+
+          it 'throws an error' do
+            expect(subject).not_to be_valid
+            expect(subject.errors.full_messages).to include 'Rules[0]: maximum destinations per rule exceeded - must be under 6000'
+          end
+        end
       end
     end