From b07899f6d10012f00b514357abca7144a9573b74 Mon Sep 17 00:00:00 2001
From: Giovanni Grano <me@giograno.com>
Date: Mon, 12 May 2025 17:03:53 +0200
Subject: [PATCH 1/2] improve fixture

---
 .../localstack/testing/pytest/fixtures.py     | 34 ++++++++++++++-----
 1 file changed, 25 insertions(+), 9 deletions(-)

diff --git a/localstack-core/localstack/testing/pytest/fixtures.py b/localstack-core/localstack/testing/pytest/fixtures.py
index a127e9a94aab5..1432783c2b572 100644
--- a/localstack-core/localstack/testing/pytest/fixtures.py
+++ b/localstack-core/localstack/testing/pytest/fixtures.py
@@ -21,6 +21,7 @@
 from werkzeug import Request, Response
 
 from localstack import config
+from localstack.aws.api.ec2 import CreateSecurityGroupRequest
 from localstack.aws.connect import ServiceLevelClientFactory
 from localstack.services.stores import (
     AccountRegionBundle,
@@ -42,7 +43,7 @@
 from localstack.utils.aws.client import SigningHttpClient
 from localstack.utils.aws.resources import create_dynamodb_table
 from localstack.utils.bootstrap import is_api_enabled
-from localstack.utils.collections import ensure_list
+from localstack.utils.collections import ensure_list, select_from_typed_dict
 from localstack.utils.functions import call_safe, run_safe
 from localstack.utils.http import safe_requests as requests
 from localstack.utils.id_generator import ResourceIdentifier, localstack_id_manager
@@ -2001,24 +2002,39 @@ def inner(sender_email_address: Optional[str] = None) -> str:
 def ec2_create_security_group(aws_client):
     ec2_sgs = []
 
-    def factory(ports=None, **kwargs):
+    def factory(ports=None, ip_protocol: str = "tcp", **kwargs):
+        """
+        Create the target group and authorize the security group ingress.
+        :param ports: list of ports to be authorized for the ingress rule.
+        :param ip_protocol: the ip protocol for the permissions (tcp by default)
+        """
         if "GroupName" not in kwargs:
-            kwargs["GroupName"] = f"test-sg-{short_uid()}"
-        security_group = aws_client.ec2.create_security_group(**kwargs)
+            kwargs["GroupName"] = f"sg-{short_uid()}"
+        # Making sure the call to CreateSecurityGroup gets the right arguments
+        _args = select_from_typed_dict(CreateSecurityGroupRequest, kwargs)
+        security_group = aws_client.ec2.create_security_group(**_args)
 
         permissions = [
             {
                 "FromPort": port,
-                "IpProtocol": "tcp",
+                "IpProtocol": ip_protocol,
                 "IpRanges": [{"CidrIp": "0.0.0.0/0"}],
                 "ToPort": port,
             }
             for port in ports or []
         ]
-        aws_client.ec2.authorize_security_group_ingress(
-            GroupName=kwargs["GroupName"],
-            IpPermissions=permissions,
-        )
+        if "VpcId" not in kwargs:
+            # default vpc group can use the group-name
+            aws_client.ec2.authorize_security_group_ingress(
+                GroupName=kwargs["GroupName"],
+                IpPermissions=permissions,
+            )
+        else:
+            # non default, has to use the group-id
+            aws_client.ec2.authorize_security_group_ingress(
+                GroupId=security_group["GroupId"],
+                IpPermissions=permissions,
+            )
 
         ec2_sgs.append(security_group["GroupId"])
         return security_group

From 307f11a99dbb24fbc70569f099987288a07853a4 Mon Sep 17 00:00:00 2001
From: Giovanni Grano <me@giograno.com>
Date: Tue, 13 May 2025 13:30:38 +0200
Subject: [PATCH 2/2] Simplify fixture

    Default security group can use GroupName instead of the GroupId, but
    the latter works in all cases
---
 .../localstack/testing/pytest/fixtures.py     | 20 ++++++-------------
 1 file changed, 6 insertions(+), 14 deletions(-)

diff --git a/localstack-core/localstack/testing/pytest/fixtures.py b/localstack-core/localstack/testing/pytest/fixtures.py
index 1432783c2b572..6bddcb162632f 100644
--- a/localstack-core/localstack/testing/pytest/fixtures.py
+++ b/localstack-core/localstack/testing/pytest/fixtures.py
@@ -2013,7 +2013,7 @@ def factory(ports=None, ip_protocol: str = "tcp", **kwargs):
         # Making sure the call to CreateSecurityGroup gets the right arguments
         _args = select_from_typed_dict(CreateSecurityGroupRequest, kwargs)
         security_group = aws_client.ec2.create_security_group(**_args)
-
+        security_group_id = security_group["GroupId"]
         permissions = [
             {
                 "FromPort": port,
@@ -2023,20 +2023,12 @@ def factory(ports=None, ip_protocol: str = "tcp", **kwargs):
             }
             for port in ports or []
         ]
-        if "VpcId" not in kwargs:
-            # default vpc group can use the group-name
-            aws_client.ec2.authorize_security_group_ingress(
-                GroupName=kwargs["GroupName"],
-                IpPermissions=permissions,
-            )
-        else:
-            # non default, has to use the group-id
-            aws_client.ec2.authorize_security_group_ingress(
-                GroupId=security_group["GroupId"],
-                IpPermissions=permissions,
-            )
+        aws_client.ec2.authorize_security_group_ingress(
+            GroupId=security_group_id,
+            IpPermissions=permissions,
+        )
 
-        ec2_sgs.append(security_group["GroupId"])
+        ec2_sgs.append(security_group_id)
         return security_group
 
     yield factory