From b89f2480253a9921d0a18820abaca051f7f4ecc8 Mon Sep 17 00:00:00 2001
From: Chintan Raval <chintanr@pageuppeople.com>
Date: Thu, 11 Oct 2018 12:49:48 +1100
Subject: [PATCH 1/2] feat(aws-ec2): add support for ICMP protocol's
 classification Types & Codes to SecurityGroupRule

---
 .../aws-ec2/lib/security-group-rule.ts        | 63 +++++++++++++++++++
 .../@aws-cdk/aws-ec2/test/test.connections.ts | 27 +++++++-
 2 files changed, 88 insertions(+), 2 deletions(-)

diff --git a/packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts b/packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts
index c0541da365afa..0686e1671c696 100644
--- a/packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts
+++ b/packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts
@@ -318,6 +318,69 @@ export class UdpAllPorts implements IPortRange {
   }
 }
 
+/**
+ * A set of matching ICMP Type & Code
+ */
+export class IcmpTypeAndCode implements IPortRange {
+  public readonly canInlineRule = true;
+
+  constructor(private readonly type: number, private readonly code: number) {
+  }
+
+  public toRuleJSON(): any {
+    return {
+      ipProtocol: Protocol.Icmp,
+      fromPort: this.type,
+      toPort: this.code
+    };
+  }
+
+  public toString() {
+    return `ICMP TYPE ${this.type} AND ICMP CODE ${this.code}`;
+  }
+}
+
+/**
+ * All ICMP Codes for a given ICMP Type
+ */
+export class IcmpAllTypeCodes implements IPortRange {
+  public readonly canInlineRule = true;
+
+  constructor(private readonly type: number) {
+  }
+
+  public toRuleJSON(): any {
+    return {
+      ipProtocol: Protocol.Icmp,
+      fromPort: this.type,
+      toPort: -1
+    };
+  }
+
+  public toString() {
+    return `ICMP TYPE ${this.type} AND ALL IT'S CODES`;
+  }
+}
+
+/**
+ * All ICMP Types & Codes
+ */
+export class IcmpAllTypesAndCodes implements IPortRange {
+  public readonly canInlineRule = true;
+
+  public toRuleJSON(): any {
+    return {
+      ipProtocol: Protocol.Icmp,
+      fromPort: -1,
+      toPort: -1
+    };
+  }
+
+  public toString() {
+    return 'ICMP ALL TYPES AND CODES';
+  }
+}
+
 /**
  * All Traffic
  */
diff --git a/packages/@aws-cdk/aws-ec2/test/test.connections.ts b/packages/@aws-cdk/aws-ec2/test/test.connections.ts
index de7087f425b64..909328f644f19 100644
--- a/packages/@aws-cdk/aws-ec2/test/test.connections.ts
+++ b/packages/@aws-cdk/aws-ec2/test/test.connections.ts
@@ -1,8 +1,28 @@
 import { expect, haveResource } from '@aws-cdk/assert';
 import { Stack } from '@aws-cdk/cdk';
 import { Test } from 'nodeunit';
-import { AllConnections, AnyIPv4, AnyIPv6, Connections, IConnectable, PrefixList, SecurityGroup, SecurityGroupRef,
-  TcpAllPorts, TcpPort, TcpPortFromAttribute, TcpPortRange, UdpAllPorts, UdpPort, UdpPortFromAttribute, UdpPortRange, VpcNetwork } from '../lib';
+import {
+  AllConnections,
+  AnyIPv4,
+  AnyIPv6,
+  Connections,
+  IcmpAllTypeCodes,
+  IcmpAllTypesAndCodes,
+  IcmpTypeAndCode,
+  IConnectable,
+  PrefixList,
+  SecurityGroup,
+  SecurityGroupRef,
+  TcpAllPorts,
+  TcpPort,
+  TcpPortFromAttribute,
+  TcpPortRange,
+  UdpAllPorts,
+  UdpPort,
+  UdpPortFromAttribute,
+  UdpPortRange,
+  VpcNetwork
+} from "../lib";
 
 export = {
   'peering between two security groups does not recursive infinitely'(test: Test) {
@@ -80,6 +100,9 @@ export = {
       new UdpPortFromAttribute("udp-test-port!"),
       new UdpAllPorts(),
       new UdpPortRange(85, 95),
+      new IcmpTypeAndCode(5, 1),
+      new IcmpAllTypeCodes(8),
+      new IcmpAllTypesAndCodes(),
       new AllConnections()
     ];
 

From 5efb24d39beeb8ec600413c57a2c829703404d1a Mon Sep 17 00:00:00 2001
From: Rico Huijbers <rix0rrr@gmail.com>
Date: Thu, 11 Oct 2018 10:20:52 +0200
Subject: [PATCH 2/2] Update descriptions

---
 packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts b/packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts
index 0686e1671c696..b7ab7925d8dd5 100644
--- a/packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts
+++ b/packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts
@@ -336,7 +336,7 @@ export class IcmpTypeAndCode implements IPortRange {
   }
 
   public toString() {
-    return `ICMP TYPE ${this.type} AND ICMP CODE ${this.code}`;
+    return `ICMP Type ${this.type} Code ${this.code}`;
   }
 }
 
@@ -358,7 +358,7 @@ export class IcmpAllTypeCodes implements IPortRange {
   }
 
   public toString() {
-    return `ICMP TYPE ${this.type} AND ALL IT'S CODES`;
+    return `ICMP Type ${this.type}`;
   }
 }
 
@@ -377,7 +377,7 @@ export class IcmpAllTypesAndCodes implements IPortRange {
   }
 
   public toString() {
-    return 'ICMP ALL TYPES AND CODES';
+    return 'ALL ICMP';
   }
 }