diff options
| author | Jenkins <jenkins@review.openstack.org> | 2013-05-15 21:34:00 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2013-05-15 21:34:00 +0000 |
| commit | 7d6fc20945e52e933eceedb6fddd0255c6d87435 (patch) | |
| tree | bf647590f33179741f7365edc374f22c06273478 | |
| parent | e2636ff5b8191b1b0338d28ecc7e389d7e357561 (diff) | |
| parent | 78e2e2128992527407f99743340692ef3be75210 (diff) | |
| download | nova-7d6fc20945e52e933eceedb6fddd0255c6d87435.tar.gz nova-7d6fc20945e52e933eceedb6fddd0255c6d87435.tar.xz nova-7d6fc20945e52e933eceedb6fddd0255c6d87435.zip | |
Merge "Fix quantum security group driver to accept none for from/to_port"
| -rw-r--r-- | nova/network/security_group/quantum_driver.py | 22 | ||||
| -rw-r--r-- | nova/tests/api/openstack/compute/contrib/test_security_groups.py | 40 |
2 files changed, 52 insertions, 10 deletions
diff --git a/nova/network/security_group/quantum_driver.py b/nova/network/security_group/quantum_driver.py index 1c49da5e3..ea7dac825 100644 --- a/nova/network/security_group/quantum_driver.py +++ b/nova/network/security_group/quantum_driver.py @@ -79,15 +79,17 @@ class SecurityGroupAPI(security_group_base.SecurityGroupBase): nova_rule['id'] = rule['id'] nova_rule['parent_group_id'] = rule['security_group_id'] nova_rule['protocol'] = rule['protocol'] - if rule['port_range_min'] is None: - nova_rule['from_port'] = -1 + if (nova_rule['protocol'] and rule.get('port_range_min') is None and + rule.get('port_range_max') is None): + if nova_rule['protocol'].upper() == 'ICMP': + nova_rule['from_port'] = -1 + nova_rule['to_port'] = -1 + elif rule['protocol'].upper() in ['TCP', 'UDP']: + nova_rule['from_port'] = 1 + nova_rule['to_port'] = 65535 else: - nova_rule['from_port'] = rule['port_range_min'] - - if rule['port_range_max'] is None: - nova_rule['to_port'] = -1 - else: - nova_rule['to_port'] = rule['port_range_max'] + nova_rule['from_port'] = rule.get('port_range_min') + nova_rule['to_port'] = rule.get('port_range_max') nova_rule['group_id'] = rule['remote_group_id'] nova_rule['cidr'] = rule['remote_ip_prefix'] return nova_rule @@ -207,9 +209,9 @@ class SecurityGroupAPI(security_group_base.SecurityGroupBase): new_rule['remote_ip_prefix'] = rule.get('cidr') new_rule['security_group_id'] = rule.get('parent_group_id') new_rule['remote_group_id'] = rule.get('group_id') - if rule['from_port'] != -1: + if 'from_port' in rule and rule['from_port'] != -1: new_rule['port_range_min'] = rule['from_port'] - if rule['to_port'] != -1: + if 'to_port' in rule and rule['to_port'] != -1: new_rule['port_range_max'] = rule['to_port'] new_rules.append(new_rule) return {'security_group_rules': new_rules} diff --git a/nova/tests/api/openstack/compute/contrib/test_security_groups.py b/nova/tests/api/openstack/compute/contrib/test_security_groups.py index 480156b97..b1a5b3fdf 100644 --- a/nova/tests/api/openstack/compute/contrib/test_security_groups.py +++ b/nova/tests/api/openstack/compute/contrib/test_security_groups.py @@ -727,6 +727,46 @@ class TestSecurityGroupRules(test.TestCase): self.assertEquals(security_group_rule['from_port'], 81) self.assertEquals(security_group_rule['to_port'], 81) + def test_create_none_value_from_to_port(self): + rule = {'parent_group_id': self.sg1['id'], + 'group_id': self.sg1['id']} + req = fakes.HTTPRequest.blank('/v2/fake/os-security-group-rules') + res_dict = self.controller.create(req, {'security_group_rule': rule}) + security_group_rule = res_dict['security_group_rule'] + self.assertEquals(security_group_rule['from_port'], None) + self.assertEquals(security_group_rule['to_port'], None) + self.assertEquals(security_group_rule['group']['name'], 'test') + self.assertEquals(security_group_rule['parent_group_id'], + self.sg1['id']) + + def test_create_none_value_from_to_port_icmp(self): + rule = {'parent_group_id': self.sg1['id'], + 'group_id': self.sg1['id'], + 'ip_protocol': 'ICMP'} + req = fakes.HTTPRequest.blank('/v2/fake/os-security-group-rules') + res_dict = self.controller.create(req, {'security_group_rule': rule}) + security_group_rule = res_dict['security_group_rule'] + self.assertEquals(security_group_rule['ip_protocol'], 'ICMP') + self.assertEquals(security_group_rule['from_port'], -1) + self.assertEquals(security_group_rule['to_port'], -1) + self.assertEquals(security_group_rule['group']['name'], 'test') + self.assertEquals(security_group_rule['parent_group_id'], + self.sg1['id']) + + def test_create_none_value_from_to_port_tcp(self): + rule = {'parent_group_id': self.sg1['id'], + 'group_id': self.sg1['id'], + 'ip_protocol': 'TCP'} + req = fakes.HTTPRequest.blank('/v2/fake/os-security-group-rules') + res_dict = self.controller.create(req, {'security_group_rule': rule}) + security_group_rule = res_dict['security_group_rule'] + self.assertEquals(security_group_rule['ip_protocol'], 'TCP') + self.assertEquals(security_group_rule['from_port'], 1) + self.assertEquals(security_group_rule['to_port'], 65535) + self.assertEquals(security_group_rule['group']['name'], 'test') + self.assertEquals(security_group_rule['parent_group_id'], + self.sg1['id']) + def test_create_by_invalid_cidr_json(self): rule = security_group_rule_template( ip_protocol="tcp", |