diff options
| author | Soren Hansen <soren@linux2go.dk> | 2011-09-05 09:32:14 +0200 |
|---|---|---|
| committer | Soren Hansen <soren@linux2go.dk> | 2011-09-05 09:32:14 +0200 |
| commit | 7d923d28d673340af1e168f99e7178cd01ea3ac3 (patch) | |
| tree | d75cff839d659a55c0834b7c26fb5bb744cc7a03 | |
| parent | 077a6971016b112fa7133f2b00aaed5d922386e1 (diff) | |
Make a security group rule that references another security group return ipPermission for each of tcp, udp, and icmp.
| -rw-r--r-- | nova/api/ec2/cloud.py | 15 | ||||
| -rw-r--r-- | nova/tests/test_cloud.py | 30 |
2 files changed, 41 insertions, 4 deletions
diff --git a/nova/api/ec2/cloud.py b/nova/api/ec2/cloud.py index fe44191c8..14f5f69e2 100644 --- a/nova/api/ec2/cloud.py +++ b/nova/api/ec2/cloud.py @@ -572,18 +572,25 @@ class CloudController(object): g['ipPermissions'] = [] for rule in group.rules: r = {} - r['ipProtocol'] = rule.protocol - r['fromPort'] = rule.from_port - r['toPort'] = rule.to_port r['groups'] = [] r['ipRanges'] = [] if rule.group_id: source_group = db.security_group_get(context, rule.group_id) r['groups'] += [{'groupName': source_group.name, 'userId': source_group.project_id}] + for protocol, min_port, max_port in (('icmp', -1, -1), + ('tcp', 1, 65535), + ('udp', 1, 65536)): + r['ipProtocol'] = protocol + r['fromPort'] = min_port + r['toPort'] = max_port + g['ipPermissions'] += [dict(r)] else: + r['ipProtocol'] = rule.protocol + r['fromPort'] = rule.from_port + r['toPort'] = rule.to_port r['ipRanges'] += [{'cidrIp': rule.cidr}] - g['ipPermissions'] += [r] + g['ipPermissions'] += [r] return g def _rule_args_to_dict(self, context, kwargs): diff --git a/nova/tests/test_cloud.py b/nova/tests/test_cloud.py index 3fe6a9b42..f5a99fa2c 100644 --- a/nova/tests/test_cloud.py +++ b/nova/tests/test_cloud.py @@ -305,6 +305,36 @@ class CloudTestCase(test.TestCase): 'ip_protocol': u'tcp'}]} self.assertTrue(authz(self.context, group_name=sec['name'], **kwargs)) + def test_describe_security_group_ingress_groups(self): + kwargs = {'project_id': self.context.project_id, 'name': 'test'} + sec = db.security_group_create(self.context, + {'project_id': 'someuser', + 'name': 'somegroup1'}) + sec = db.security_group_create(self.context, + {'project_id': 'someuser', + 'name': 'othergroup2'}) + sec = db.security_group_create(self.context, kwargs) + authz = self.cloud.authorize_security_group_ingress + kwargs = {'ip_permissions': [{ + 'groups': {'1': {'user_id': u'someuser', + 'group_name': u'somegroup1'}, + '2': {'user_id': u'someuser', + 'group_name': u'othergroup2'}}}]} + self.assertTrue(authz(self.context, group_name=sec['name'], **kwargs)) + describe = self.cloud.describe_security_groups + groups = describe(self.context, group_name=['test']) + self.assertEquals(len(groups['securityGroupInfo']), 1) + for proto, min_port, max_port in (('icmp', -1, -1), + ('udp', 1, 65536), + ('tcp', 1, 65535)): + rules = filter(lambda g:g['ipProtocol'] == proto, + groups['securityGroupInfo'][0]['ipPermissions']) + self.assertEquals(len(rules), 2, + "Expected 2 rules for protocol %s" % proto) + for rule in rules: + self.assertEquals(rule['fromPort'], min_port) + self.assertEquals(rule['toPort'], max_port) + def test_revoke_security_group_ingress(self): kwargs = {'project_id': self.context.project_id, 'name': 'test'} sec = db.security_group_create(self.context, kwargs) |