Merge "Fix issues with security group auths without ports."

author: Jenkins <jenkins@review.openstack.org> 2012-03-10 03:55:58 +0000
committer: Gerrit Code Review <review@openstack.org> 2012-03-10 03:55:58 +0000
commit: 75c5e956b7341ae2ac95440ab7c69c02168ffe43 (patch)
tree: 712b6efe2e29a283d420d17027b526b97c998680 /nova/api
parent: 9f9402693a4465346e2b901055f798ba139c130b (diff)
parent: ee0bb74cbcf521071965ccd63f8232e8c434229d (diff)
2 files changed, 24 insertions, 0 deletions
diff --git a/nova/api/ec2/cloud.py b/nova/api/ec2/cloud.py
index f4886551d..a93124e7a 100644
--- a/nova/api/ec2/cloud.py
+++ b/nova/api/ec2/cloud.py
@@ -555,6 +555,18 @@ class CloudController(object):
         else:
             values['cidr'] = '0.0.0.0/0'
 
+        if source_security_group_name:
+            # Open everything if an explicit port range or type/code are not
+            # specified, but only if a source group was specified.
+            ip_proto_upper = ip_protocol.upper() if ip_protocol else ''
+            if ip_proto_upper == 'ICMP' and not from_port and not to_port:
+                from_port = -1
+                to_port = -1
+            elif (ip_proto_upper in ['TCP', 'UDP'] and not from_port
+                  and not to_port):
+                from_port = 1
+                to_port = 65535
+
         if ip_protocol and from_port and to_port:
 
             ip_protocol = str(ip_protocol)
diff --git a/nova/api/openstack/compute/contrib/security_groups.py b/nova/api/openstack/compute/contrib/security_groups.py
index 9a4cdc7e8..bc4551ec7 100644
--- a/nova/api/openstack/compute/contrib/security_groups.py
+++ b/nova/api/openstack/compute/contrib/security_groups.py
@@ -436,6 +436,18 @@ class SecurityGroupRulesController(SecurityGroupControllerBase):
         else:
             values['cidr'] = '0.0.0.0/0'
 
+        if group_id:
+            # Open everything if an explicit port range or type/code are not
+            # specified, but only if a source group was specified.
+            ip_proto_upper = ip_protocol.upper() if ip_protocol else ''
+            if ip_proto_upper == 'ICMP' and not from_port and not to_port:
+                from_port = -1
+                to_port = -1
+            elif (ip_proto_upper in ['TCP', 'UDP'] and not from_port
+                  and not to_port):
+                from_port = 1
+                to_port = 65535
+
         if ip_protocol and from_port and to_port:
 
             ip_protocol = str(ip_protocol)
author	Jenkins <jenkins@review.openstack.org>	2012-03-10 03:55:58 +0000
committer	Gerrit Code Review <review@openstack.org>	2012-03-10 03:55:58 +0000
commit	75c5e956b7341ae2ac95440ab7c69c02168ffe43 (patch)
tree	712b6efe2e29a283d420d17027b526b97c998680 /nova/api
parent	9f9402693a4465346e2b901055f798ba139c130b (diff)
parent	ee0bb74cbcf521071965ccd63f8232e8c434229d (diff)