Only invoke .lower() on non-None protocols

When using source group based security group rules (rather than CIDR based ones), it's permissible to not set a protocol and port. However, Nova would always try to convert the protocol to lower case, which would fail if the protocol wasn't set. Fixes bug 1010514 Change-Id: I9b1519a52ececd16a497acebfe022508cbe96126
author: Soren Hansen <sorhanse@cisco.com> 2012-06-11 09:23:33 +0200
committer: Soren Hansen <sorhanse@cisco.com> 2012-06-11 11:37:30 +0200
commit: bbdf82c5ec3e31a5dc43948291c4f37ce1098714 (patch)
tree: f9637239d753b9a31870b22b5f31333e490d3ce2 /nova/virt
parent: 3ea7dcc6432d6247cb1dc536c31684b595841633 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/nova/virt/firewall.py b/nova/virt/firewall.py
index be6a0f7c9..89559a829 100644
--- a/nova/virt/firewall.py
+++ b/nova/virt/firewall.py
@@ -331,7 +331,11 @@ class IptablesFirewallDriver(FirewallDriver):
                 else:
                     fw_rules = ipv6_rules
 
-                protocol = rule.protocol.lower()
+                protocol = rule.protocol
+
+                if protocol:
+                    protocol = rule.protocol.lower()
+
                 if version == 6 and protocol == 'icmp':
                     protocol = 'icmpv6'
author	Soren Hansen <sorhanse@cisco.com>	2012-06-11 09:23:33 +0200
committer	Soren Hansen <sorhanse@cisco.com>	2012-06-11 11:37:30 +0200
commit	bbdf82c5ec3e31a5dc43948291c4f37ce1098714 (patch)
tree	f9637239d753b9a31870b22b5f31333e490d3ce2 /nova/virt
parent	3ea7dcc6432d6247cb1dc536c31684b595841633 (diff)