Allow creating security group rules for ICMP

At the moment, it's not possible to create a security group rule with from port and to port set to -1. This is useful only when creating ICMP rules to allow all ICMP traffic. This patch allows setting both values to -1, only if the protocol of the security group rule is ICMP. Change-Id: I290005b31fd4afc246db28ffd899302fb85a67fb (cherry picked from commit dad40312eb)
2017-07-25 16:40:33 -04:00 · 2017-07-25 16:40:33 -04:00 · 3a344a71f9
parent 22b107f54c
commit 3a344a71f9
2 changed files with 14 additions and 2 deletions
--- a/lib/puppet/type/nova_security_rule.rb
+++ b/lib/puppet/type/nova_security_rule.rb
@ -69,7 +69,7 @@ Puppet::Type.newtype(:nova_security_rule) do
      raise Puppet::Error, 'You should give the source port!'
    end
    validate do |value|
-      if value !~ /\d+/ or value.to_i <= 0 or value.to_i >= 65536
+      if value !~ /\d+/ or value.to_i <= -1 or value.to_i >= 65536
        raise Puppet::Error, 'Incorrect from port!'
      end
    end
@ -80,7 +80,7 @@ Puppet::Type.newtype(:nova_security_rule) do
      raise Puppet::Error, 'You should give the destination port!'
    end
    validate do |value|
-      if value !~ /\d+/ or value.to_i <= 0 or value.to_i >= 65536
+      if value !~ /\d+/ or value.to_i <= -1 or value.to_i >= 65536
        raise Puppet::Error, 'Incorrect to port!'
      end
    end
@ -132,6 +132,9 @@ Puppet::Type.newtype(:nova_security_rule) do
    unless self[:from_port].to_i <= self[:to_port].to_i
      raise Puppet::Error, 'From_port should be lesser or equal to to_port!'
    end
+    if self[:ip_protocol] != 'icmp' and (self[:from_port].to_i <= 0 || self[:to_port].to_i <= 0)
+      raise Puppet::Error, 'From_port and To_port should not be less than 0 unless IP protocol is ICMP'
+    end
  end

  autorequire(:nova_security_group) do
--- a/spec/type/nova_security_rule_spec.rb
+++ b/spec/type/nova_security_rule_spec.rb
@ -14,6 +14,15 @@ describe Puppet::Type.type(:nova_security_rule) do
    end
  end

+  it "should be able to create an instance with icmp" do
+    expect(described_class.new(:name => 'scr0',
+                               :ip_protocol => 'icmp',
+                               :from_port => -1,
+                               :to_port => -1,
+                               :ip_range => "0.0.0.0/0",
+                               :security_group => "scg0")).not_to be_nil
+  end
+
  it "should be able to create an instance with ip range" do
    expect(described_class.new(:name => 'scr0',
                               :ip_protocol => 'tcp',