Merge "python3: Fix handling of other protocol in SG rule"

This commit is contained in:
Zuul 2019-01-11 16:26:08 +00:00 committed by Gerrit Code Review
commit ea51592827
3 changed files with 25 additions and 6 deletions

View File

@ -432,9 +432,9 @@ class SecurityGroupManager(object):
"""
if not cidr:
cidr = None
if from_port < 0:
if isinstance(from_port, int) and from_port < 0:
from_port = None
if to_port < 0:
if isinstance(to_port, int) and to_port < 0:
to_port = None
if isinstance(ip_protocol, int) and ip_protocol < 0:
ip_protocol = None

View File

@ -550,6 +550,16 @@ def data(TEST):
'tenant_id': secgroup['tenant_id'],
'description': 'Ingress HTTP from SG #1',
}
rule_ip_proto = {
'id': uuidutils.generate_uuid(),
'direction': u'ingress', 'ethertype': u'IPv4',
'port_range_min': None, 'port_range_max': None,
'protocol': u'99', 'remote_group_id': None,
'remote_ip_prefix': u'0.0.0.0/24',
'security_group_id': secgroup['id'],
'tenant_id': secgroup['tenant_id'],
'description': 'Ingress custom IP protocol 99',
}
rule_all_tcp = {
'id': uuidutils.generate_uuid(),
'direction': u'egress', 'ethertype': u'IPv4',
@ -563,7 +573,8 @@ def data(TEST):
rules = []
if not default_only:
rules += [rule_tcp_80, rule_icmp, rule_group, rule_all_tcp]
rules += [rule_tcp_80, rule_icmp, rule_group, rule_all_tcp,
rule_ip_proto]
rules += [rule_egress_ipv4, rule_egress_ipv6]
secgroup['security_group_rules'] = rules

View File

@ -1250,9 +1250,17 @@ class NeutronApiSecurityGroupTests(test.APIMockTestCase):
def test_security_group_rule_create_without_desc(self):
self._test_security_group_rule_create(with_desc=False)
def _test_security_group_rule_create(self, with_desc):
sg_rule = [r for r in self.api_security_group_rules.list()
if r['protocol'] == 'tcp' and r['remote_ip_prefix']][0]
def test_security_group_rule_create_with_custom_protocol(self):
self._test_security_group_rule_create(custom_ip_proto=True)
def _test_security_group_rule_create(self, with_desc=False,
custom_ip_proto=False):
if custom_ip_proto:
sg_rule = [r for r in self.api_security_group_rules.list()
if r['protocol'] == '99'][0]
else:
sg_rule = [r for r in self.api_security_group_rules.list()
if r['protocol'] == 'tcp' and r['remote_ip_prefix']][0]
sg_id = sg_rule['security_group_id']
secgroup = [sg for sg in self.api_security_groups.list()
if sg['id'] == sg_id][0]