Fix KeyError if neutron security group is not TCP/UDP/ICMP and no ports

Previously, if a neutron security group rule was created that was not TCP/UDP/ICMP and did not contain a port_range_min/max retrieving it from nova-api would result in a KeyError in nova-api. This patch resolves this issue. Change-Id: I6284a7a8690aec9509b63f7cbd18812e09ef3fdd Closes-bug: #1294346 (cherry picked from commit 3ad4145970)
2014-03-18 21:14:35 -07:00 · 2014-03-18 21:14:35 -07:00 · a3a955507d
parent c57efa476e
commit a3a955507d
2 changed files with 37 additions and 4 deletions
--- a/nova/network/security_group/neutron_driver.py
+++ b/nova/network/security_group/neutron_driver.py
@ -112,12 +112,12 @@ class SecurityGroupAPI(security_group_base.SecurityGroupBase):
        nova_rule['protocol'] = rule['protocol']
        if (nova_rule['protocol'] and rule.get('port_range_min') is None and
                rule.get('port_range_max') is None):
-            if nova_rule['protocol'].upper() == 'ICMP':
-                nova_rule['from_port'] = -1
-                nova_rule['to_port'] = -1
-            elif rule['protocol'].upper() in ['TCP', 'UDP']:
+            if rule['protocol'].upper() in ['TCP', 'UDP']:
                nova_rule['from_port'] = 1
                nova_rule['to_port'] = 65535
+            else:
+                nova_rule['from_port'] = -1
+                nova_rule['to_port'] = -1
        else:
            nova_rule['from_port'] = rule.get('port_range_min')
            nova_rule['to_port'] = rule.get('port_range_max')
--- a/nova/tests/network/security_group/test_neutron_driver.py
+++ b/nova/tests/network/security_group/test_neutron_driver.py
@ -84,6 +84,39 @@ class TestNeutronDriver(test.NoDBTestCase):
        self.assertRaises(exception.SecurityGroupLimitExceeded,
                          sg_api.add_rules, self.context, None, name, [vals])

+    def test_list_security_group_with_no_port_range_and_not_tcp_udp_icmp(self):
+        sg1 = {'description': 'default',
+               'id': '07f1362f-34f6-4136-819a-2dcde112269e',
+               'name': 'default',
+               'tenant_id': 'c166d9316f814891bcb66b96c4c891d6',
+               'security_group_rules':
+                   [{'direction': 'ingress',
+                     'ethertype': 'IPv4',
+                     'id': '0a4647f1-e1aa-488d-90e1-97a7d0293beb',
+                      'port_range_max': None,
+                      'port_range_min': None,
+                      'protocol': '51',
+                      'remote_group_id': None,
+                      'remote_ip_prefix': None,
+                      'security_group_id':
+                           '07f1362f-34f6-4136-819a-2dcde112269e',
+                      'tenant_id': 'c166d9316f814891bcb66b96c4c891d6'}]}
+
+        self.moxed_client.list_security_groups().AndReturn(
+            {'security_groups': [sg1]})
+        self.mox.ReplayAll()
+        sg_api = neutron_driver.SecurityGroupAPI()
+        result = sg_api.list(self.context)
+        expected = [{'rules':
+            [{'from_port': -1, 'protocol': '51', 'to_port': -1,
+              'parent_group_id': '07f1362f-34f6-4136-819a-2dcde112269e',
+              'cidr': '0.0.0.0/0', 'group_id': None,
+              'id': '0a4647f1-e1aa-488d-90e1-97a7d0293beb'}],
+            'project_id': 'c166d9316f814891bcb66b96c4c891d6',
+            'id': '07f1362f-34f6-4136-819a-2dcde112269e',
+            'name': 'default', 'description': 'default'}]
+        self.assertEqual(expected, result)
+
    def test_instances_security_group_bindings(self):
        server_id = 'c5a20e8d-c4b0-47cf-9dca-ebe4f758acb1'
        port1_id = '4c505aec-09aa-47bc-bcc0-940477e84dc0'