diff --git a/doc/source/cli/command-objects/security-group-rule.rst b/doc/source/cli/command-objects/security-group-rule.rst index 1dbf16d22b..5809e00278 100644 --- a/doc/source/cli/command-objects/security-group-rule.rst +++ b/doc/source/cli/command-objects/security-group-rule.rst @@ -61,8 +61,8 @@ Create a new security group rule IP protocol (ah, dccp, egp, esp, gre, icmp, igmp, ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, - udp, udplite, vrrp and integer representations [0-255]; - default: tcp) + udp, udplite, vrrp and integer representations [0-255] + or any; default: any (all protocols)) *Network version 2* @@ -157,7 +157,7 @@ List security group rules List rules by the IP protocol (ah, dhcp, egp, esp, gre, icmp, igmp, ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt,ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, udp, udplite, vrrp and integer - representations [0-255]) + representations [0-255] or any; default: any (all protocols)) *Network version 2* diff --git a/openstackclient/network/v2/security_group_rule.py b/openstackclient/network/v2/security_group_rule.py index df19af201f..637fba1d95 100644 --- a/openstackclient/network/v2/security_group_rule.py +++ b/openstackclient/network/v2/security_group_rule.py @@ -155,7 +155,7 @@ class CreateSecurityGroupRule(common.NetworkAndComputeShowOne): "ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, " "ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, " "udp, udplite, vrrp and integer representations [0-255] " - "or any; default: tcp)") + "or any; default: any (all protocols))") ) protocol_group.add_argument( '--proto', @@ -220,8 +220,8 @@ class CreateSecurityGroupRule(common.NetworkAndComputeShowOne): ) return parser - def _get_protocol(self, parsed_args): - protocol = 'tcp' + def _get_protocol(self, parsed_args, default_protocol='any'): + protocol = default_protocol if parsed_args.protocol is not None: protocol = parsed_args.protocol if parsed_args.proto is not None: @@ -324,7 +324,7 @@ class CreateSecurityGroupRule(common.NetworkAndComputeShowOne): def take_action_compute(self, client, parsed_args): group = client.api.security_group_find(parsed_args.group) - protocol = self._get_protocol(parsed_args) + protocol = self._get_protocol(parsed_args, default_protocol='tcp') if protocol == 'icmp': from_port, to_port = -1, -1 else: @@ -415,8 +415,8 @@ class ListSecurityGroupRule(common.NetworkAndComputeLister): "ah, dhcp, egp, esp, gre, icmp, igmp, " "ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, " "ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, " - "udp, udplite, vrrp and integer representations [0-255])." - ) + "udp, udplite, vrrp and integer representations [0-255] " + "or any; default: any (all protocols))") ) direction_group = parser.add_mutually_exclusive_group() direction_group.add_argument( diff --git a/openstackclient/tests/unit/network/v2/fakes.py b/openstackclient/tests/unit/network/v2/fakes.py index 100ea2b1ad..e41621a48e 100644 --- a/openstackclient/tests/unit/network/v2/fakes.py +++ b/openstackclient/tests/unit/network/v2/fakes.py @@ -1305,7 +1305,7 @@ class FakeSecurityGroupRule(object): 'id': 'security-group-rule-id-' + uuid.uuid4().hex, 'port_range_max': None, 'port_range_min': None, - 'protocol': 'tcp', + 'protocol': None, 'remote_group_id': None, 'remote_ip_prefix': '0.0.0.0/0', 'security_group_id': 'security-group-id-' + uuid.uuid4().hex, diff --git a/openstackclient/tests/unit/network/v2/test_security_group_rule_network.py b/openstackclient/tests/unit/network/v2/test_security_group_rule_network.py index 2b0de0d2a1..eb0cf310c0 100644 --- a/openstackclient/tests/unit/network/v2/test_security_group_rule_network.py +++ b/openstackclient/tests/unit/network/v2/test_security_group_rule_network.py @@ -168,10 +168,12 @@ class TestCreateSecurityGroupRuleNetwork(TestSecurityGroupRuleNetwork): def test_create_default_rule(self): self._setup_security_group_rule({ + 'protocol': 'tcp', 'port_range_max': 443, 'port_range_min': 443, }) arglist = [ + '--protocol', 'tcp', '--dst-port', str(self._security_group_rule.port_range_min), self._security_group.id, ] @@ -258,10 +260,12 @@ class TestCreateSecurityGroupRuleNetwork(TestSecurityGroupRuleNetwork): def test_create_remote_group(self): self._setup_security_group_rule({ + 'protocol': 'tcp', 'port_range_max': 22, 'port_range_min': 22, }) arglist = [ + '--protocol', 'tcp', '--dst-port', str(self._security_group_rule.port_range_min), '--ingress', '--remote-group', self._security_group.name, diff --git a/releasenotes/notes/bug-1716789-abfae897b7e61246.yaml b/releasenotes/notes/bug-1716789-abfae897b7e61246.yaml new file mode 100644 index 0000000000..1fd0a13de6 --- /dev/null +++ b/releasenotes/notes/bug-1716789-abfae897b7e61246.yaml @@ -0,0 +1,17 @@ +--- +features: + - | + Change to use ``any`` as the default ``--protocol`` option to + ``security group rule create`` command when using the Neutron v2 API. + [Bug `1716789 `_] +fixes: + - | + The default protocol used to create a security rule was changed to + ``tcp``, which was a regression from the neutron client when using + the Neutron v2 API. Change it back to ``any``, which skips sending + the protocol to the API server entirely. +upgrade: + - | + Users that had been creating rules without specifying a protocol + and expecting ``tcp`` need to change to use ``--protocol tcp`` + explicitly when using the Neutron v2 API.