Merge "Change default security group protocol to 'any'"

This commit is contained in:
Zuul 2019-06-22 21:39:31 +00:00 committed by Gerrit Code Review
commit 3258b9e5e3
5 changed files with 31 additions and 10 deletions

View File

@ -61,8 +61,8 @@ Create a new security group rule
IP protocol (ah, dccp, egp, esp, gre, icmp, igmp, IP protocol (ah, dccp, egp, esp, gre, icmp, igmp,
ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt,
ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp,
udp, udplite, vrrp and integer representations [0-255]; udp, udplite, vrrp and integer representations [0-255]
default: tcp) or any; default: any (all protocols))
*Network version 2* *Network version 2*
@ -157,7 +157,7 @@ List security group rules
List rules by the IP protocol (ah, dhcp, egp, esp, gre, icmp, igmp, List rules by the IP protocol (ah, dhcp, egp, esp, gre, icmp, igmp,
ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt,ipv6-opts, ipv6-route, ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt,ipv6-opts, ipv6-route,
ospf, pgm, rsvp, sctp, tcp, udp, udplite, vrrp and integer ospf, pgm, rsvp, sctp, tcp, udp, udplite, vrrp and integer
representations [0-255]) representations [0-255] or any; default: any (all protocols))
*Network version 2* *Network version 2*

View File

@ -155,7 +155,7 @@ class CreateSecurityGroupRule(common.NetworkAndComputeShowOne):
"ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, " "ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, "
"ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, " "ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, "
"udp, udplite, vrrp and integer representations [0-255] " "udp, udplite, vrrp and integer representations [0-255] "
"or any; default: tcp)") "or any; default: any (all protocols))")
) )
protocol_group.add_argument( protocol_group.add_argument(
'--proto', '--proto',
@ -220,8 +220,8 @@ class CreateSecurityGroupRule(common.NetworkAndComputeShowOne):
) )
return parser return parser
def _get_protocol(self, parsed_args): def _get_protocol(self, parsed_args, default_protocol='any'):
protocol = 'tcp' protocol = default_protocol
if parsed_args.protocol is not None: if parsed_args.protocol is not None:
protocol = parsed_args.protocol protocol = parsed_args.protocol
if parsed_args.proto is not None: if parsed_args.proto is not None:
@ -324,7 +324,7 @@ class CreateSecurityGroupRule(common.NetworkAndComputeShowOne):
def take_action_compute(self, client, parsed_args): def take_action_compute(self, client, parsed_args):
group = client.api.security_group_find(parsed_args.group) group = client.api.security_group_find(parsed_args.group)
protocol = self._get_protocol(parsed_args) protocol = self._get_protocol(parsed_args, default_protocol='tcp')
if protocol == 'icmp': if protocol == 'icmp':
from_port, to_port = -1, -1 from_port, to_port = -1, -1
else: else:
@ -415,8 +415,8 @@ class ListSecurityGroupRule(common.NetworkAndComputeLister):
"ah, dhcp, egp, esp, gre, icmp, igmp, " "ah, dhcp, egp, esp, gre, icmp, igmp, "
"ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, " "ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, "
"ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, " "ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, "
"udp, udplite, vrrp and integer representations [0-255])." "udp, udplite, vrrp and integer representations [0-255] "
) "or any; default: any (all protocols))")
) )
direction_group = parser.add_mutually_exclusive_group() direction_group = parser.add_mutually_exclusive_group()
direction_group.add_argument( direction_group.add_argument(

View File

@ -1305,7 +1305,7 @@ class FakeSecurityGroupRule(object):
'id': 'security-group-rule-id-' + uuid.uuid4().hex, 'id': 'security-group-rule-id-' + uuid.uuid4().hex,
'port_range_max': None, 'port_range_max': None,
'port_range_min': None, 'port_range_min': None,
'protocol': 'tcp', 'protocol': None,
'remote_group_id': None, 'remote_group_id': None,
'remote_ip_prefix': '0.0.0.0/0', 'remote_ip_prefix': '0.0.0.0/0',
'security_group_id': 'security-group-id-' + uuid.uuid4().hex, 'security_group_id': 'security-group-id-' + uuid.uuid4().hex,

View File

@ -168,10 +168,12 @@ class TestCreateSecurityGroupRuleNetwork(TestSecurityGroupRuleNetwork):
def test_create_default_rule(self): def test_create_default_rule(self):
self._setup_security_group_rule({ self._setup_security_group_rule({
'protocol': 'tcp',
'port_range_max': 443, 'port_range_max': 443,
'port_range_min': 443, 'port_range_min': 443,
}) })
arglist = [ arglist = [
'--protocol', 'tcp',
'--dst-port', str(self._security_group_rule.port_range_min), '--dst-port', str(self._security_group_rule.port_range_min),
self._security_group.id, self._security_group.id,
] ]
@ -258,10 +260,12 @@ class TestCreateSecurityGroupRuleNetwork(TestSecurityGroupRuleNetwork):
def test_create_remote_group(self): def test_create_remote_group(self):
self._setup_security_group_rule({ self._setup_security_group_rule({
'protocol': 'tcp',
'port_range_max': 22, 'port_range_max': 22,
'port_range_min': 22, 'port_range_min': 22,
}) })
arglist = [ arglist = [
'--protocol', 'tcp',
'--dst-port', str(self._security_group_rule.port_range_min), '--dst-port', str(self._security_group_rule.port_range_min),
'--ingress', '--ingress',
'--remote-group', self._security_group.name, '--remote-group', self._security_group.name,

View File

@ -0,0 +1,17 @@
---
features:
- |
Change to use ``any`` as the default ``--protocol`` option to
``security group rule create`` command when using the Neutron v2 API.
[Bug `1716789 <https://bugs.launchpad.net/bugs/1716789>`_]
fixes:
- |
The default protocol used to create a security rule was changed to
``tcp``, which was a regression from the neutron client when using
the Neutron v2 API. Change it back to ``any``, which skips sending
the protocol to the API server entirely.
upgrade:
- |
Users that had been creating rules without specifying a protocol
and expecting ``tcp`` need to change to use ``--protocol tcp``
explicitly when using the Neutron v2 API.