Merge "Change default security group protocol to 'any'"
This commit is contained in:
commit
3258b9e5e3
@ -61,8 +61,8 @@ Create a new security group rule
|
||||
IP protocol (ah, dccp, egp, esp, gre, icmp, igmp,
|
||||
ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt,
|
||||
ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp,
|
||||
udp, udplite, vrrp and integer representations [0-255];
|
||||
default: tcp)
|
||||
udp, udplite, vrrp and integer representations [0-255]
|
||||
or any; default: any (all protocols))
|
||||
|
||||
*Network version 2*
|
||||
|
||||
@ -157,7 +157,7 @@ List security group rules
|
||||
List rules by the IP protocol (ah, dhcp, egp, esp, gre, icmp, igmp,
|
||||
ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt,ipv6-opts, ipv6-route,
|
||||
ospf, pgm, rsvp, sctp, tcp, udp, udplite, vrrp and integer
|
||||
representations [0-255])
|
||||
representations [0-255] or any; default: any (all protocols))
|
||||
|
||||
*Network version 2*
|
||||
|
||||
|
@ -155,7 +155,7 @@ class CreateSecurityGroupRule(common.NetworkAndComputeShowOne):
|
||||
"ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, "
|
||||
"ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, "
|
||||
"udp, udplite, vrrp and integer representations [0-255] "
|
||||
"or any; default: tcp)")
|
||||
"or any; default: any (all protocols))")
|
||||
)
|
||||
protocol_group.add_argument(
|
||||
'--proto',
|
||||
@ -220,8 +220,8 @@ class CreateSecurityGroupRule(common.NetworkAndComputeShowOne):
|
||||
)
|
||||
return parser
|
||||
|
||||
def _get_protocol(self, parsed_args):
|
||||
protocol = 'tcp'
|
||||
def _get_protocol(self, parsed_args, default_protocol='any'):
|
||||
protocol = default_protocol
|
||||
if parsed_args.protocol is not None:
|
||||
protocol = parsed_args.protocol
|
||||
if parsed_args.proto is not None:
|
||||
@ -324,7 +324,7 @@ class CreateSecurityGroupRule(common.NetworkAndComputeShowOne):
|
||||
|
||||
def take_action_compute(self, client, parsed_args):
|
||||
group = client.api.security_group_find(parsed_args.group)
|
||||
protocol = self._get_protocol(parsed_args)
|
||||
protocol = self._get_protocol(parsed_args, default_protocol='tcp')
|
||||
if protocol == 'icmp':
|
||||
from_port, to_port = -1, -1
|
||||
else:
|
||||
@ -415,8 +415,8 @@ class ListSecurityGroupRule(common.NetworkAndComputeLister):
|
||||
"ah, dhcp, egp, esp, gre, icmp, igmp, "
|
||||
"ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, "
|
||||
"ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, "
|
||||
"udp, udplite, vrrp and integer representations [0-255])."
|
||||
)
|
||||
"udp, udplite, vrrp and integer representations [0-255] "
|
||||
"or any; default: any (all protocols))")
|
||||
)
|
||||
direction_group = parser.add_mutually_exclusive_group()
|
||||
direction_group.add_argument(
|
||||
|
@ -1305,7 +1305,7 @@ class FakeSecurityGroupRule(object):
|
||||
'id': 'security-group-rule-id-' + uuid.uuid4().hex,
|
||||
'port_range_max': None,
|
||||
'port_range_min': None,
|
||||
'protocol': 'tcp',
|
||||
'protocol': None,
|
||||
'remote_group_id': None,
|
||||
'remote_ip_prefix': '0.0.0.0/0',
|
||||
'security_group_id': 'security-group-id-' + uuid.uuid4().hex,
|
||||
|
@ -168,10 +168,12 @@ class TestCreateSecurityGroupRuleNetwork(TestSecurityGroupRuleNetwork):
|
||||
|
||||
def test_create_default_rule(self):
|
||||
self._setup_security_group_rule({
|
||||
'protocol': 'tcp',
|
||||
'port_range_max': 443,
|
||||
'port_range_min': 443,
|
||||
})
|
||||
arglist = [
|
||||
'--protocol', 'tcp',
|
||||
'--dst-port', str(self._security_group_rule.port_range_min),
|
||||
self._security_group.id,
|
||||
]
|
||||
@ -258,10 +260,12 @@ class TestCreateSecurityGroupRuleNetwork(TestSecurityGroupRuleNetwork):
|
||||
|
||||
def test_create_remote_group(self):
|
||||
self._setup_security_group_rule({
|
||||
'protocol': 'tcp',
|
||||
'port_range_max': 22,
|
||||
'port_range_min': 22,
|
||||
})
|
||||
arglist = [
|
||||
'--protocol', 'tcp',
|
||||
'--dst-port', str(self._security_group_rule.port_range_min),
|
||||
'--ingress',
|
||||
'--remote-group', self._security_group.name,
|
||||
|
17
releasenotes/notes/bug-1716789-abfae897b7e61246.yaml
Normal file
17
releasenotes/notes/bug-1716789-abfae897b7e61246.yaml
Normal file
@ -0,0 +1,17 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
Change to use ``any`` as the default ``--protocol`` option to
|
||||
``security group rule create`` command when using the Neutron v2 API.
|
||||
[Bug `1716789 <https://bugs.launchpad.net/bugs/1716789>`_]
|
||||
fixes:
|
||||
- |
|
||||
The default protocol used to create a security rule was changed to
|
||||
``tcp``, which was a regression from the neutron client when using
|
||||
the Neutron v2 API. Change it back to ``any``, which skips sending
|
||||
the protocol to the API server entirely.
|
||||
upgrade:
|
||||
- |
|
||||
Users that had been creating rules without specifying a protocol
|
||||
and expecting ``tcp`` need to change to use ``--protocol tcp``
|
||||
explicitly when using the Neutron v2 API.
|
Loading…
x
Reference in New Issue
Block a user