Skip to content

Commit 3258b9e

Browse files
Zuulopenstack-gerrit
authored andcommitted
Merge "Change default security group protocol to 'any'"
2 parents 1a21f02 + 33a2556 commit 3258b9e

5 files changed

Lines changed: 31 additions & 10 deletions

File tree

doc/source/cli/command-objects/security-group-rule.rst

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -61,8 +61,8 @@ Create a new security group rule
6161
IP protocol (ah, dccp, egp, esp, gre, icmp, igmp,
6262
ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt,
6363
ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp,
64-
udp, udplite, vrrp and integer representations [0-255];
65-
default: tcp)
64+
udp, udplite, vrrp and integer representations [0-255]
65+
or any; default: any (all protocols))
6666
6767
*Network version 2*
6868
@@ -157,7 +157,7 @@ List security group rules
157157
List rules by the IP protocol (ah, dhcp, egp, esp, gre, icmp, igmp,
158158
ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt,ipv6-opts, ipv6-route,
159159
ospf, pgm, rsvp, sctp, tcp, udp, udplite, vrrp and integer
160-
representations [0-255])
160+
representations [0-255] or any; default: any (all protocols))
161161
162162
*Network version 2*
163163

openstackclient/network/v2/security_group_rule.py

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -155,7 +155,7 @@ def update_parser_network(self, parser):
155155
"ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, "
156156
"ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, "
157157
"udp, udplite, vrrp and integer representations [0-255] "
158-
"or any; default: tcp)")
158+
"or any; default: any (all protocols))")
159159
)
160160
protocol_group.add_argument(
161161
'--proto',
@@ -220,8 +220,8 @@ def update_parser_compute(self, parser):
220220
)
221221
return parser
222222

223-
def _get_protocol(self, parsed_args):
224-
protocol = 'tcp'
223+
def _get_protocol(self, parsed_args, default_protocol='any'):
224+
protocol = default_protocol
225225
if parsed_args.protocol is not None:
226226
protocol = parsed_args.protocol
227227
if parsed_args.proto is not None:
@@ -324,7 +324,7 @@ def take_action_network(self, client, parsed_args):
324324

325325
def take_action_compute(self, client, parsed_args):
326326
group = client.api.security_group_find(parsed_args.group)
327-
protocol = self._get_protocol(parsed_args)
327+
protocol = self._get_protocol(parsed_args, default_protocol='tcp')
328328
if protocol == 'icmp':
329329
from_port, to_port = -1, -1
330330
else:
@@ -415,8 +415,8 @@ def update_parser_network(self, parser):
415415
"ah, dhcp, egp, esp, gre, icmp, igmp, "
416416
"ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, "
417417
"ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, "
418-
"udp, udplite, vrrp and integer representations [0-255])."
419-
)
418+
"udp, udplite, vrrp and integer representations [0-255] "
419+
"or any; default: any (all protocols))")
420420
)
421421
direction_group = parser.add_mutually_exclusive_group()
422422
direction_group.add_argument(

openstackclient/tests/unit/network/v2/fakes.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1305,7 +1305,7 @@ def create_one_security_group_rule(attrs=None):
13051305
'id': 'security-group-rule-id-' + uuid.uuid4().hex,
13061306
'port_range_max': None,
13071307
'port_range_min': None,
1308-
'protocol': 'tcp',
1308+
'protocol': None,
13091309
'remote_group_id': None,
13101310
'remote_ip_prefix': '0.0.0.0/0',
13111311
'security_group_id': 'security-group-id-' + uuid.uuid4().hex,

openstackclient/tests/unit/network/v2/test_security_group_rule_network.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -168,10 +168,12 @@ def test_create_all_port_range_options(self):
168168

169169
def test_create_default_rule(self):
170170
self._setup_security_group_rule({
171+
'protocol': 'tcp',
171172
'port_range_max': 443,
172173
'port_range_min': 443,
173174
})
174175
arglist = [
176+
'--protocol', 'tcp',
175177
'--dst-port', str(self._security_group_rule.port_range_min),
176178
self._security_group.id,
177179
]
@@ -258,10 +260,12 @@ def test_create_protocol_any(self):
258260

259261
def test_create_remote_group(self):
260262
self._setup_security_group_rule({
263+
'protocol': 'tcp',
261264
'port_range_max': 22,
262265
'port_range_min': 22,
263266
})
264267
arglist = [
268+
'--protocol', 'tcp',
265269
'--dst-port', str(self._security_group_rule.port_range_min),
266270
'--ingress',
267271
'--remote-group', self._security_group.name,
Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
---
2+
features:
3+
- |
4+
Change to use ``any`` as the default ``--protocol`` option to
5+
``security group rule create`` command when using the Neutron v2 API.
6+
[Bug `1716789 <https://bugs.launchpad.net/bugs/1716789>`_]
7+
fixes:
8+
- |
9+
The default protocol used to create a security rule was changed to
10+
``tcp``, which was a regression from the neutron client when using
11+
the Neutron v2 API. Change it back to ``any``, which skips sending
12+
the protocol to the API server entirely.
13+
upgrade:
14+
- |
15+
Users that had been creating rules without specifying a protocol
16+
and expecting ``tcp`` need to change to use ``--protocol tcp``
17+
explicitly when using the Neutron v2 API.

0 commit comments

Comments
 (0)