Skip to content

Commit 33a2556

Browse files
author
Brian Haley
committed
Change default security group protocol to 'any'
The default protocol used to create a security rule was changed to ``tcp``, which was a regression from the neutron client. Change it back to ``any``, which skips sending the protocol to the API server entirely when using the Neutron v2 API. Users that had been creating rules without specifying a protocol and expecting ``tcp`` need to change to use ``--protocol tcp`` explicitly. Change-Id: Iedaa027240e00dced551513d8fa828564386b79f Closes-bug: #1716789
1 parent a71cb02 commit 33a2556

5 files changed

Lines changed: 31 additions & 10 deletions

File tree

doc/source/cli/command-objects/security-group-rule.rst

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -61,8 +61,8 @@ Create a new security group rule
6161
IP protocol (ah, dccp, egp, esp, gre, icmp, igmp,
6262
ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt,
6363
ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp,
64-
udp, udplite, vrrp and integer representations [0-255];
65-
default: tcp)
64+
udp, udplite, vrrp and integer representations [0-255]
65+
or any; default: any (all protocols))
6666
6767
*Network version 2*
6868
@@ -157,7 +157,7 @@ List security group rules
157157
List rules by the IP protocol (ah, dhcp, egp, esp, gre, icmp, igmp,
158158
ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt,ipv6-opts, ipv6-route,
159159
ospf, pgm, rsvp, sctp, tcp, udp, udplite, vrrp and integer
160-
representations [0-255])
160+
representations [0-255] or any; default: any (all protocols))
161161
162162
*Network version 2*
163163

openstackclient/network/v2/security_group_rule.py

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -168,7 +168,7 @@ def update_parser_network(self, parser):
168168
"ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, "
169169
"ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, "
170170
"udp, udplite, vrrp and integer representations [0-255] "
171-
"or any; default: tcp)")
171+
"or any; default: any (all protocols))")
172172
)
173173
protocol_group.add_argument(
174174
'--proto',
@@ -233,8 +233,8 @@ def update_parser_compute(self, parser):
233233
)
234234
return parser
235235

236-
def _get_protocol(self, parsed_args):
237-
protocol = 'tcp'
236+
def _get_protocol(self, parsed_args, default_protocol='any'):
237+
protocol = default_protocol
238238
if parsed_args.protocol is not None:
239239
protocol = parsed_args.protocol
240240
if parsed_args.proto is not None:
@@ -355,7 +355,7 @@ def take_action_network(self, client, parsed_args):
355355

356356
def take_action_compute(self, client, parsed_args):
357357
group = client.api.security_group_find(parsed_args.group)
358-
protocol = self._get_protocol(parsed_args)
358+
protocol = self._get_protocol(parsed_args, default_protocol='tcp')
359359
if protocol == 'icmp':
360360
from_port, to_port = -1, -1
361361
else:
@@ -462,8 +462,8 @@ def update_parser_network(self, parser):
462462
"ah, dhcp, egp, esp, gre, icmp, igmp, "
463463
"ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, "
464464
"ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, "
465-
"udp, udplite, vrrp and integer representations [0-255])."
466-
)
465+
"udp, udplite, vrrp and integer representations [0-255] "
466+
"or any; default: any (all protocols))")
467467
)
468468
direction_group = parser.add_mutually_exclusive_group()
469469
direction_group.add_argument(

openstackclient/tests/unit/network/v2/fakes.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1305,7 +1305,7 @@ def create_one_security_group_rule(attrs=None):
13051305
'id': 'security-group-rule-id-' + uuid.uuid4().hex,
13061306
'port_range_max': None,
13071307
'port_range_min': None,
1308-
'protocol': 'tcp',
1308+
'protocol': None,
13091309
'remote_group_id': None,
13101310
'remote_ip_prefix': '0.0.0.0/0',
13111311
'security_group_id': 'security-group-id-' + uuid.uuid4().hex,

openstackclient/tests/unit/network/v2/test_security_group_rule_network.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -177,10 +177,12 @@ def test_create_all_port_range_options(self):
177177

178178
def test_create_default_rule(self):
179179
self._setup_security_group_rule({
180+
'protocol': 'tcp',
180181
'port_range_max': 443,
181182
'port_range_min': 443,
182183
})
183184
arglist = [
185+
'--protocol', 'tcp',
184186
'--dst-port', str(self._security_group_rule.port_range_min),
185187
self._security_group.id,
186188
]
@@ -267,11 +269,13 @@ def test_create_protocol_any(self):
267269

268270
def test_create_remote_group(self):
269271
self._setup_security_group_rule({
272+
'protocol': 'tcp',
270273
'port_range_max': 22,
271274
'port_range_min': 22,
272275
'remote_group_id': self._security_group.id,
273276
})
274277
arglist = [
278+
'--protocol', 'tcp',
275279
'--dst-port', str(self._security_group_rule.port_range_min),
276280
'--ingress',
277281
'--src-group', self._security_group.name,
Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
---
2+
features:
3+
- |
4+
Change to use ``any`` as the default ``--protocol`` option to
5+
``security group rule create`` command when using the Neutron v2 API.
6+
[Bug `1716789 <https://bugs.launchpad.net/bugs/1716789>`_]
7+
fixes:
8+
- |
9+
The default protocol used to create a security rule was changed to
10+
``tcp``, which was a regression from the neutron client when using
11+
the Neutron v2 API. Change it back to ``any``, which skips sending
12+
the protocol to the API server entirely.
13+
upgrade:
14+
- |
15+
Users that had been creating rules without specifying a protocol
16+
and expecting ``tcp`` need to change to use ``--protocol tcp``
17+
explicitly when using the Neutron v2 API.

0 commit comments

Comments
 (0)