Merge "Add missing egress sec group for all tcp/udp/icmp"
This commit is contained in:
Jenkins
Gerrit Code Review
commit
87af06a123
@ -333,13 +333,15 @@ class AddRule(forms.SelfHandlingForm):
|
||||
cleaned_data['ip_protocol'] = self.rules[rule_menu]['ip_protocol']
|
||||
cleaned_data['from_port'] = int(self.rules[rule_menu]['from_port'])
|
||||
cleaned_data['to_port'] = int(self.rules[rule_menu]['to_port'])
|
||||
cleaned_data['direction'] = self.rules[rule_menu].get('direction')
|
||||
if rule_menu not in ['all_tcp', 'all_udp', 'all_icmp']:
|
||||
direction = self.rules[rule_menu].get('direction')
|
||||
cleaned_data['direction'] = direction
|
||||
|
||||
# NOTE(amotoki): There are two cases where cleaned_data['direction']
|
||||
# is empty: (1) Nova Security Group is used. Since "direction" is
|
||||
# HiddenInput, direction field exists but its value is ''.
|
||||
# (2) Template is used. In this case, the default value is None.
|
||||
# To make sure 'direction' field has 'ingress' or 'egress',
|
||||
# (2) Template except all_* is used. In this case, the default value
|
||||
# is None. To make sure 'direction' field has 'ingress' or 'egress',
|
||||
# fill this field here if it is not specified.
|
||||
if not cleaned_data['direction']:
|
||||
cleaned_data['direction'] = 'ingress'
|
||||
|
||||
@ -736,6 +736,37 @@ class SecurityGroupsNeutronTests(SecurityGroupsViewTests):
|
||||
res = self.client.post(self.edit_url, formData)
|
||||
self.assertRedirectsNoFollow(res, self.detail_url)
|
||||
|
||||
@test.create_stubs({api.network: ('security_group_rule_create',
|
||||
'security_group_list',
|
||||
'security_group_backend')})
|
||||
def test_detail_add_rule_egress_with_all_tcp(self):
|
||||
sec_group = self.security_groups.first()
|
||||
sec_group_list = self.security_groups.list()
|
||||
rule = self.security_group_rules.list()[3]
|
||||
|
||||
api.network.security_group_backend(
|
||||
IsA(http.HttpRequest)).AndReturn(self.secgroup_backend)
|
||||
api.network.security_group_rule_create(IsA(http.HttpRequest),
|
||||
sec_group.id, 'egress', 'IPv4',
|
||||
rule.ip_protocol,
|
||||
int(rule.from_port),
|
||||
int(rule.to_port),
|
||||
rule.ip_range['cidr'],
|
||||
None).AndReturn(rule)
|
||||
api.network.security_group_list(
|
||||
IsA(http.HttpRequest)).AndReturn(sec_group_list)
|
||||
self.mox.ReplayAll()
|
||||
|
||||
formData = {'method': 'AddRule',
|
||||
'id': sec_group.id,
|
||||
'direction': 'egress',
|
||||
'port_or_range': 'range',
|
||||
'rule_menu': 'all_tcp',
|
||||
'cidr': rule.ip_range['cidr'],
|
||||
'remote': 'cidr'}
|
||||
res = self.client.post(self.edit_url, formData)
|
||||
self.assertRedirectsNoFollow(res, self.detail_url)
|
||||
|
||||
@test.create_stubs({api.network: ('security_group_rule_create',
|
||||
'security_group_list',
|
||||
'security_group_backend')})
|
||||
|
||||
@ -363,6 +363,8 @@ LOGGING = {
|
||||
}
|
||||
}
|
||||
|
||||
# 'direction' should not be specified for all_tcp/udp/icmp.
|
||||
# It is specified in the form.
|
||||
SECURITY_GROUP_RULES = {
|
||||
'all_tcp': {
|
||||
'name': 'ALL TCP',
|
||||
|
||||
@ -392,10 +392,18 @@ def data(TEST):
|
||||
'remote_ip_prefix': None,
|
||||
'security_group_id': secgroup['id'],
|
||||
'tenant_id': secgroup['tenant_id']}
|
||||
rule_all_tcp = {
|
||||
'id': str(uuid.uuid4()),
|
||||
'direction': u'egress', 'ethertype': u'IPv4',
|
||||
'port_range_min': 1, 'port_range_max': 65535,
|
||||
'protocol': u'tcp', 'remote_group_id': None,
|
||||
'remote_ip_prefix': u'0.0.0.0/24',
|
||||
'security_group_id': secgroup['id'],
|
||||
'tenant_id': secgroup['tenant_id']}
|
||||
|
||||
rules = []
|
||||
if not default_only:
|
||||
rules += [rule_tcp_80, rule_icmp, rule_group]
|
||||
rules += [rule_tcp_80, rule_icmp, rule_group, rule_all_tcp]
|
||||
rules += [rule_egress_ipv4, rule_egress_ipv6]
|
||||
secgroup['security_group_rules'] = rules
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user