From 77c35574e52a0653aa75ca26b1ec2ab38eaebff8 Mon Sep 17 00:00:00 2001 From: liyingjun Date: Fri, 22 Nov 2013 23:34:27 +0800 Subject: [PATCH] Add missing egress sec group for all tcp/udp/icmp When creating "Security Group Egress ALL TCP/UDP/ICMP", the direction is always Ingress, need to add egress in the situation. Fixes bug #1254040 Change-Id: I1a2bdc07d7ca4ecc12ebdb35a1f357de0d09c502 --- .../security_groups/forms.py | 8 +++-- .../security_groups/tests.py | 31 +++++++++++++++++++ .../local/local_settings.py.example | 2 ++ .../test/test_data/neutron_data.py | 10 +++++- 4 files changed, 47 insertions(+), 4 deletions(-) diff --git a/openstack_dashboard/dashboards/project/access_and_security/security_groups/forms.py b/openstack_dashboard/dashboards/project/access_and_security/security_groups/forms.py index 8201db49e0..7560d0bf44 100644 --- a/openstack_dashboard/dashboards/project/access_and_security/security_groups/forms.py +++ b/openstack_dashboard/dashboards/project/access_and_security/security_groups/forms.py @@ -333,13 +333,15 @@ class AddRule(forms.SelfHandlingForm): cleaned_data['ip_protocol'] = self.rules[rule_menu]['ip_protocol'] cleaned_data['from_port'] = int(self.rules[rule_menu]['from_port']) cleaned_data['to_port'] = int(self.rules[rule_menu]['to_port']) - cleaned_data['direction'] = self.rules[rule_menu].get('direction') + if rule_menu not in ['all_tcp', 'all_udp', 'all_icmp']: + direction = self.rules[rule_menu].get('direction') + cleaned_data['direction'] = direction # NOTE(amotoki): There are two cases where cleaned_data['direction'] # is empty: (1) Nova Security Group is used. Since "direction" is # HiddenInput, direction field exists but its value is ''. - # (2) Template is used. In this case, the default value is None. - # To make sure 'direction' field has 'ingress' or 'egress', + # (2) Template except all_* is used. In this case, the default value + # is None. To make sure 'direction' field has 'ingress' or 'egress', # fill this field here if it is not specified. if not cleaned_data['direction']: cleaned_data['direction'] = 'ingress' diff --git a/openstack_dashboard/dashboards/project/access_and_security/security_groups/tests.py b/openstack_dashboard/dashboards/project/access_and_security/security_groups/tests.py index a3fe94dd18..20b31ea5df 100644 --- a/openstack_dashboard/dashboards/project/access_and_security/security_groups/tests.py +++ b/openstack_dashboard/dashboards/project/access_and_security/security_groups/tests.py @@ -736,6 +736,37 @@ class SecurityGroupsNeutronTests(SecurityGroupsViewTests): res = self.client.post(self.edit_url, formData) self.assertRedirectsNoFollow(res, self.detail_url) + @test.create_stubs({api.network: ('security_group_rule_create', + 'security_group_list', + 'security_group_backend')}) + def test_detail_add_rule_egress_with_all_tcp(self): + sec_group = self.security_groups.first() + sec_group_list = self.security_groups.list() + rule = self.security_group_rules.list()[3] + + api.network.security_group_backend( + IsA(http.HttpRequest)).AndReturn(self.secgroup_backend) + api.network.security_group_rule_create(IsA(http.HttpRequest), + sec_group.id, 'egress', 'IPv4', + rule.ip_protocol, + int(rule.from_port), + int(rule.to_port), + rule.ip_range['cidr'], + None).AndReturn(rule) + api.network.security_group_list( + IsA(http.HttpRequest)).AndReturn(sec_group_list) + self.mox.ReplayAll() + + formData = {'method': 'AddRule', + 'id': sec_group.id, + 'direction': 'egress', + 'port_or_range': 'range', + 'rule_menu': 'all_tcp', + 'cidr': rule.ip_range['cidr'], + 'remote': 'cidr'} + res = self.client.post(self.edit_url, formData) + self.assertRedirectsNoFollow(res, self.detail_url) + @test.create_stubs({api.network: ('security_group_rule_create', 'security_group_list', 'security_group_backend')}) diff --git a/openstack_dashboard/local/local_settings.py.example b/openstack_dashboard/local/local_settings.py.example index e6bcab3608..4b34a73bb9 100644 --- a/openstack_dashboard/local/local_settings.py.example +++ b/openstack_dashboard/local/local_settings.py.example @@ -360,6 +360,8 @@ LOGGING = { } } +# 'direction' should not be specified for all_tcp/udp/icmp. +# It is specified in the form. SECURITY_GROUP_RULES = { 'all_tcp': { 'name': 'ALL TCP', diff --git a/openstack_dashboard/test/test_data/neutron_data.py b/openstack_dashboard/test/test_data/neutron_data.py index 0ae55fb364..809bcb95f7 100644 --- a/openstack_dashboard/test/test_data/neutron_data.py +++ b/openstack_dashboard/test/test_data/neutron_data.py @@ -392,10 +392,18 @@ def data(TEST): 'remote_ip_prefix': None, 'security_group_id': secgroup['id'], 'tenant_id': secgroup['tenant_id']} + rule_all_tcp = { + 'id': str(uuid.uuid4()), + 'direction': u'egress', 'ethertype': u'IPv4', + 'port_range_min': 1, 'port_range_max': 65535, + 'protocol': u'tcp', 'remote_group_id': None, + 'remote_ip_prefix': u'0.0.0.0/24', + 'security_group_id': secgroup['id'], + 'tenant_id': secgroup['tenant_id']} rules = [] if not default_only: - rules += [rule_tcp_80, rule_icmp, rule_group] + rules += [rule_tcp_80, rule_icmp, rule_group, rule_all_tcp] rules += [rule_egress_ipv4, rule_egress_ipv6] secgroup['security_group_rules'] = rules