openstack/neutron-lbaas
Code Issues Proposed changes

Merge "Security Group rule validation for ICMP rules"

Browse Source
This commit is contained in:
Jenkins 2014-04-16 09:04:40 +00:00 committed by Gerrit Code Review
commit f89d3fec9b
3 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
neutron/db/securitygroups_db.py
View File

@ -312,6 +312,10 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
if rule[attr] > 255: if rule[attr] > 255:
raise ext_sg.SecurityGroupInvalidIcmpValue( raise ext_sg.SecurityGroupInvalidIcmpValue(
field=field, attr=attr, value=rule[attr]) field=field, attr=attr, value=rule[attr])
if (rule['port_range_min'] is None and
rule['port_range_max']):
raise ext_sg.SecurityGroupMissingIcmpType(
value=rule['port_range_max'])
def _validate_security_group_rules(self, context, security_group_rule): def _validate_security_group_rules(self, context, security_group_rule):
"""Check that rules being installed. """Check that rules being installed.

5
neutron/extensions/securitygroup.py
View File

@ -44,6 +44,11 @@ class SecurityGroupInvalidIcmpValue(qexception.InvalidInput):
"%(value)s. It must be 0 to 255.") "%(value)s. It must be 0 to 255.")
class SecurityGroupMissingIcmpType(qexception.InvalidInput):
message = _("ICMP code (port-range-max) %(value)s is provided"
" but ICMP type (port-range-min) is missing.")
class SecurityGroupInUse(qexception.InUse): class SecurityGroupInUse(qexception.InUse):
message = _("Security Group %(id)s in use.") message = _("Security Group %(id)s in use.")

13
neutron/tests/unit/test_extension_security_group.py
View File

@ -893,6 +893,19 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
self.deserialize(self.fmt, res) self.deserialize(self.fmt, res)
self.assertEqual(res.status_int, webob.exc.HTTPBadRequest.code) self.assertEqual(res.status_int, webob.exc.HTTPBadRequest.code)
def test_create_security_group_rule_icmp_with_code_only(self):
name = 'webservers'
description = 'my webservers'
with self.security_group(name, description) as sg:
security_group_id = sg['security_group']['id']
with self.security_group_rule(security_group_id):
rule = self._build_security_group_rule(
sg['security_group']['id'], 'ingress',
const.PROTO_NAME_ICMP, None, '2')
res = self._create_security_group_rule(self.fmt, rule)
self.deserialize(self.fmt, res)
self.assertEqual(res.status_int, webob.exc.HTTPBadRequest.code)
def test_list_ports_security_group(self): def test_list_ports_security_group(self):
with self.network() as n: with self.network() as n:
with self.subnet(n): with self.subnet(n):