Accept icmpv6 as protocol of SG rule for backward compatibility
The patch https://review.openstack.org/#/c/252155/ renamed 'icmpv6' protocol to 'ipv6-icmp'. This leads to backward compatiblity of the security group API. This commit allows to specify 'icmpv6' as well. TODO(amotoki): The constant for 'icmpv6' will be moved to neutron-lib soon after Mitaka is shipped. Change-Id: I0d7e1cd9fc075902449c5eb5ef27069083ab95d4 Closes-Bug: #1558774
This commit is contained in:
parent
b2c60153c2
commit
85d638af45
|
@ -76,6 +76,12 @@ PROTO_NAME_UDP = 'udp'
|
|||
PROTO_NAME_UDPLITE = 'udplite'
|
||||
PROTO_NAME_VRRP = 'vrrp'
|
||||
|
||||
# TODO(amotoki): It should be moved to neutron-lib.
|
||||
# For backward-compatibility of security group rule API,
|
||||
# we keep the old value for IPv6 ICMP.
|
||||
# It should be clean up in the future.
|
||||
PROTO_NAME_IPV6_ICMP_LEGACY = 'icmpv6'
|
||||
|
||||
PROTO_NUM_AH = 51
|
||||
PROTO_NUM_DCCP = 33
|
||||
PROTO_NUM_EGP = 8
|
||||
|
@ -120,6 +126,8 @@ IP_PROTOCOL_MAP = {PROTO_NAME_AH: PROTO_NUM_AH,
|
|||
PROTO_NAME_UDPLITE: PROTO_NUM_UDPLITE,
|
||||
PROTO_NAME_VRRP: PROTO_NUM_VRRP}
|
||||
|
||||
IP_PROTOCOL_NAME_ALIASES = {PROTO_NAME_IPV6_ICMP_LEGACY: PROTO_NAME_IPV6_ICMP}
|
||||
|
||||
VALID_DSCP_MARKS = [0, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34,
|
||||
36, 38, 40, 46, 48, 56]
|
||||
|
||||
|
|
|
@ -420,6 +420,8 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
|
|||
# problems with comparing int and string in PostgreSQL. Here this
|
||||
# string is converted to int to give an opportunity to use it as
|
||||
# before.
|
||||
if protocol in constants.IP_PROTOCOL_NAME_ALIASES:
|
||||
protocol = constants.IP_PROTOCOL_NAME_ALIASES[protocol]
|
||||
return int(constants.IP_PROTOCOL_MAP.get(protocol, protocol))
|
||||
|
||||
def _validate_port_range(self, rule):
|
||||
|
@ -455,6 +457,7 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
|
|||
if rule['protocol'] in [constants.PROTO_NAME_IPV6_ENCAP,
|
||||
constants.PROTO_NAME_IPV6_FRAG,
|
||||
constants.PROTO_NAME_IPV6_ICMP,
|
||||
constants.PROTO_NAME_IPV6_ICMP_LEGACY,
|
||||
constants.PROTO_NAME_IPV6_NONXT,
|
||||
constants.PROTO_NAME_IPV6_OPTS,
|
||||
constants.PROTO_NAME_IPV6_ROUTE]:
|
||||
|
|
|
@ -211,7 +211,12 @@ def _validate_name_not_default(data, valid_values=None):
|
|||
|
||||
attr.validators['type:name_not_default'] = _validate_name_not_default
|
||||
|
||||
sg_supported_protocols = [None] + list(const.IP_PROTOCOL_MAP.keys())
|
||||
# TODO(amotoki): const.IP_PROTOCOL_MAP now comes from neutron-lib,
|
||||
# so we cannot add PROTO_NAME_IPV6_ICMP_LEGACY to const.IP_PROTOCOL_MAP
|
||||
# in neutron.common.constants. IP_PROTOCOL_MAP in neutron-lib should
|
||||
# be updated and neutron should consume it once Mitaka backport is done.
|
||||
sg_supported_protocols = ([None] + list(const.IP_PROTOCOL_MAP.keys()) +
|
||||
list(const.IP_PROTOCOL_NAME_ALIASES.keys()))
|
||||
sg_supported_ethertypes = ['IPv4', 'IPv6']
|
||||
SECURITYGROUPS = 'security_groups'
|
||||
SECURITYGROUPRULES = 'security_group_rules'
|
||||
|
|
|
@ -106,6 +106,8 @@ class SecurityGroupDbMixinTestCase(testlib_api.SqlTestCase):
|
|||
def test_validate_ethertype_and_protocol(self):
|
||||
fake_ipv4_rules = [{'protocol': constants.PROTO_NAME_IPV6_ICMP,
|
||||
'ethertype': constants.IPv4},
|
||||
{'protocol': constants.PROTO_NAME_IPV6_ICMP_LEGACY,
|
||||
'ethertype': constants.IPv4},
|
||||
{'protocol': constants.PROTO_NAME_IPV6_ENCAP,
|
||||
'ethertype': constants.IPv4},
|
||||
{'protocol': constants.PROTO_NAME_IPV6_ROUTE,
|
||||
|
|
|
@ -834,6 +834,28 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
|
|||
for k, v, in keys:
|
||||
self.assertEqual(rule['security_group_rule'][k], v)
|
||||
|
||||
def test_create_security_group_rule_icmpv6_legacy_protocol_name(self):
|
||||
name = 'webservers'
|
||||
description = 'my webservers'
|
||||
with self.security_group(name, description) as sg:
|
||||
security_group_id = sg['security_group']['id']
|
||||
direction = "ingress"
|
||||
ethertype = const.IPv6
|
||||
remote_ip_prefix = "2001::f401:56ff:fefe:d3dc/128"
|
||||
protocol = const.PROTO_NAME_IPV6_ICMP_LEGACY
|
||||
keys = [('remote_ip_prefix', remote_ip_prefix),
|
||||
('security_group_id', security_group_id),
|
||||
('direction', direction),
|
||||
('ethertype', ethertype),
|
||||
('protocol', protocol)]
|
||||
with self.security_group_rule(security_group_id, direction,
|
||||
protocol, None, None,
|
||||
remote_ip_prefix,
|
||||
None, None,
|
||||
ethertype) as rule:
|
||||
for k, v, in keys:
|
||||
self.assertEqual(rule['security_group_rule'][k], v)
|
||||
|
||||
def test_create_security_group_source_group_ip_and_ip_prefix(self):
|
||||
security_group_id = "4cd70774-cc67-4a87-9b39-7d1db38eb087"
|
||||
direction = "ingress"
|
||||
|
|
Loading…
Reference in New Issue