openstack/octavia
Code Issues Proposed changes

Handle undefined protocol field in security group rules correctly

Browse Source 
Prevent AttributeError when protocol field is None and skip
processing of the rule instead.

Closes-Bug: #2086768
Change-Id: I35e96fdd2c28a005811d6fdedb570ccc65e30e0a
This commit is contained in:
Tom Weininger 2024-11-06 11:44:04 +01:00
parent fd071d3391
commit 430854c137
3 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
octavia/network/drivers/neutron/allowed_address_pairs.py
View File

@ -194,12 +194,13 @@ class AllowedAddressPairsDriver(neutron_base.BaseNeutronDriver):
# Don't remove egress rules and don't confuse other protocols with
# None ports with the egress rules. VRRP uses protocol 51 and 112
if (rule.get('direction') == 'egress' or
rule.get('protocol').upper() not in
rule.get('protocol') is None or
rule['protocol'].upper() not in
[constants.PROTOCOL_TCP, constants.PROTOCOL_UDP,
lib_consts.PROTOCOL_SCTP]):
continue
old_ports.append((rule.get('port_range_max'),
rule.get('protocol').lower(),
rule['protocol'].lower(),
rule.get('remote_ip_prefix')))
add_ports = set(updated_ports) - set(old_ports)

3
octavia/tests/unit/network/drivers/neutron/test_allowed_address_pairs.py
View File

@ -1071,7 +1071,8 @@ class TestAllowedAddressPairsDriver(base.TestCase):
fake_rules = [
{'id': 'rule-80', 'port_range_max': 80, 'protocol': 'tcp',
'remote_ip_prefix': '10.0.101.0/24'},
{'id': 'rule-22', 'port_range_max': 22, 'protocol': 'tcp'}
{'id': 'rule-22', 'port_range_max': 22, 'protocol': 'tcp'},
{'id': 'rule-None', 'port_range_max': 22},
]
list_rules = self.driver.network_proxy.security_group_rules
list_rules.return_value = fake_rules

5
releasenotes/notes/fix-attributeerror-when-securitygroup-rule-has-protocol-none-9b7217c5477d01b6.yaml Normal file
View File

@ -0,0 +1,5 @@
---
fixes:
- |
Fixed potential AttributeError during listener update when security group
rule had no protocol defined (ie. it was null).