Handle undefined protocol field in security group rules correctly
Prevent AttributeError when protocol field is None and skip
processing of the rule instead.
Closes-Bug: #2086768
Change-Id: I35e96fdd2c28a005811d6fdedb570ccc65e30e0a
(cherry picked from commit 430854c137
)
This commit is contained in:
parent
5a039fcd9f
commit
efe3ee865e
@ -194,12 +194,13 @@ class AllowedAddressPairsDriver(neutron_base.BaseNeutronDriver):
|
||||
# Don't remove egress rules and don't confuse other protocols with
|
||||
# None ports with the egress rules. VRRP uses protocol 51 and 112
|
||||
if (rule.get('direction') == 'egress' or
|
||||
rule.get('protocol').upper() not in
|
||||
rule.get('protocol') is None or
|
||||
rule['protocol'].upper() not in
|
||||
[constants.PROTOCOL_TCP, constants.PROTOCOL_UDP,
|
||||
lib_consts.PROTOCOL_SCTP]):
|
||||
continue
|
||||
old_ports.append((rule.get('port_range_max'),
|
||||
rule.get('protocol').lower(),
|
||||
rule['protocol'].lower(),
|
||||
rule.get('remote_ip_prefix')))
|
||||
|
||||
add_ports = set(updated_ports) - set(old_ports)
|
||||
|
@ -1071,7 +1071,8 @@ class TestAllowedAddressPairsDriver(base.TestCase):
|
||||
fake_rules = [
|
||||
{'id': 'rule-80', 'port_range_max': 80, 'protocol': 'tcp',
|
||||
'remote_ip_prefix': '10.0.101.0/24'},
|
||||
{'id': 'rule-22', 'port_range_max': 22, 'protocol': 'tcp'}
|
||||
{'id': 'rule-22', 'port_range_max': 22, 'protocol': 'tcp'},
|
||||
{'id': 'rule-None', 'port_range_max': 22},
|
||||
]
|
||||
list_rules = self.driver.network_proxy.security_group_rules
|
||||
list_rules.return_value = fake_rules
|
||||
|
@ -0,0 +1,5 @@
|
||||
---
|
||||
fixes:
|
||||
- |
|
||||
Fixed potential AttributeError during listener update when security group
|
||||
rule had no protocol defined (ie. it was null).
|
Loading…
Reference in New Issue
Block a user