Handle undefined protocol field in security group rules correctly
Prevent AttributeError when protocol field is None and skip processing of the rule instead. Closes-Bug: #2086768 Change-Id: I35e96fdd2c28a005811d6fdedb570ccc65e30e0a (cherry picked from commit 430854c1372885c6082393c5449fadf401578634)
This commit is contained in:
parent
5a039fcd9f
commit
efe3ee865e
@ -194,12 +194,13 @@ class AllowedAddressPairsDriver(neutron_base.BaseNeutronDriver):
|
|||||||
# Don't remove egress rules and don't confuse other protocols with
|
# Don't remove egress rules and don't confuse other protocols with
|
||||||
# None ports with the egress rules. VRRP uses protocol 51 and 112
|
# None ports with the egress rules. VRRP uses protocol 51 and 112
|
||||||
if (rule.get('direction') == 'egress' or
|
if (rule.get('direction') == 'egress' or
|
||||||
rule.get('protocol').upper() not in
|
rule.get('protocol') is None or
|
||||||
|
rule['protocol'].upper() not in
|
||||||
[constants.PROTOCOL_TCP, constants.PROTOCOL_UDP,
|
[constants.PROTOCOL_TCP, constants.PROTOCOL_UDP,
|
||||||
lib_consts.PROTOCOL_SCTP]):
|
lib_consts.PROTOCOL_SCTP]):
|
||||||
continue
|
continue
|
||||||
old_ports.append((rule.get('port_range_max'),
|
old_ports.append((rule.get('port_range_max'),
|
||||||
rule.get('protocol').lower(),
|
rule['protocol'].lower(),
|
||||||
rule.get('remote_ip_prefix')))
|
rule.get('remote_ip_prefix')))
|
||||||
|
|
||||||
add_ports = set(updated_ports) - set(old_ports)
|
add_ports = set(updated_ports) - set(old_ports)
|
||||||
|
@ -1071,7 +1071,8 @@ class TestAllowedAddressPairsDriver(base.TestCase):
|
|||||||
fake_rules = [
|
fake_rules = [
|
||||||
{'id': 'rule-80', 'port_range_max': 80, 'protocol': 'tcp',
|
{'id': 'rule-80', 'port_range_max': 80, 'protocol': 'tcp',
|
||||||
'remote_ip_prefix': '10.0.101.0/24'},
|
'remote_ip_prefix': '10.0.101.0/24'},
|
||||||
{'id': 'rule-22', 'port_range_max': 22, 'protocol': 'tcp'}
|
{'id': 'rule-22', 'port_range_max': 22, 'protocol': 'tcp'},
|
||||||
|
{'id': 'rule-None', 'port_range_max': 22},
|
||||||
]
|
]
|
||||||
list_rules = self.driver.network_proxy.security_group_rules
|
list_rules = self.driver.network_proxy.security_group_rules
|
||||||
list_rules.return_value = fake_rules
|
list_rules.return_value = fake_rules
|
||||||
|
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
Fixed potential AttributeError during listener update when security group
|
||||||
|
rule had no protocol defined (ie. it was null).
|
Loading…
x
Reference in New Issue
Block a user