Handle undefined protocol field in security group rules correctly

Prevent AttributeError when protocol field is None and skip
processing of the rule instead.

Closes-Bug: #2086768
Change-Id: I35e96fdd2c28a005811d6fdedb570ccc65e30e0a
(cherry picked from commit 430854c137)
This commit is contained in:
Tom Weininger 2024-11-06 11:44:04 +01:00
parent 5a039fcd9f
commit efe3ee865e
3 changed files with 10 additions and 3 deletions

View File

@ -194,12 +194,13 @@ class AllowedAddressPairsDriver(neutron_base.BaseNeutronDriver):
# Don't remove egress rules and don't confuse other protocols with # Don't remove egress rules and don't confuse other protocols with
# None ports with the egress rules. VRRP uses protocol 51 and 112 # None ports with the egress rules. VRRP uses protocol 51 and 112
if (rule.get('direction') == 'egress' or if (rule.get('direction') == 'egress' or
rule.get('protocol').upper() not in rule.get('protocol') is None or
rule['protocol'].upper() not in
[constants.PROTOCOL_TCP, constants.PROTOCOL_UDP, [constants.PROTOCOL_TCP, constants.PROTOCOL_UDP,
lib_consts.PROTOCOL_SCTP]): lib_consts.PROTOCOL_SCTP]):
continue continue
old_ports.append((rule.get('port_range_max'), old_ports.append((rule.get('port_range_max'),
rule.get('protocol').lower(), rule['protocol'].lower(),
rule.get('remote_ip_prefix'))) rule.get('remote_ip_prefix')))
add_ports = set(updated_ports) - set(old_ports) add_ports = set(updated_ports) - set(old_ports)

View File

@ -1071,7 +1071,8 @@ class TestAllowedAddressPairsDriver(base.TestCase):
fake_rules = [ fake_rules = [
{'id': 'rule-80', 'port_range_max': 80, 'protocol': 'tcp', {'id': 'rule-80', 'port_range_max': 80, 'protocol': 'tcp',
'remote_ip_prefix': '10.0.101.0/24'}, 'remote_ip_prefix': '10.0.101.0/24'},
{'id': 'rule-22', 'port_range_max': 22, 'protocol': 'tcp'} {'id': 'rule-22', 'port_range_max': 22, 'protocol': 'tcp'},
{'id': 'rule-None', 'port_range_max': 22},
] ]
list_rules = self.driver.network_proxy.security_group_rules list_rules = self.driver.network_proxy.security_group_rules
list_rules.return_value = fake_rules list_rules.return_value = fake_rules

View File

@ -0,0 +1,5 @@
---
fixes:
- |
Fixed potential AttributeError during listener update when security group
rule had no protocol defined (ie. it was null).