From 3a344a71f9318a16568fce839e2bf91d0833c6bd Mon Sep 17 00:00:00 2001
From: Mohammed Naser <mnaser@vexxhost.com>
Date: Tue, 25 Jul 2017 16:40:33 -0400
Subject: [PATCH] Allow creating security group rules for ICMP

At the moment, it's not possible to create a security group
rule with from port and to port set to -1.  This is useful
only when creating ICMP rules to allow all ICMP traffic.

This patch allows setting both values to -1, only if the
protocol of the security group rule is ICMP.

Change-Id: I290005b31fd4afc246db28ffd899302fb85a67fb
(cherry picked from commit dad40312ebc12c3f79ef71fc0649342c102b59fa)
---
 lib/puppet/type/nova_security_rule.rb | 7 +++++--
 spec/type/nova_security_rule_spec.rb  | 9 +++++++++
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/lib/puppet/type/nova_security_rule.rb b/lib/puppet/type/nova_security_rule.rb
index 2752daef1..540f919aa 100644
--- a/lib/puppet/type/nova_security_rule.rb
+++ b/lib/puppet/type/nova_security_rule.rb
@@ -69,7 +69,7 @@ Puppet::Type.newtype(:nova_security_rule) do
       raise Puppet::Error, 'You should give the source port!'
     end
     validate do |value|
-      if value !~ /\d+/ or value.to_i <= 0 or value.to_i >= 65536
+      if value !~ /\d+/ or value.to_i <= -1 or value.to_i >= 65536
         raise Puppet::Error, 'Incorrect from port!'
       end
     end
@@ -80,7 +80,7 @@ Puppet::Type.newtype(:nova_security_rule) do
       raise Puppet::Error, 'You should give the destination port!'
     end
     validate do |value|
-      if value !~ /\d+/ or value.to_i <= 0 or value.to_i >= 65536
+      if value !~ /\d+/ or value.to_i <= -1 or value.to_i >= 65536
         raise Puppet::Error, 'Incorrect to port!'
       end
     end
@@ -132,6 +132,9 @@ Puppet::Type.newtype(:nova_security_rule) do
     unless self[:from_port].to_i <= self[:to_port].to_i
       raise Puppet::Error, 'From_port should be lesser or equal to to_port!'
     end
+    if self[:ip_protocol] != 'icmp' and (self[:from_port].to_i <= 0 || self[:to_port].to_i <= 0)
+      raise Puppet::Error, 'From_port and To_port should not be less than 0 unless IP protocol is ICMP'
+    end
   end
 
   autorequire(:nova_security_group) do
diff --git a/spec/type/nova_security_rule_spec.rb b/spec/type/nova_security_rule_spec.rb
index 8319b82f5..103280ae2 100644
--- a/spec/type/nova_security_rule_spec.rb
+++ b/spec/type/nova_security_rule_spec.rb
@@ -14,6 +14,15 @@ describe Puppet::Type.type(:nova_security_rule) do
     end
   end
 
+  it "should be able to create an instance with icmp" do
+    expect(described_class.new(:name => 'scr0',
+                               :ip_protocol => 'icmp',
+                               :from_port => -1,
+                               :to_port => -1,
+                               :ip_range => "0.0.0.0/0",
+                               :security_group => "scg0")).not_to be_nil
+  end
+
   it "should be able to create an instance with ip range" do
     expect(described_class.new(:name => 'scr0',
                                :ip_protocol => 'tcp',