Allow creating security group rules for ICMP
At the moment, it's not possible to create a security group
rule with from port and to port set to -1. This is useful
only when creating ICMP rules to allow all ICMP traffic.
This patch allows setting both values to -1, only if the
protocol of the security group rule is ICMP.
Change-Id: I290005b31fd4afc246db28ffd899302fb85a67fb
(cherry picked from commit dad40312eb
)
This commit is contained in:
parent
22b107f54c
commit
3a344a71f9
@ -69,7 +69,7 @@ Puppet::Type.newtype(:nova_security_rule) do
|
||||
raise Puppet::Error, 'You should give the source port!'
|
||||
end
|
||||
validate do |value|
|
||||
if value !~ /\d+/ or value.to_i <= 0 or value.to_i >= 65536
|
||||
if value !~ /\d+/ or value.to_i <= -1 or value.to_i >= 65536
|
||||
raise Puppet::Error, 'Incorrect from port!'
|
||||
end
|
||||
end
|
||||
@ -80,7 +80,7 @@ Puppet::Type.newtype(:nova_security_rule) do
|
||||
raise Puppet::Error, 'You should give the destination port!'
|
||||
end
|
||||
validate do |value|
|
||||
if value !~ /\d+/ or value.to_i <= 0 or value.to_i >= 65536
|
||||
if value !~ /\d+/ or value.to_i <= -1 or value.to_i >= 65536
|
||||
raise Puppet::Error, 'Incorrect to port!'
|
||||
end
|
||||
end
|
||||
@ -132,6 +132,9 @@ Puppet::Type.newtype(:nova_security_rule) do
|
||||
unless self[:from_port].to_i <= self[:to_port].to_i
|
||||
raise Puppet::Error, 'From_port should be lesser or equal to to_port!'
|
||||
end
|
||||
if self[:ip_protocol] != 'icmp' and (self[:from_port].to_i <= 0 || self[:to_port].to_i <= 0)
|
||||
raise Puppet::Error, 'From_port and To_port should not be less than 0 unless IP protocol is ICMP'
|
||||
end
|
||||
end
|
||||
|
||||
autorequire(:nova_security_group) do
|
||||
|
@ -14,6 +14,15 @@ describe Puppet::Type.type(:nova_security_rule) do
|
||||
end
|
||||
end
|
||||
|
||||
it "should be able to create an instance with icmp" do
|
||||
expect(described_class.new(:name => 'scr0',
|
||||
:ip_protocol => 'icmp',
|
||||
:from_port => -1,
|
||||
:to_port => -1,
|
||||
:ip_range => "0.0.0.0/0",
|
||||
:security_group => "scg0")).not_to be_nil
|
||||
end
|
||||
|
||||
it "should be able to create an instance with ip range" do
|
||||
expect(described_class.new(:name => 'scr0',
|
||||
:ip_protocol => 'tcp',
|
||||
|
Loading…
Reference in New Issue
Block a user