openstack/puppet-nova
Code Issues Proposed changes

Allow creating security group rules for ICMP

Browse Source 
At the moment, it's not possible to create a security group
rule with from port and to port set to -1.  This is useful
only when creating ICMP rules to allow all ICMP traffic.

This patch allows setting both values to -1, only if the
protocol of the security group rule is ICMP.

Change-Id: I290005b31fd4afc246db28ffd899302fb85a67fb
This commit is contained in:
Mohammed Naser
2017-07-25 16:40:33 -04:00
parent 963ae622c5
commit dad40312eb
2 changed files with 14 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
lib/puppet/type/nova_security_rule.rb
View File

@@ -69,7 +69,7 @@ Puppet::Type.newtype(:nova_security_rule) do
raise Puppet::Error, 'You should give the source port!' raise Puppet::Error, 'You should give the source port!'
end end
validate do |value| validate do |value|
if value !~ /\d+/ or value.to_i <= 0 or value.to_i >= 65536 if value !~ /\d+/ or value.to_i <= -1 or value.to_i >= 65536
raise Puppet::Error, 'Incorrect from port!' raise Puppet::Error, 'Incorrect from port!'
end end
end end
@@ -80,7 +80,7 @@ Puppet::Type.newtype(:nova_security_rule) do
raise Puppet::Error, 'You should give the destination port!' raise Puppet::Error, 'You should give the destination port!'
end end
validate do |value| validate do |value|
if value !~ /\d+/ or value.to_i <= 0 or value.to_i >= 65536 if value !~ /\d+/ or value.to_i <= -1 or value.to_i >= 65536
raise Puppet::Error, 'Incorrect to port!' raise Puppet::Error, 'Incorrect to port!'
end end
end end
@@ -132,6 +132,9 @@ Puppet::Type.newtype(:nova_security_rule) do
unless self[:from_port].to_i <= self[:to_port].to_i unless self[:from_port].to_i <= self[:to_port].to_i
raise Puppet::Error, 'From_port should be lesser or equal to to_port!' raise Puppet::Error, 'From_port should be lesser or equal to to_port!'
end end
if self[:ip_protocol] != 'icmp' and (self[:from_port].to_i <= 0 || self[:to_port].to_i <= 0)
raise Puppet::Error, 'From_port and To_port should not be less than 0 unless IP protocol is ICMP'
end
end end
autorequire(:nova_security_group) do autorequire(:nova_security_group) do

9
spec/type/nova_security_rule_spec.rb
View File

@@ -14,6 +14,15 @@ describe Puppet::Type.type(:nova_security_rule) do
end end
end end
it "should be able to create an instance with icmp" do
expect(described_class.new(:name => 'scr0',
:ip_protocol => 'icmp',
:from_port => -1,
:to_port => -1,
:ip_range => "0.0.0.0/0",
:security_group => "scg0")).not_to be_nil
end
it "should be able to create an instance with ip range" do it "should be able to create an instance with ip range" do
expect(described_class.new(:name => 'scr0', expect(described_class.new(:name => 'scr0',
:ip_protocol => 'tcp', :ip_protocol => 'tcp',