Allow UPPER case in protocol/action for FW Rule
Currently firewall rule create/update allows only lower case values for its protocol and action arguments. Limiting the protocol/action attribute to lower case is not very user friendly. This patch allows the user to provide protocol and action fields in UPPER/lower case. Change-Id: Ib8b278fc89f81d89d30f4e8dde9797e9149d3919 Co-Authored-By:Akihiro Motoki<motoki@da.jp.nec.com> Closes-Bug: #1508753
This commit is contained in:
reedip
@@ -103,18 +103,20 @@ class CreateFirewallRule(neutronv20.CreateCommand):
|
|||||||
help=_('Whether to enable or disable this rule.'))
|
help=_('Whether to enable or disable this rule.'))
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
'--protocol', choices=['tcp', 'udp', 'icmp', 'any'],
|
'--protocol', choices=['tcp', 'udp', 'icmp', 'any'],
|
||||||
|
type=utils.convert_to_lowercase,
|
||||||
required=True,
|
required=True,
|
||||||
help=_('Protocol for the firewall rule.'))
|
help=_('Protocol for the firewall rule.'))
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
'--action',
|
'--action',
|
||||||
required=True,
|
required=True,
|
||||||
|
type=utils.convert_to_lowercase,
|
||||||
choices=['allow', 'deny', 'reject'],
|
choices=['allow', 'deny', 'reject'],
|
||||||
help=_('Action for the firewall rule.'))
|
help=_('Action for the firewall rule.'))
|
||||||
|
|
||||||
def args2body(self, parsed_args):
|
def args2body(self, parsed_args):
|
||||||
body = {}
|
body = {}
|
||||||
neutronv20.update_dict(parsed_args, body,
|
neutronv20.update_dict(parsed_args, body,
|
||||||
['name', 'description', 'shared', 'protocol',
|
['name', 'description', 'shared',
|
||||||
'source_ip_address', 'destination_ip_address',
|
'source_ip_address', 'destination_ip_address',
|
||||||
'source_port', 'destination_port',
|
'source_port', 'destination_port',
|
||||||
'action', 'enabled', 'tenant_id',
|
'action', 'enabled', 'tenant_id',
|
||||||
@@ -135,7 +137,10 @@ class UpdateFirewallRule(neutronv20.UpdateCommand):
|
|||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
'--protocol', choices=['tcp', 'udp', 'icmp', 'any'],
|
'--protocol', choices=['tcp', 'udp', 'icmp', 'any'],
|
||||||
required=False,
|
required=False,
|
||||||
|
type=utils.convert_to_lowercase,
|
||||||
help=_('Protocol for the firewall rule.'))
|
help=_('Protocol for the firewall rule.'))
|
||||||
|
# TODO(reedip) : Need to add the option for action once
|
||||||
|
# action also comes into Update Firewall Rule
|
||||||
|
|
||||||
def args2body(self, parsed_args):
|
def args2body(self, parsed_args):
|
||||||
body = {}
|
body = {}
|
||||||
|
|||||||
@@ -58,8 +58,9 @@ class CLITestV20FirewallRuleJSON(test_cli20.CLITestV20Base):
|
|||||||
def test_create_disabled_firewall_rule_with_mandatory_params(self):
|
def test_create_disabled_firewall_rule_with_mandatory_params(self):
|
||||||
self._test_create_firewall_rule_with_mandatory_params(enabled='False')
|
self._test_create_firewall_rule_with_mandatory_params(enabled='False')
|
||||||
|
|
||||||
def _setup_create_firewall_rule_with_all_params(self, protocol='tcp',
|
def _setup_create_firewall_rule_with_all_params(
|
||||||
ip_version='4'):
|
self, protocol='tcp', protocol_cli=None,
|
||||||
|
action='allow', action_cli=None, ip_version='4'):
|
||||||
# firewall-rule-create with all params set.
|
# firewall-rule-create with all params set.
|
||||||
resource = 'firewall_rule'
|
resource = 'firewall_rule'
|
||||||
cmd = firewallrule.CreateFirewallRule(test_cli20.MyApp(sys.stdout),
|
cmd = firewallrule.CreateFirewallRule(test_cli20.MyApp(sys.stdout),
|
||||||
@@ -70,19 +71,18 @@ class CLITestV20FirewallRuleJSON(test_cli20.CLITestV20Base):
|
|||||||
destination_ip = '192.168.2.0/24'
|
destination_ip = '192.168.2.0/24'
|
||||||
source_port = '0:65535'
|
source_port = '0:65535'
|
||||||
destination_port = '0:65535'
|
destination_port = '0:65535'
|
||||||
action = 'allow'
|
|
||||||
tenant_id = 'my-tenant'
|
tenant_id = 'my-tenant'
|
||||||
my_id = 'myid'
|
my_id = 'myid'
|
||||||
enabled = 'True'
|
enabled = 'True'
|
||||||
args = ['--description', description,
|
args = ['--description', description,
|
||||||
'--shared',
|
'--shared',
|
||||||
'--protocol', protocol,
|
'--protocol', protocol_cli or protocol,
|
||||||
'--ip-version', ip_version,
|
'--ip-version', ip_version,
|
||||||
'--source-ip-address', source_ip,
|
'--source-ip-address', source_ip,
|
||||||
'--destination-ip-address', destination_ip,
|
'--destination-ip-address', destination_ip,
|
||||||
'--source-port', source_port,
|
'--source-port', source_port,
|
||||||
'--destination-port', destination_port,
|
'--destination-port', destination_port,
|
||||||
'--action', action,
|
'--action', action_cli or action,
|
||||||
'--enabled', enabled,
|
'--enabled', enabled,
|
||||||
'--admin-state-up',
|
'--admin-state-up',
|
||||||
'--tenant-id', tenant_id]
|
'--tenant-id', tenant_id]
|
||||||
@@ -126,6 +126,16 @@ class CLITestV20FirewallRuleJSON(test_cli20.CLITestV20Base):
|
|||||||
def test_create_firewall_rule_with_invalid_IP_version(self):
|
def test_create_firewall_rule_with_invalid_IP_version(self):
|
||||||
self._setup_create_firewall_rule_with_all_params(ip_version='5')
|
self._setup_create_firewall_rule_with_all_params(ip_version='5')
|
||||||
|
|
||||||
|
def test_create_firewall_rule_with_proto_action_upper_capitalized(self):
|
||||||
|
for protocol in ('TCP', 'Tcp', 'ANY', 'AnY'):
|
||||||
|
self._setup_create_firewall_rule_with_all_params(
|
||||||
|
protocol=protocol.lower(),
|
||||||
|
protocol_cli=protocol)
|
||||||
|
for action in ('Allow', 'DENY', 'reject'):
|
||||||
|
self._setup_create_firewall_rule_with_all_params(
|
||||||
|
action=action.lower(),
|
||||||
|
action_cli=action)
|
||||||
|
|
||||||
def test_list_firewall_rules(self):
|
def test_list_firewall_rules(self):
|
||||||
# firewall-rule-list.
|
# firewall-rule-list.
|
||||||
resources = "firewall_rules"
|
resources = "firewall_rules"
|
||||||
|
|||||||
Reference in New Issue
Block a user