diff --git a/neutronclient/neutron/v2_0/fw/firewallrule.py b/neutronclient/neutron/v2_0/fw/firewallrule.py index aa7410ba9..945812234 100644 --- a/neutronclient/neutron/v2_0/fw/firewallrule.py +++ b/neutronclient/neutron/v2_0/fw/firewallrule.py @@ -34,7 +34,7 @@ class ListFirewallRule(neutronv20.ListCommand): def extend_list(self, data, parsed_args): for d in data: val = [] - if 'protocol' in d: + if d.get('protocol'): protocol = d['protocol'].upper() else: protocol = 'no-protocol' @@ -102,7 +102,7 @@ class CreateFirewallRule(neutronv20.CreateCommand): action='store_false', help='to disable this rule') parser.add_argument( - '--protocol', choices=['tcp', 'udp', 'icmp'], + '--protocol', choices=['tcp', 'udp', 'icmp', 'any'], required=True, help='protocol for the firewall rule') parser.add_argument( @@ -120,6 +120,10 @@ class CreateFirewallRule(neutronv20.CreateCommand): 'source_ip_address', 'destination_ip_address', 'source_port', 'destination_port', 'action', 'enabled', 'tenant_id']) + protocol = parsed_args.protocol + if protocol == 'any': + protocol = None + body[self.resource]['protocol'] = protocol return body @@ -129,6 +133,23 @@ class UpdateFirewallRule(neutronv20.UpdateCommand): resource = 'firewall_rule' log = logging.getLogger(__name__ + '.UpdateFirewallRule') + def add_known_arguments(self, parser): + parser.add_argument( + '--protocol', choices=['tcp', 'udp', 'icmp', 'any'], + required=False, + help='protocol for the firewall rule') + + def args2body(self, parsed_args): + body = { + self.resource: {}, + } + protocol = parsed_args.protocol + if protocol: + if protocol == 'any': + protocol = None + body[self.resource]['protocol'] = protocol + return body + class DeleteFirewallRule(neutronv20.DeleteCommand): """Delete a given firewall rule.""" diff --git a/neutronclient/tests/unit/fw/test_cli20_firewallrule.py b/neutronclient/tests/unit/fw/test_cli20_firewallrule.py index e8b3ce61c..2c9ded973 100644 --- a/neutronclient/tests/unit/fw/test_cli20_firewallrule.py +++ b/neutronclient/tests/unit/fw/test_cli20_firewallrule.py @@ -47,14 +47,13 @@ class CLITestV20FirewallRuleJSON(test_cli20.CLITestV20Base): protocol=protocol, action=action, enabled=True, tenant_id=tenant_id) - def test_create_firewall_rule_with_all_params(self): + def _setup_create_firewall_rule_with_all_params(self, protocol='tcp'): """firewall-rule-create with all params set.""" resource = 'firewall_rule' cmd = firewallrule.CreateFirewallRule(test_cli20.MyApp(sys.stdout), None) name = 'my-name' description = 'my-desc' - protocol = 'tcp' source_ip = '192.168.1.0/24' destination_ip = '192.168.2.0/24' source_port = '0:65535' @@ -75,6 +74,8 @@ class CLITestV20FirewallRuleJSON(test_cli20.CLITestV20Base): '--tenant-id', tenant_id] position_names = [] position_values = [] + if protocol == 'any': + protocol = None self._test_create_resource(resource, cmd, name, my_id, args, position_names, position_values, description=description, shared=True, @@ -86,6 +87,12 @@ class CLITestV20FirewallRuleJSON(test_cli20.CLITestV20Base): action=action, enabled=True, tenant_id=tenant_id) + def test_create_firewall_rule_with_all_params(self): + self._setup_create_firewall_rule_with_all_params() + + def test_create_firewall_rule_with_proto_any(self): + self._setup_create_firewall_rule_with_all_params(protocol='any') + def test_list_firewall_rules(self): """firewall-rule-list.""" resources = "firewall_rules" @@ -144,6 +151,15 @@ class CLITestV20FirewallRuleJSON(test_cli20.CLITestV20Base): ['myid', '--name', 'newname'], {'name': 'newname', }) + def test_update_firewall_rule_protocol(self): + """firewall-rule-update myid --protocol any.""" + resource = 'firewall_rule' + cmd = firewallrule.UpdateFirewallRule(test_cli20.MyApp(sys.stdout), + None) + self._test_update_resource(resource, cmd, 'myid', + ['myid', '--protocol', 'any'], + {'protocol': None, }) + def test_delete_firewall_rule(self): """firewall-rule-delete my-id.""" resource = 'firewall_rule'