From f208a893c880b6ef5209b4a13290451bb2328904 Mon Sep 17 00:00:00 2001
From: Rajesh Mohan <rajesh.mlists@gmail.com>
Date: Thu, 29 Aug 2013 17:57:44 -0700
Subject: [PATCH] Allow 'any' option for protocol in the firewall rule

Closes-Bug: #1217212

The current allowed values for
protocol are tcp, udp and icmp. Adding
'any' as allowed option. Since the
API expects 'None' value for 'any',
the 'create' and 'update' changes the
args to 'None' when 'any' is set.

Change-Id: I33cdf62244f2217379c40a8cd4c776382935ef17
---
 neutronclient/neutron/v2_0/fw/firewallrule.py | 25 +++++++++++++++++--
 .../tests/unit/fw/test_cli20_firewallrule.py  | 20 +++++++++++++--
 2 files changed, 41 insertions(+), 4 deletions(-)

diff --git a/neutronclient/neutron/v2_0/fw/firewallrule.py b/neutronclient/neutron/v2_0/fw/firewallrule.py
index aa7410ba9..945812234 100644
--- a/neutronclient/neutron/v2_0/fw/firewallrule.py
+++ b/neutronclient/neutron/v2_0/fw/firewallrule.py
@@ -34,7 +34,7 @@ class ListFirewallRule(neutronv20.ListCommand):
     def extend_list(self, data, parsed_args):
         for d in data:
             val = []
-            if 'protocol' in d:
+            if d.get('protocol'):
                 protocol = d['protocol'].upper()
             else:
                 protocol = 'no-protocol'
@@ -102,7 +102,7 @@ class CreateFirewallRule(neutronv20.CreateCommand):
             action='store_false',
             help='to disable this rule')
         parser.add_argument(
-            '--protocol', choices=['tcp', 'udp', 'icmp'],
+            '--protocol', choices=['tcp', 'udp', 'icmp', 'any'],
             required=True,
             help='protocol for the firewall rule')
         parser.add_argument(
@@ -120,6 +120,10 @@ class CreateFirewallRule(neutronv20.CreateCommand):
                                 'source_ip_address', 'destination_ip_address',
                                 'source_port', 'destination_port',
                                 'action', 'enabled', 'tenant_id'])
+        protocol = parsed_args.protocol
+        if protocol == 'any':
+            protocol = None
+        body[self.resource]['protocol'] = protocol
         return body
 
 
@@ -129,6 +133,23 @@ class UpdateFirewallRule(neutronv20.UpdateCommand):
     resource = 'firewall_rule'
     log = logging.getLogger(__name__ + '.UpdateFirewallRule')
 
+    def add_known_arguments(self, parser):
+        parser.add_argument(
+            '--protocol', choices=['tcp', 'udp', 'icmp', 'any'],
+            required=False,
+            help='protocol for the firewall rule')
+
+    def args2body(self, parsed_args):
+        body = {
+            self.resource: {},
+        }
+        protocol = parsed_args.protocol
+        if protocol:
+            if protocol == 'any':
+                protocol = None
+            body[self.resource]['protocol'] = protocol
+        return body
+
 
 class DeleteFirewallRule(neutronv20.DeleteCommand):
     """Delete a given firewall rule."""
diff --git a/neutronclient/tests/unit/fw/test_cli20_firewallrule.py b/neutronclient/tests/unit/fw/test_cli20_firewallrule.py
index e8b3ce61c..2c9ded973 100644
--- a/neutronclient/tests/unit/fw/test_cli20_firewallrule.py
+++ b/neutronclient/tests/unit/fw/test_cli20_firewallrule.py
@@ -47,14 +47,13 @@ class CLITestV20FirewallRuleJSON(test_cli20.CLITestV20Base):
                                    protocol=protocol, action=action,
                                    enabled=True, tenant_id=tenant_id)
 
-    def test_create_firewall_rule_with_all_params(self):
+    def _setup_create_firewall_rule_with_all_params(self, protocol='tcp'):
         """firewall-rule-create with all params set."""
         resource = 'firewall_rule'
         cmd = firewallrule.CreateFirewallRule(test_cli20.MyApp(sys.stdout),
                                               None)
         name = 'my-name'
         description = 'my-desc'
-        protocol = 'tcp'
         source_ip = '192.168.1.0/24'
         destination_ip = '192.168.2.0/24'
         source_port = '0:65535'
@@ -75,6 +74,8 @@ class CLITestV20FirewallRuleJSON(test_cli20.CLITestV20Base):
                 '--tenant-id', tenant_id]
         position_names = []
         position_values = []
+        if protocol == 'any':
+            protocol = None
         self._test_create_resource(resource, cmd, name, my_id, args,
                                    position_names, position_values,
                                    description=description, shared=True,
@@ -86,6 +87,12 @@ class CLITestV20FirewallRuleJSON(test_cli20.CLITestV20Base):
                                    action=action, enabled=True,
                                    tenant_id=tenant_id)
 
+    def test_create_firewall_rule_with_all_params(self):
+        self._setup_create_firewall_rule_with_all_params()
+
+    def test_create_firewall_rule_with_proto_any(self):
+        self._setup_create_firewall_rule_with_all_params(protocol='any')
+
     def test_list_firewall_rules(self):
         """firewall-rule-list."""
         resources = "firewall_rules"
@@ -144,6 +151,15 @@ class CLITestV20FirewallRuleJSON(test_cli20.CLITestV20Base):
                                    ['myid', '--name', 'newname'],
                                    {'name': 'newname', })
 
+    def test_update_firewall_rule_protocol(self):
+        """firewall-rule-update myid --protocol any."""
+        resource = 'firewall_rule'
+        cmd = firewallrule.UpdateFirewallRule(test_cli20.MyApp(sys.stdout),
+                                              None)
+        self._test_update_resource(resource, cmd, 'myid',
+                                   ['myid', '--protocol', 'any'],
+                                   {'protocol': None, })
+
     def test_delete_firewall_rule(self):
         """firewall-rule-delete my-id."""
         resource = 'firewall_rule'