Verify security group parameters

Introduced various sanity checks before adding security group rule
into the database. The checks have been implemented both in EC2 and
openstack extension code.
Implemented the suggestions made in first patch by Brian
Fixed the unit tests in security groups
Fixed pep8 issues in security group unit tests

Fixes bug 869979.

Change-Id: I2ac28666e90e7bdeacb7b1c2676c0719cfb9e441

nova/tests/test_api.py

@@ -386,6 +386,50 @@ class ApiEc2TestCase(test.TestCase):
         group.connection = self.ec2
 
         group.authorize('tcp', 80, 81, '0.0.0.0/0')
+        group.authorize('icmp', -1, -1, '0.0.0.0/0')
+        group.authorize('udp', 80, 81, '0.0.0.0/0')
+        # Invalid CIDR address
+        self.assertRaises(Exception,
+                          group.authorize, 'tcp', 80, 81, '0.0.0.0/0444')
+        # Missing ports
+        self.assertRaises(Exception,
+                          group.authorize, 'tcp', '0.0.0.0/0')
+        # from port cannot be greater than to port
+        self.assertRaises(Exception,
+                          group.authorize, 'tcp', 100, 1, '0.0.0.0/0')
+        # For tcp, negative values are not allowed
+        self.assertRaises(Exception,
+                          group.authorize, 'tcp', -1, 1, '0.0.0.0/0')
+        # For tcp, valid port range 1-65535
+        self.assertRaises(Exception,
+                          group.authorize, 'tcp', 1, 65599, '0.0.0.0/0')
+        # For icmp, only -1:-1 is allowed for type:code
+        self.assertRaises(Exception,
+                          group.authorize, 'icmp', -1, 0, '0.0.0.0/0')
+        # Non valid type:code
+        self.assertRaises(Exception,
+                          group.authorize, 'icmp', 0, 3, '0.0.0.0/0')
+        # Invalid Cidr for ICMP type
+        self.assertRaises(Exception,
+                          group.authorize, 'icmp', -1, -1, '0.0.444.0/4')
+        # Invalid protocol
+        self.assertRaises(Exception,
+                          group.authorize, 'xyz', 1, 14, '0.0.0.0/0')
+        # Invalid port
+        self.assertRaises(Exception,
+                          group.authorize, 'tcp', " ", "81", '0.0.0.0/0')
+        # Invalid icmp port
+        self.assertRaises(Exception,
+                          group.authorize, 'icmp', " ", "81", '0.0.0.0/0')
+        # Invalid CIDR Address
+        self.assertRaises(Exception,
+                          group.authorize, 'icmp', -1, -1, '0.0.0.0')
+        # Invalid CIDR Address
+        self.assertRaises(Exception,
+                          group.authorize, 'icmp', -1, -1, '0.0.0.0/')
+        # Invalid Cidr ports
+        self.assertRaises(Exception,
+                          group.authorize, 'icmp', 1, 256, '0.0.0.0/0')
 
         self.expect_http()
         self.mox.ReplayAll()
@@ -394,7 +438,7 @@ class ApiEc2TestCase(test.TestCase):
 
         group = [grp for grp in rv if grp.name == security_group_name][0]
 
-        self.assertEquals(len(group.rules), 1)
+        self.assertEquals(len(group.rules), 3)
         self.assertEquals(int(group.rules[0].from_port), 80)
         self.assertEquals(int(group.rules[0].to_port), 81)
         self.assertEquals(len(group.rules[0].grants), 1)
@@ -405,6 +449,8 @@ class ApiEc2TestCase(test.TestCase):
         group.connection = self.ec2
 
         group.revoke('tcp', 80, 81, '0.0.0.0/0')
+        group.revoke('icmp', -1, -1, '0.0.0.0/0')
+        group.revoke('udp', 80, 81, '0.0.0.0/0')
 
         self.expect_http()
         self.mox.ReplayAll()