From de53059c497f20c8bc3bba58e1a1af10c5001637 Mon Sep 17 00:00:00 2001 From: Soren Hansen Date: Mon, 11 Jun 2012 09:23:33 +0200 Subject: [PATCH] Only invoke .lower() on non-None protocols When using source group based security group rules (rather than CIDR based ones), it's permissible to not set a protocol and port. However, Nova would always try to convert the protocol to lower case, which would fail if the protocol wasn't set. Fixes bug 1010514 Change-Id: I9b1519a52ececd16a497acebfe022508cbe96126 --- .mailmap | 1 + nova/tests/test_libvirt.py | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/.mailmap b/.mailmap index 9e3badb6..5fcd106e 100644 --- a/.mailmap +++ b/.mailmap @@ -60,6 +60,7 @@ + diff --git a/nova/tests/test_libvirt.py b/nova/tests/test_libvirt.py index ef2374fc..937c4786 100644 --- a/nova/tests/test_libvirt.py +++ b/nova/tests/test_libvirt.py @@ -1871,6 +1871,10 @@ class IptablesFirewallTestCase(test.TestCase): 'to_port': 81, 'group_id': src_secgroup['id']}) + db.security_group_rule_create(admin_ctxt, + {'parent_group_id': secgroup['id'], + 'group_id': src_secgroup['id']}) + db.instance_add_security_group(admin_ctxt, instance_ref['uuid'], secgroup['id']) db.instance_add_security_group(admin_ctxt, src_instance_ref['uuid'], @@ -1951,6 +1955,9 @@ class IptablesFirewallTestCase(test.TestCase): '--dports 80:81 -s %s' % ip['address']) self.assertTrue(len(filter(regex.match, self.out_rules)) > 0, "TCP port 80/81 acceptance rule wasn't added") + regex = re.compile('-A .* -j ACCEPT -s %s' % ip['address']) + self.assertTrue(len(filter(regex.match, self.out_rules)) > 0, + "Protocol/port-less acceptance rule wasn't added") regex = re.compile('-A .* -j ACCEPT -p tcp ' '-m multiport --dports 80:81 -s 192.168.10.0/24')