Merge "Handle correctly protocol 'ANY' in firewall rule"
This commit is contained in:
commit
8a1c59ca4f
@ -73,11 +73,13 @@ class UpdateRule(forms.SelfHandlingForm):
|
||||
def __init__(self, request, *args, **kwargs):
|
||||
super(UpdateRule, self).__init__(request, *args, **kwargs)
|
||||
|
||||
protocol = kwargs['initial']['protocol'].upper()
|
||||
protocol = kwargs['initial']['protocol']
|
||||
protocol = protocol.upper() if protocol else 'ANY'
|
||||
action = kwargs['initial']['action'].upper()
|
||||
|
||||
protocol_choices = [(protocol, protocol)]
|
||||
for tup in [('TCP', _('TCP')), ('UDP', _('UDP')), ('ICMP', _('ICMP'))]:
|
||||
for tup in [('TCP', _('TCP')), ('UDP', _('UDP')), ('ICMP', _('ICMP')),
|
||||
('ANY', _('ANY'))]:
|
||||
if tup[0] != protocol:
|
||||
protocol_choices.append(tup)
|
||||
self.fields['protocol'].choices = protocol_choices
|
||||
@ -91,6 +93,8 @@ class UpdateRule(forms.SelfHandlingForm):
|
||||
def handle(self, request, context):
|
||||
rule_id = self.initial['rule_id']
|
||||
name_or_id = context.get('name') or rule_id
|
||||
if context['protocol'] == 'ANY':
|
||||
context['protocol'] = None
|
||||
for f in ['source_ip_address', 'destination_ip_address',
|
||||
'source_port', 'destination_port']:
|
||||
if not context[f]:
|
||||
|
@ -389,6 +389,73 @@ class FirewallTests(test.TestCase):
|
||||
self.assertNoFormErrors(res)
|
||||
self.assertRedirectsNoFollow(res, str(self.INDEX_URL))
|
||||
|
||||
@test.create_stubs({api.fwaas: ('rule_get', 'rule_update')})
|
||||
def test_update_protocol_any_rule_post(self):
|
||||
# protocol any means protocol == None in neutron context.
|
||||
rule = self.fw_rules.get(protocol=None)
|
||||
|
||||
api.fwaas.rule_get(IsA(http.HttpRequest), rule.id).AndReturn(rule)
|
||||
|
||||
data = {'name': 'new name',
|
||||
'description': 'new desc',
|
||||
'protocol': 'ICMP',
|
||||
'action': 'ALLOW',
|
||||
'shared': False,
|
||||
'enabled': True,
|
||||
'source_ip_address': rule.source_ip_address,
|
||||
'destination_ip_address': None,
|
||||
'source_port': None,
|
||||
'destination_port': rule.destination_port,
|
||||
}
|
||||
|
||||
api.fwaas.rule_update(IsA(http.HttpRequest), rule.id, **data)\
|
||||
.AndReturn(rule)
|
||||
|
||||
self.mox.ReplayAll()
|
||||
|
||||
form_data = data.copy()
|
||||
form_data['destination_ip_address'] = ''
|
||||
form_data['source_port'] = ''
|
||||
|
||||
res = self.client.post(
|
||||
reverse(self.UPDATERULE_PATH, args=(rule.id,)), form_data)
|
||||
|
||||
self.assertNoFormErrors(res)
|
||||
self.assertRedirectsNoFollow(res, str(self.INDEX_URL))
|
||||
|
||||
@test.create_stubs({api.fwaas: ('rule_get', 'rule_update')})
|
||||
def test_update_rule_protocol_to_ANY_post(self):
|
||||
rule = self.fw_rules.first()
|
||||
|
||||
api.fwaas.rule_get(IsA(http.HttpRequest), rule.id).AndReturn(rule)
|
||||
|
||||
data = {'name': 'new name',
|
||||
'description': 'new desc',
|
||||
'protocol': None,
|
||||
'action': 'ALLOW',
|
||||
'shared': False,
|
||||
'enabled': True,
|
||||
'source_ip_address': rule.source_ip_address,
|
||||
'destination_ip_address': None,
|
||||
'source_port': None,
|
||||
'destination_port': rule.destination_port,
|
||||
}
|
||||
api.fwaas.rule_update(IsA(http.HttpRequest), rule.id, **data)\
|
||||
.AndReturn(rule)
|
||||
|
||||
self.mox.ReplayAll()
|
||||
|
||||
form_data = data.copy()
|
||||
form_data['destination_ip_address'] = ''
|
||||
form_data['source_port'] = ''
|
||||
form_data['protocol'] = 'ANY'
|
||||
|
||||
res = self.client.post(
|
||||
reverse(self.UPDATERULE_PATH, args=(rule.id,)), form_data)
|
||||
|
||||
self.assertNoFormErrors(res)
|
||||
self.assertRedirectsNoFollow(res, str(self.INDEX_URL))
|
||||
|
||||
@test.create_stubs({api.fwaas: ('policy_get',)})
|
||||
def test_update_policy_get(self):
|
||||
policy = self.fw_policies.first()
|
||||
|
@ -879,7 +879,7 @@ def data(TEST):
|
||||
'tenant_id': '1',
|
||||
'name': 'rule3',
|
||||
'description': 'rule3 description',
|
||||
'protocol': 'icmp',
|
||||
'protocol': None,
|
||||
'action': 'allow',
|
||||
'source_ip_address': '1.2.3.0/24',
|
||||
'source_port': '80',
|
||||
|
Loading…
x
Reference in New Issue
Block a user