Change default security group protocol to 'any'

The default protocol used to create a security rule was changed to ``tcp``, which was a regression from the neutron client. Change it back to ``any``, which skips sending the protocol to the API server entirely when using the Neutron v2 API. Users that had been creating rules without specifying a protocol and expecting ``tcp`` need to change to use ``--protocol tcp`` explicitly. Change-Id: Iedaa027240e00dced551513d8fa828564386b79f Closes-bug: #1716789
author: Brian Haley <bhaley@redhat.com> 2017-11-10 10:58:58 -0500
committer: Brian Haley <bhaley@redhat.com> 2019-05-06 10:55:13 -0400
commit: 33a255612c661f174d2cb5d4ca93f8d7096e9290 (patch)
tree: ad4c8a1d71b312f290ad6089f3f11cf637f75dfd /openstackclient
parent: a71cb02ce94c83a692faec5ec46ded0793b0bd5e (diff)
download: python-openstackclient-33a255612c661f174d2cb5d4ca93f8d7096e9290.tar.gz
3 files changed, 11 insertions, 7 deletions
diff --git a/openstackclient/network/v2/security_group_rule.py b/openstackclient/network/v2/security_group_rule.py
index 961125a9..c93b3af4 100644
--- a/openstackclient/network/v2/security_group_rule.py
+++ b/openstackclient/network/v2/security_group_rule.py
@@ -168,7 +168,7 @@ class CreateSecurityGroupRule(common.NetworkAndComputeShowOne):
                    "ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, "
                    "ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, "
                    "udp, udplite, vrrp and integer representations [0-255] "
-                   "or any; default: tcp)")
+                   "or any; default: any (all protocols))")
         )
         protocol_group.add_argument(
             '--proto',
@@ -233,8 +233,8 @@ class CreateSecurityGroupRule(common.NetworkAndComputeShowOne):
         )
         return parser
 
-    def _get_protocol(self, parsed_args):
-        protocol = 'tcp'
+    def _get_protocol(self, parsed_args, default_protocol='any'):
+        protocol = default_protocol
         if parsed_args.protocol is not None:
             protocol = parsed_args.protocol
         if parsed_args.proto is not None:
@@ -355,7 +355,7 @@ class CreateSecurityGroupRule(common.NetworkAndComputeShowOne):
 
     def take_action_compute(self, client, parsed_args):
         group = client.api.security_group_find(parsed_args.group)
-        protocol = self._get_protocol(parsed_args)
+        protocol = self._get_protocol(parsed_args, default_protocol='tcp')
         if protocol == 'icmp':
             from_port, to_port = -1, -1
         else:
@@ -462,8 +462,8 @@ class ListSecurityGroupRule(common.NetworkAndComputeLister):
                    "ah, dhcp, egp, esp, gre, icmp, igmp, "
                    "ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, "
                    "ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, "
-                   "udp, udplite, vrrp and integer representations [0-255])."
-                   )
+                   "udp, udplite, vrrp and integer representations [0-255] "
+                   "or any; default: any (all protocols))")
         )
         direction_group = parser.add_mutually_exclusive_group()
         direction_group.add_argument(
diff --git a/openstackclient/tests/unit/network/v2/fakes.py b/openstackclient/tests/unit/network/v2/fakes.py
index 100ea2b1..e41621a4 100644
--- a/openstackclient/tests/unit/network/v2/fakes.py
+++ b/openstackclient/tests/unit/network/v2/fakes.py
@@ -1305,7 +1305,7 @@ class FakeSecurityGroupRule(object):
             'id': 'security-group-rule-id-' + uuid.uuid4().hex,
             'port_range_max': None,
             'port_range_min': None,
-            'protocol': 'tcp',
+            'protocol': None,
             'remote_group_id': None,
             'remote_ip_prefix': '0.0.0.0/0',
             'security_group_id': 'security-group-id-' + uuid.uuid4().hex,
diff --git a/openstackclient/tests/unit/network/v2/test_security_group_rule_network.py b/openstackclient/tests/unit/network/v2/test_security_group_rule_network.py
index b070ab6a..06849112 100644
--- a/openstackclient/tests/unit/network/v2/test_security_group_rule_network.py
+++ b/openstackclient/tests/unit/network/v2/test_security_group_rule_network.py
@@ -177,10 +177,12 @@ class TestCreateSecurityGroupRuleNetwork(TestSecurityGroupRuleNetwork):
 
     def test_create_default_rule(self):
         self._setup_security_group_rule({
+            'protocol': 'tcp',
             'port_range_max': 443,
             'port_range_min': 443,
         })
         arglist = [
+            '--protocol', 'tcp',
             '--dst-port', str(self._security_group_rule.port_range_min),
             self._security_group.id,
         ]
@@ -267,11 +269,13 @@ class TestCreateSecurityGroupRuleNetwork(TestSecurityGroupRuleNetwork):
 
     def test_create_remote_group(self):
         self._setup_security_group_rule({
+            'protocol': 'tcp',
             'port_range_max': 22,
             'port_range_min': 22,
             'remote_group_id': self._security_group.id,
         })
         arglist = [
+            '--protocol', 'tcp',
             '--dst-port', str(self._security_group_rule.port_range_min),
             '--ingress',
             '--src-group', self._security_group.name,
author	Brian Haley <bhaley@redhat.com>	2017-11-10 10:58:58 -0500
committer	Brian Haley <bhaley@redhat.com>	2019-05-06 10:55:13 -0400
commit	33a255612c661f174d2cb5d4ca93f8d7096e9290 (patch)
tree	ad4c8a1d71b312f290ad6089f3f11cf637f75dfd /openstackclient
parent	a71cb02ce94c83a692faec5ec46ded0793b0bd5e (diff)
download	python-openstackclient-33a255612c661f174d2cb5d4ca93f8d7096e9290.tar.gz