Correct protocol allowed values for firewall rule

Change protocol allowed values from None to 'any' since neutron not allow the string 'None' protocol. Change-Id: I06cee893c9aa16c1131cb625ca23c96154de33b3 Closes-Bug: #1406197
openstack · Jan 13, 2015 · c99d363 · c99d363
1 parent 1d15697
commit c99d363
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 2 deletions.
diff --git a/heat/engine/resources/neutron/firewall.py b/heat/engine/resources/neutron/firewall.py
@@ -281,9 +281,10 @@ class FirewallRule(neutron.NeutronResource):
             properties.Schema.STRING,
             _('Protocol for the firewall rule.'),
             constraints=[
-                constraints.AllowedValues(['tcp', 'udp', 'icmp', None]),
+                constraints.AllowedValues(['tcp', 'udp', 'icmp', 'any']),
             ],
-            update_allowed=True
+            default='any',
+            update_allowed=True,
         ),
         IP_VERSION: properties.Schema(
             properties.Schema.STRING,
@@ -385,12 +386,16 @@ def handle_create(self):
         props = self.prepare_properties(
             self.properties,
             self.physical_resource_name())
+        if props.get(self.PROTOCOL) == 'any':
+            props[self.PROTOCOL] = None
         firewall_rule = self.neutron().create_firewall_rule(
             {'firewall_rule': props})['firewall_rule']
         self.resource_id_set(firewall_rule['id'])
 
     def handle_update(self, json_snippet, tmpl_diff, prop_diff):
         if prop_diff:
+            if prop_diff.get(self.PROTOCOL) == 'any':
+                prop_diff[self.PROTOCOL] = None
             self.neutron().update_firewall_rule(
                 self.resource_id, {'firewall_rule': prop_diff})
 

diff --git a/heat/tests/test_neutron_firewall.py b/heat/tests/test_neutron_firewall.py
@@ -371,6 +371,31 @@ def test_create(self):
         self.assertEqual((rsrc.CREATE, rsrc.COMPLETE), rsrc.state)
         self.m.VerifyAll()
 
+    def test_validate_failed_with_string_None_protocol(self):
+        snippet = template_format.parse(firewall_rule_template)
+        stack = utils.parse_stack(snippet)
+        rsrc = stack['firewall_rule']
+        rsrc.t['Properties']['protocol'] = 'None'
+        self.assertRaises(exception.StackValidationFailed, rsrc.validate)
+
+    def test_create_with_protocol_any(self):
+        neutronclient.Client.create_firewall_rule({
+            'firewall_rule': {
+                'name': 'test-firewall-rule', 'shared': True,
+                'action': 'allow', 'protocol': None, 'enabled': True,
+                'ip_version': "4"}}
+        ).AndReturn({'firewall_rule': {'id': '5678'}})
+        self.m.ReplayAll()
+
+        snippet = template_format.parse(firewall_rule_template)
+        stack = utils.parse_stack(snippet)
+        rsrc = stack['firewall_rule']
+        rsrc.t['Properties']['protocol'] = 'any'
+
+        scheduler.TaskRunner(rsrc.create)()
+        self.assertEqual((rsrc.CREATE, rsrc.COMPLETE), rsrc.state)
+        self.m.VerifyAll()
+
     def test_create_failed(self):
         neutronclient.Client.create_firewall_rule({
             'firewall_rule': {
@@ -466,3 +491,15 @@ def test_update(self):
         scheduler.TaskRunner(rsrc.update, update_template)()
 
         self.m.VerifyAll()
+
+    def test_update_protocol_to_any(self):
+        rsrc = self.create_firewall_rule()
+        neutronclient.Client.update_firewall_rule(
+            '5678', {'firewall_rule': {'protocol': None}})
+        self.m.ReplayAll()
+        scheduler.TaskRunner(rsrc.create)()
+        # update to 'any' protocol
+        update_template = copy.deepcopy(rsrc.t)
+        update_template['Properties']['protocol'] = 'any'
+        scheduler.TaskRunner(rsrc.update, update_template)()
+        self.m.VerifyAll()