Refactor TCP/UDP port check.

Task: 41314 Story: 2008390 Change-Id: Ib479dbef68cede6189d25e75388d8cb1fc61f95f
2020-11-26 18:02:57 +03:30 · 2020-11-26 18:02:57 +03:30 · bce3eea5c0
commit bce3eea5c0
parent 9ed9b1d399
2 changed files with 51 additions and 12 deletions
--- a/ci/roles/security_group/tasks/main.yml
+++ b/ci/roles/security_group/tasks/main.yml
@ -32,6 +32,26 @@
     protocol: tcp
     remote_ip_prefix: 0.0.0.0/0

+- name: Create TCP rule again with port range (1, 65535)
+  openstack.cloud.security_group_rule:
+     cloud: "{{ cloud }}"
+     security_group: "{{ secgroup_name }}"
+     state: present
+     protocol: tcp
+     port_range_min: 1
+     port_range_max: 65535
+     remote_ip_prefix: 0.0.0.0/0
+
+- name: Create TCP rule again with port range (-1, -1)
+  openstack.cloud.security_group_rule:
+     cloud: "{{ cloud }}"
+     security_group: "{{ secgroup_name }}"
+     state: present
+     protocol: tcp
+     port_range_min: -1
+     port_range_max: -1
+     remote_ip_prefix: 0.0.0.0/0
+
 - name: Create empty UDP rule
  openstack.cloud.security_group_rule:
     cloud: "{{ cloud }}"
@ -40,6 +60,26 @@
     protocol: udp
     remote_ip_prefix: 0.0.0.0/0

+- name: Create UDP rule again with port range (1, 65535)
+  openstack.cloud.security_group_rule:
+     cloud: "{{ cloud }}"
+     security_group: "{{ secgroup_name }}"
+     state: present
+     protocol: udp
+     port_range_min: 1
+     port_range_max: 65535
+     remote_ip_prefix: 0.0.0.0/0
+
+- name: Create UDP rule again with port range (-1, -1)
+  openstack.cloud.security_group_rule:
+     cloud: "{{ cloud }}"
+     security_group: "{{ secgroup_name }}"
+     state: present
+     protocol: udp
+     port_range_min: -1
+     port_range_max: -1
+     remote_ip_prefix: 0.0.0.0/0
+
 - name: Create HTTP rule
  openstack.cloud.security_group_rule:
     cloud: "{{ cloud }}"
--- a/plugins/modules/security_group_rule.py
+++ b/plugins/modules/security_group_rule.py
@ -213,21 +213,20 @@ def _ports_match(protocol, module_min, module_max, rule_min, rule_max):
    if protocol == 'any':
        return True

-    # Check if the user is supplying -1 or None values for full TPC/UDP port range.
+    # Check if the user is supplying -1, 1 to 65535 or None values for full TPC/UDP port range.
    if protocol in ['tcp', 'udp'] or protocol is None:
-        if module_min and module_max and int(module_min) == int(module_max) == -1:
-            module_min = None
-            module_max = None
-
        if (
-            (module_min is None and module_max is None)
-            and (
-                rule_min and int(rule_min) == 1
-                and rule_max and int(rule_max) == 65535
-            )
+            not module_min and not module_max
+            or (int(module_min) in [-1, 1]
+                and int(module_max) in [-1, 65535])
        ):
-            # (None, None) == (1, 65535)
-            return True
+            if (
+                not rule_min and not rule_max
+                or (int(rule_min) in [-1, 1]
+                    and int(rule_max) in [-1, 65535])
+            ):
+                # (None, None) == (1, 65535) == (-1, -1)
+                return True

    # Sanity check to make sure we don't have type comparison issues.
    if module_min: