From bce3eea5c063d466f44ced5a2c641fc7dffa8547 Mon Sep 17 00:00:00 2001
From: siavashsardari <siavash.sardari@gmail.com>
Date: Thu, 26 Nov 2020 18:02:57 +0330
Subject: [PATCH] Refactor TCP/UDP port check.

Task: 41314
Story: 2008390
Change-Id: Ib479dbef68cede6189d25e75388d8cb1fc61f95f
---
 ci/roles/security_group/tasks/main.yml | 40 ++++++++++++++++++++++++++
 plugins/modules/security_group_rule.py | 23 +++++++--------
 2 files changed, 51 insertions(+), 12 deletions(-)

diff --git a/ci/roles/security_group/tasks/main.yml b/ci/roles/security_group/tasks/main.yml
index 6174f6be..6be133c3 100644
--- a/ci/roles/security_group/tasks/main.yml
+++ b/ci/roles/security_group/tasks/main.yml
@@ -32,6 +32,26 @@
      protocol: tcp
      remote_ip_prefix: 0.0.0.0/0
 
+- name: Create TCP rule again with port range (1, 65535)
+  openstack.cloud.security_group_rule:
+     cloud: "{{ cloud }}"
+     security_group: "{{ secgroup_name }}"
+     state: present
+     protocol: tcp
+     port_range_min: 1
+     port_range_max: 65535
+     remote_ip_prefix: 0.0.0.0/0
+
+- name: Create TCP rule again with port range (-1, -1)
+  openstack.cloud.security_group_rule:
+     cloud: "{{ cloud }}"
+     security_group: "{{ secgroup_name }}"
+     state: present
+     protocol: tcp
+     port_range_min: -1
+     port_range_max: -1
+     remote_ip_prefix: 0.0.0.0/0
+
 - name: Create empty UDP rule
   openstack.cloud.security_group_rule:
      cloud: "{{ cloud }}"
@@ -40,6 +60,26 @@
      protocol: udp
      remote_ip_prefix: 0.0.0.0/0
 
+- name: Create UDP rule again with port range (1, 65535)
+  openstack.cloud.security_group_rule:
+     cloud: "{{ cloud }}"
+     security_group: "{{ secgroup_name }}"
+     state: present
+     protocol: udp
+     port_range_min: 1
+     port_range_max: 65535
+     remote_ip_prefix: 0.0.0.0/0
+
+- name: Create UDP rule again with port range (-1, -1)
+  openstack.cloud.security_group_rule:
+     cloud: "{{ cloud }}"
+     security_group: "{{ secgroup_name }}"
+     state: present
+     protocol: udp
+     port_range_min: -1
+     port_range_max: -1
+     remote_ip_prefix: 0.0.0.0/0
+
 - name: Create HTTP rule
   openstack.cloud.security_group_rule:
      cloud: "{{ cloud }}"
diff --git a/plugins/modules/security_group_rule.py b/plugins/modules/security_group_rule.py
index f89f3eda..6a0e0c99 100644
--- a/plugins/modules/security_group_rule.py
+++ b/plugins/modules/security_group_rule.py
@@ -213,21 +213,20 @@ def _ports_match(protocol, module_min, module_max, rule_min, rule_max):
     if protocol == 'any':
         return True
 
-    # Check if the user is supplying -1 or None values for full TPC/UDP port range.
+    # Check if the user is supplying -1, 1 to 65535 or None values for full TPC/UDP port range.
     if protocol in ['tcp', 'udp'] or protocol is None:
-        if module_min and module_max and int(module_min) == int(module_max) == -1:
-            module_min = None
-            module_max = None
-
         if (
-            (module_min is None and module_max is None)
-            and (
-                rule_min and int(rule_min) == 1
-                and rule_max and int(rule_max) == 65535
-            )
+            not module_min and not module_max
+            or (int(module_min) in [-1, 1]
+                and int(module_max) in [-1, 65535])
         ):
-            # (None, None) == (1, 65535)
-            return True
+            if (
+                not rule_min and not rule_max
+                or (int(rule_min) in [-1, 1]
+                    and int(rule_max) in [-1, 65535])
+            ):
+                # (None, None) == (1, 65535) == (-1, -1)
+                return True
 
     # Sanity check to make sure we don't have type comparison issues.
     if module_min: