openstack/ansible-collections-openstack
Code Issues Proposed changes

Refactor TCP/UDP port check.

Browse Source 
Task: 41314
Story: 2008390
Change-Id: Ib479dbef68cede6189d25e75388d8cb1fc61f95f
This commit is contained in:
siavashsardari 2020-11-26 18:02:57 +03:30 committed by Sagi Shnaidman
parent 9ed9b1d399
commit bce3eea5c0
2 changed files with 51 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
ci/roles/security_group/tasks/main.yml
View File

@ -32,6 +32,26 @@
protocol: tcp protocol: tcp
remote_ip_prefix: 0.0.0.0/0 remote_ip_prefix: 0.0.0.0/0
- name: Create TCP rule again with port range (1, 65535)
openstack.cloud.security_group_rule:
cloud: "{{ cloud }}"
security_group: "{{ secgroup_name }}"
state: present
protocol: tcp
port_range_min: 1
port_range_max: 65535
remote_ip_prefix: 0.0.0.0/0
- name: Create TCP rule again with port range (-1, -1)
openstack.cloud.security_group_rule:
cloud: "{{ cloud }}"
security_group: "{{ secgroup_name }}"
state: present
protocol: tcp
port_range_min: -1
port_range_max: -1
remote_ip_prefix: 0.0.0.0/0
- name: Create empty UDP rule - name: Create empty UDP rule
openstack.cloud.security_group_rule: openstack.cloud.security_group_rule:
cloud: "{{ cloud }}" cloud: "{{ cloud }}"
@ -40,6 +60,26 @@
protocol: udp protocol: udp
remote_ip_prefix: 0.0.0.0/0 remote_ip_prefix: 0.0.0.0/0
- name: Create UDP rule again with port range (1, 65535)
openstack.cloud.security_group_rule:
cloud: "{{ cloud }}"
security_group: "{{ secgroup_name }}"
state: present
protocol: udp
port_range_min: 1
port_range_max: 65535
remote_ip_prefix: 0.0.0.0/0
- name: Create UDP rule again with port range (-1, -1)
openstack.cloud.security_group_rule:
cloud: "{{ cloud }}"
security_group: "{{ secgroup_name }}"
state: present
protocol: udp
port_range_min: -1
port_range_max: -1
remote_ip_prefix: 0.0.0.0/0
- name: Create HTTP rule - name: Create HTTP rule
openstack.cloud.security_group_rule: openstack.cloud.security_group_rule:
cloud: "{{ cloud }}" cloud: "{{ cloud }}"

23
plugins/modules/security_group_rule.py
View File

@ -213,21 +213,20 @@ def _ports_match(protocol, module_min, module_max, rule_min, rule_max):
if protocol == 'any': if protocol == 'any':
return True return True
# Check if the user is supplying -1 or None values for full TPC/UDP port range. # Check if the user is supplying -1, 1 to 65535 or None values for full TPC/UDP port range.
if protocol in ['tcp', 'udp'] or protocol is None: if protocol in ['tcp', 'udp'] or protocol is None:
if module_min and module_max and int(module_min) == int(module_max) == -1:
module_min = None
module_max = None
if ( if (
(module_min is None and module_max is None) not module_min and not module_max
and ( or (int(module_min) in [-1, 1]
rule_min and int(rule_min) == 1 and int(module_max) in [-1, 65535])
and rule_max and int(rule_max) == 65535
)
): ):
# (None, None) == (1, 65535) if (
return True not rule_min and not rule_max
or (int(rule_min) in [-1, 1]
and int(rule_max) in [-1, 65535])
):
# (None, None) == (1, 65535) == (-1, -1)
return True
# Sanity check to make sure we don't have type comparison issues. # Sanity check to make sure we don't have type comparison issues.
if module_min: if module_min: