Add icmpv6 to sg_supported_protocols

support using icmpv6 (protocol num 58) in the protocol option, when creating
a security group rule.At this time, port_range_min/port_range_max represent
icmpv6 type/code, and you can use only port_range_min to specify just one type.
eg:neutron security-group-rule-create --direction ingress \
   --ethertype ipv6 --protocol icmpv6 --port-range-min 134 SECURITY_GROUP

ApiImpact
DocImpact
Partial-Bug:#1427973
Change-Id: Ide4f7476cdb8a4f04f72983917ce7dbfc7be90a5

diff --git a/neutron/extensions/securitygroup.py b/neutron/extensions/securitygroup.py
index e25be6364c5a76ab5d171b1881775d5e2a71fb20..c8861e24d02dbe67657e5556386d5123ec0a3355 100644 (file)
--- a/neutron/extensions/securitygroup.py
+++ b/neutron/extensions/securitygroup.py
@@ -72,8 +72,8 @@ class SecurityGroupDefaultAlreadyExists(nexception.InUse):
 
 class SecurityGroupRuleInvalidProtocol(nexception.InvalidInput):
     message = _("Security group rule protocol %(protocol)s not supported. "
-                "Only protocol values %(values)s and their integer "
-                "representation (0 to 255) are supported.")
+                "Only protocol values %(values)s and integer representations "
+                "[0 to 255] are supported.")
 
 
 class SecurityGroupRulesNotSingleTenant(nexception.InvalidInput):
@@ -198,8 +198,8 @@ def _validate_name_not_default(data, valid_values=None):
 
 attr.validators['type:name_not_default'] = _validate_name_not_default
 
-sg_supported_protocols = [None, const.PROTO_NAME_TCP,
-                          const.PROTO_NAME_UDP, const.PROTO_NAME_ICMP]
+sg_supported_protocols = [None, const.PROTO_NAME_TCP, const.PROTO_NAME_UDP,
+                          const.PROTO_NAME_ICMP, const.PROTO_NAME_ICMP_V6]
 sg_supported_ethertypes = ['IPv4', 'IPv6']
 
 # Attribute Map

diff --git a/neutron/tests/unit/extensions/test_securitygroup.py b/neutron/tests/unit/extensions/test_securitygroup.py
index 4f9533a5f35f3bc4539e06bedd70ca0d3846e3cf..e21813b354e2bd5b15b25ccd177f98991e69bf31 100644 (file)
--- a/neutron/tests/unit/extensions/test_securitygroup.py
+++ b/neutron/tests/unit/extensions/test_securitygroup.py
@@ -812,6 +812,35 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
                 for k, v, in keys:
                     self.assertEqual(rule['security_group_rule'][k], v)
 
+    def test_create_security_group_rule_icmpv6_with_type_only(self):
+        name = 'webservers'
+        description = 'my webservers'
+        with self.security_group(name, description) as sg:
+            security_group_id = sg['security_group']['id']
+            direction = "ingress"
+            ethertype = const.IPv6
+            remote_ip_prefix = "2001::f401:56ff:fefe:d3dc/128"
+            protocol = const.PROTO_NAME_ICMP_V6
+            # ICMPV6 type
+            port_range_min = const.ICMPV6_TYPE_RA
+            # ICMPV6 code
+            port_range_max = None
+            keys = [('remote_ip_prefix', remote_ip_prefix),
+                    ('security_group_id', security_group_id),
+                    ('direction', direction),
+                    ('ethertype', ethertype),
+                    ('protocol', protocol),
+                    ('port_range_min', port_range_min),
+                    ('port_range_max', port_range_max)]
+            with self.security_group_rule(security_group_id, direction,
+                                          protocol, port_range_min,
+                                          port_range_max,
+                                          remote_ip_prefix,
+                                          None, None,
+                                          ethertype) as rule:
+                for k, v, in keys:
+                    self.assertEqual(rule['security_group_rule'][k], v)
+
     def test_create_security_group_source_group_ip_and_ip_prefix(self):
         security_group_id = "4cd70774-cc67-4a87-9b39-7d1db38eb087"
         direction = "ingress"