From: Roey Chen <roeyc@vmware.com>
Date: Fri, 24 Jul 2015 18:17:19 +0000 (-0700)
Subject: Fixing ICMP type and code validation
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=42188537172f4e1e633a0fb36ace5a522c730a32;p=openstack-build%2Fneutron-build.git

Fixing ICMP type and code validation

The case where type is not specifed (None) but the code is '0' will not
result in an error, as it should.

APIImpact

Closes-Bug: #1480966
Change-Id: I878b13ec46a93947765227c40282efa9a7e02ca8
---

diff --git a/neutron/db/securitygroups_db.py b/neutron/db/securitygroups_db.py
index 49b4f0913..bc5ad3a42 100644
--- a/neutron/db/securitygroups_db.py
+++ b/neutron/db/securitygroups_db.py
@@ -441,7 +441,7 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
                     raise ext_sg.SecurityGroupInvalidIcmpValue(
                         field=field, attr=attr, value=rule[attr])
             if (rule['port_range_min'] is None and
-                    rule['port_range_max']):
+                    rule['port_range_max'] is not None):
                 raise ext_sg.SecurityGroupMissingIcmpType(
                     value=rule['port_range_max'])
 
diff --git a/neutron/tests/unit/extensions/test_securitygroup.py b/neutron/tests/unit/extensions/test_securitygroup.py
index 44e816ba0..7ff4c2b20 100644
--- a/neutron/tests/unit/extensions/test_securitygroup.py
+++ b/neutron/tests/unit/extensions/test_securitygroup.py
@@ -1029,12 +1029,14 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
         with self.security_group(name, description) as sg:
             security_group_id = sg['security_group']['id']
             with self.security_group_rule(security_group_id):
-                rule = self._build_security_group_rule(
-                    sg['security_group']['id'], 'ingress',
-                    const.PROTO_NAME_ICMP, None, '2')
-                res = self._create_security_group_rule(self.fmt, rule)
-                self.deserialize(self.fmt, res)
-                self.assertEqual(res.status_int, webob.exc.HTTPBadRequest.code)
+                for code in ['2', '0']:
+                    rule = self._build_security_group_rule(
+                        sg['security_group']['id'], 'ingress',
+                        const.PROTO_NAME_ICMP, None, code)
+                    res = self._create_security_group_rule(self.fmt, rule)
+                    self.deserialize(self.fmt, res)
+                    self.assertEqual(res.status_int,
+                                     webob.exc.HTTPBadRequest.code)
 
     def test_list_ports_security_group(self):
         with self.network() as n: