Commit 60fb1a0e authored by Sigmund Augdal's avatar Sigmund Augdal

Fix breakage with source security group and protocol == ip

parent dea55825
......@@ -117,8 +117,6 @@ class Generator(object):
suffix = ""
if port is not None and protocol in ['tcp', 'udp']:
suffix += ",{}:{}".format(protocol, port)
if protocol == "ip":
name += "_to_ip"
if net is not None:
suffix += ",{}".format(net)
member = member.lower()
......@@ -150,8 +148,12 @@ class Generator(object):
continue
for member in sorted(members):
if rule["source_type"] == "any":
self.add_ipset_member(RULES_FROM_ANY, member,
rule["protocol"], rule.get("destination_port", None))
if rule["protocol"] == "ip":
self.add_ipset_member(RULES_FROM_ANY_TO_IP, member,
rule["protocol"], rule.get("destination_port", None))
else:
self.add_ipset_member(RULES_FROM_ANY, member,
rule["protocol"], rule.get("destination_port", None))
elif rule["source_type"] == "cidr":
if rule["protocol"] == "ip":
if group_id not in self.ip_cidr_groups:
......
......@@ -102,7 +102,7 @@ class TestProcessSecurityGroup(object):
},
]
self.generator.process_security_group("a", "b")
self.generator.add_ipset_member.assert_called_with(iptables_configurator.RULES_FROM_ANY,
self.generator.add_ipset_member.assert_called_with(iptables_configurator.RULES_FROM_ANY_TO_IP,
'00:11:22:33:44:55', 'ip', None)
self.generator.add_ipset_member_family.assert_any_call(iptables_configurator.RULES_FROM_ANY_TO_IP,
'00:11:22:33:44:55', 'inet6', '', None, self.generator.addresses_v6)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment