Allow ranges of ports for destination port

ae7da55a · Sigmund Augdal · 16eb478b · ae7da55a
Commit ae7da55a authored Nov 29, 2013 by Sigmund Augdal
Hide whitespace changes
Inline Side-by-side

Showing with 19 additions and 3 deletions

nova_router/security_groups.py nova_router/security_groups.py +19 -3

No files found.
--- a/nova_router/security_groups.py
+++ b/nova_router/security_groups.py
@@ -68,6 +68,11 @@ def get_group_rules(etcd_client, group_id):
    return rules


+def check_port(port):
+    if port <= 0 or port > 0xffff:
+        raise ValueError("invalid destination port: {}".format(port))
+
+
 def add_rule(etcd_client, group_id, params):
    rule_id = uuid.uuid4()
    rule_key = security_group_rule_key(group_id, rule_id)
@@ -79,9 +84,20 @@ def add_rule(etcd_client, group_id, params):
    source_type = params["source_type"]
    if source_type not in ("any", "cidr", "security_group"):
        raise ValueError("invalid source type: " + source_type)
-    destination_port = int(params["destination_port"])
-    if destination_port <= 0 or destination_port > 0xffff:
-        raise ValueError("invalid destination port: {}".format(destination_port))
+    destination_port = params["destination_port"]
+    if "-" in destination_port:
+        port_range = destination_port.split("-")
+        if len(port_range) != 2:
+            raise ValueError("Invalid destination port specification. At most one - allowed")
+        port_range = [int(a) for a in port_range]
+        for port in port_range:
+            check_port(port)
+        if port_range[0] > port_range[1]:
+            raise ValueError("Backwards destination port range")
+        destination_port = "{}-{}".format(*port_range)
+    else:
+        destination_port = int(destination_port)
+        check_port(destination_port)
    if source_type == "cidr":
        source_net = params["source_net"]
        source_mask = int(params["source_mask"])