From d311417122e7f895dd750a2259ad4cd6ef82fe50 Mon Sep 17 00:00:00 2001
From: Joe Topjian <joe@topjian.net>
Date: Mon, 29 May 2017 21:08:47 -0600
Subject: [PATCH] provider/openstack: Allow numerical protocols in security
 group rules

This commit enables a user to specify protocols in numerical form
when creating security group rules.
---
 ...e_openstack_networking_secgroup_rule_v2.go | 11 +++++
 ...nstack_networking_secgroup_rule_v2_test.go | 41 +++++++++++++++++++
 2 files changed, 52 insertions(+)

diff --git a/builtin/providers/openstack/resource_openstack_networking_secgroup_rule_v2.go b/builtin/providers/openstack/resource_openstack_networking_secgroup_rule_v2.go
index 2a6075ab5..6f5464fed 100644
--- a/builtin/providers/openstack/resource_openstack_networking_secgroup_rule_v2.go
+++ b/builtin/providers/openstack/resource_openstack_networking_secgroup_rule_v2.go
@@ -3,6 +3,7 @@ package openstack
 import (
 	"fmt"
 	"log"
+	"strconv"
 	"strings"
 	"time"
 
@@ -229,6 +230,8 @@ func resourceNetworkingSecGroupRuleV2DetermineEtherType(v string) rules.RuleEthe
 
 func resourceNetworkingSecGroupRuleV2DetermineProtocol(v string) rules.RuleProtocol {
 	var protocol rules.RuleProtocol
+
+	// Check and see if the requested protocol matched a list of known protocol names.
 	switch v {
 	case "tcp":
 		protocol = rules.ProtocolTCP
@@ -274,6 +277,14 @@ func resourceNetworkingSecGroupRuleV2DetermineProtocol(v string) rules.RuleProto
 		protocol = rules.ProtocolVRRP
 	}
 
+	// If the protocol wasn't matched above, see if it's an integer.
+	if protocol == "" {
+		_, err := strconv.Atoi(v)
+		if err == nil {
+			protocol = rules.RuleProtocol(v)
+		}
+	}
+
 	return protocol
 }
 
diff --git a/builtin/providers/openstack/resource_openstack_networking_secgroup_rule_v2_test.go b/builtin/providers/openstack/resource_openstack_networking_secgroup_rule_v2_test.go
index e9bc6834e..5cbe3b8e2 100644
--- a/builtin/providers/openstack/resource_openstack_networking_secgroup_rule_v2_test.go
+++ b/builtin/providers/openstack/resource_openstack_networking_secgroup_rule_v2_test.go
@@ -194,6 +194,30 @@ func TestAccNetworkingV2SecGroupRule_protocols(t *testing.T) {
 	})
 }
 
+func TestAccNetworkingV2SecGroupRule_numericProtocol(t *testing.T) {
+	var secgroup_1 groups.SecGroup
+	var secgroup_rule_1 rules.SecGroupRule
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckNetworkingV2SecGroupRuleDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccNetworkingV2SecGroupRule_numericProtocol,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckNetworkingV2SecGroupExists(
+						"openstack_networking_secgroup_v2.secgroup_1", &secgroup_1),
+					testAccCheckNetworkingV2SecGroupRuleExists(
+						"openstack_networking_secgroup_rule_v2.secgroup_rule_1", &secgroup_rule_1),
+					resource.TestCheckResourceAttr(
+						"openstack_networking_secgroup_rule_v2.secgroup_rule_1", "protocol", "115"),
+				),
+			},
+		},
+	})
+}
+
 func testAccCheckNetworkingV2SecGroupRuleDestroy(s *terraform.State) error {
 	config := testAccProvider.Meta().(*Config)
 	networkingClient, err := config.networkingV2Client(OS_REGION_NAME)
@@ -486,3 +510,20 @@ resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_vrrp" {
   security_group_id = "${openstack_networking_secgroup_v2.secgroup_1.id}"
 }
 `
+
+const testAccNetworkingV2SecGroupRule_numericProtocol = `
+resource "openstack_networking_secgroup_v2" "secgroup_1" {
+  name = "secgroup_1"
+  description = "terraform security group rule acceptance test"
+}
+
+resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_1" {
+  direction = "ingress"
+  ethertype = "IPv4"
+  port_range_max = 22
+  port_range_min = 22
+  protocol = "115"
+  remote_ip_prefix = "0.0.0.0/0"
+  security_group_id = "${openstack_networking_secgroup_v2.secgroup_1.id}"
+}
+`