Merge "Handle undefined protocol field in security group rules correc…

…tly" into stable/2024.1

octavia/network/drivers/neutron/allowed_address_pairs.py

@@ -194,12 +194,13 @@ def _update_security_group_rules(self, load_balancer, sec_grp_id):
             # Don't remove egress rules and don't confuse other protocols with
             # None ports with the egress rules.  VRRP uses protocol 51 and 112
             if (rule.get('direction') == 'egress' or
-                    rule.get('protocol').upper() not in
+                    rule.get('protocol') is None or
+                    rule['protocol'].upper() not in
                     [constants.PROTOCOL_TCP, constants.PROTOCOL_UDP,
                      lib_consts.PROTOCOL_SCTP]):
                 continue
             old_ports.append((rule.get('port_range_max'),
-                              rule.get('protocol').lower(),
+                              rule['protocol'].lower(),
                               rule.get('remote_ip_prefix')))
 
         add_ports = set(updated_ports) - set(old_ports)

octavia/tests/unit/network/drivers/neutron/test_allowed_address_pairs.py

@@ -1071,7 +1071,8 @@ def test_update_vip(self):
         fake_rules = [
             {'id': 'rule-80', 'port_range_max': 80, 'protocol': 'tcp',
              'remote_ip_prefix': '10.0.101.0/24'},
-            {'id': 'rule-22', 'port_range_max': 22, 'protocol': 'tcp'}
+            {'id': 'rule-22', 'port_range_max': 22, 'protocol': 'tcp'},
+            {'id': 'rule-None', 'port_range_max': 22},
         ]
         list_rules = self.driver.network_proxy.security_group_rules
         list_rules.return_value = fake_rules

releasenotes/notes/fix-attributeerror-when-securitygroup-rule-has-protocol-none-9b7217c5477d01b6.yaml

@@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    Fixed potential AttributeError during listener update when security group
+    rule had no protocol defined (ie. it was null).