`rules.*.protocol` is slightly confusing and silently accepts wrong values

[deepfire]

https://nixos.org/nixops/manual/#opt-rules._.protocol:

The protocol (tcp, udp, or icmp) that this rule describes. Use "-1" to specify All.

This option happily accepts numeric protocol IDs -- 6 and 17 for TCP and UDP, for example. The first deployment even works -- the rules are provisioned.

However, this bites, when --check is passed and the rules defined and rules returned from boto don't match up

It would be nice if the following changes were introduced:

• clarification that the protocol specification is a string -- merely quote tcp, udp and icmp
• change of the type of the option to types.enum ["tcp", "udp", "icmp", "-1"]

[deepfire]

cc @domenkozar

[coretemp]

This reminded me of: https://github.com/NixOS/nixops/issues/880