gcloud firewall-rules bug parsing tcp ports

[GoogleCodeExporter]

What steps will reproduce the problem?

Two commands - one works, one doesn't, different only in the ports (the first 
uses 80:443, the second 443:80); if run sequentially, the first fails, the 2nd 
works:

$ gcloud compute firewall-rules create "r1" --project "shiny-1194" --allow 
"tcp:80,443" --source-ranges "199.231.241.22" --description "allow"

ERROR: (gcloud.compute.firewall-rules.create) Some requests did not succeed:
 - Invalid value for field 'resource.allowed[1].IPProtocol': '443'.  Invalid IP protocol specification.

$ gcloud compute firewall-rules create "r1" --project "shiny-1194" --allow 
"tcp:443,80" --source-ranges "199.231.241.22" --description "allow"

Created 
[https://www.googleapis.com/compute/v1/projects/shiny-1194/global/firewalls/r1].
NAME NETWORK SRC_RANGES     RULES      SRC_TAGS TARGET_TAGS
r1   default 199.231.241.22 tcp:443,80

What is the expected output? What do you see instead?

The second command above is correct output. No idea why the first doesn't work; 
the error message might give a clue to someone (not me.)  Further tests seem to 
indicate 443 works if the first port listed, but not elsewhere, but I may be 
misunderstanding something here.

What is the output of 'gcloud info'?

Google Cloud SDK [92.0.0]

Platform: [Mac OS X, x86_64]
Python Version: [2.7.10 (default, Jul 14 2015, 19:46:27)  [GCC 4.2.1 Compatible 
Apple LLVM 6.0 (clang-600.0.39)]]
Python Location: [/usr/bin/python]
Site Packages: [Disabled]

Installation Root: [/Users/zen/google-cloud-sdk]
Installed Components:
  core: [2016.01.12]
  core-nix: [2015.11.24]
  gcloud: []
  gsutil-nix: [4.15]
  beta: [2016.01.12]
  gsutil: [4.16]
  bq: [2.0.18]
  bq-nix: [2.0.18]
System PATH: 
[/Users/zen/google-cloud-sdk/bin:/Users/zen/bin:/usr/local/bin:/usr/local/sbin:/
sbin:/usr/sbin:/usr/bin:/bin:/usr/local/share/npm/bin:/Users/zen/.local/bin:/Use
rs/zen/src/me/f8/_fait-alpha-:/Users/zen/.ec2/bin:/opt/chef/embedded/bin]
Cloud SDK on PATH: [True]

Installation Properties: [/Users/zen/google-cloud-sdk/properties]
User Config Directory: [/Users/zen/.config/gcloud]
User Properties: [/Users/zen/.config/gcloud/properties]
Current Workspace: [None]
Workspace Config Directory: [None]
Workspace Properties: [None]

Account: [dan.farmer@multiscalehn.com]
Project: [infra-1092]

Current Properties:
  [core]
    project: [infra-1092]
    account: [dan.farmer@multiscalehn.com]
    disable_usage_reporting: [False]

Logs Directory: [/Users/zen/.config/gcloud/logs]
Last Log File: [/Users/zen/.config/gcloud/logs/2016.01.19/21.59.10.382776.log]

Please provide any additional information below.

Original issue reported on code.google.com by dan.far...@multiscalehn.com on 20 Jan 2016 at 6:07

[GoogleCodeExporter]

Thank you for reporting this issue. We hope to get the fix out soon in a future 
release.

Original comment by vil...@google.com on 20 Jan 2016 at 8:51

• Changed state: Accepted

[GoogleCodeExporter]

Allow takes a list of protocol or protocol:port entries. In the case of 
"tcp:443,80", you are allowing tcp port 443 and protocol 80. Protocols have 
both names and numbers assigned to them by IANA, 
http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml.

Instead you want to use "tcp:443,tcp:80".

We are looking into ways to better communicate what is happening to the user.

If you have any questions, feel free to reopen this bug.

Original comment by stephe...@google.com on 2 Feb 2016 at 8:52

• Changed state: WorkingAsIntended