← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #09881

[Bug 1280738] [NEW] Neutron loading policy file too early

  Thread PreviousDate PreviousThread Next 
Public bug reported:

>From time to time, I could see that "neutron net-external-list" was
returning something empty for a non-admin user while this is not true on
my setup.

After quite some debugging, it turned out that it was failing because of
the policy (using the default policy.json, btw):

  "get_network": "rule:admin_or_owner or rule:shared or rule:external"

This was not returning true. Clearly, "rule:external" should have (as a
reminder, this rule is: "external":
"field:networks:router:external=True")

After more debugging, I found out that the field check was comparing
u'True' with True. That is, the "True" that is in rule:external was a
unicode, and not a boolean.

Looking at extensions/external_net.py, though, I could see that
convert_to was set to attr.convert_to_boolean, so it should have worked.

Adding more debug output, I found out that the policies were loaded
before the external-net extension was loaded. Therefore, the convert_to
field wasn't available yet, and so the conversion to false wasn't true.

This all happened because there was some handling of an event before the
external-net extension was loaded, causing the policy file to be loaded
a bit too early.

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1280738

Title:
  Neutron loading policy file too early

Status in OpenStack Neutron (virtual network service):
  New

Bug description:
  From time to time, I could see that "neutron net-external-list" was
  returning something empty for a non-admin user while this is not true
  on my setup.

  After quite some debugging, it turned out that it was failing because
  of the policy (using the default policy.json, btw):

    "get_network": "rule:admin_or_owner or rule:shared or rule:external"

  This was not returning true. Clearly, "rule:external" should have (as
  a reminder, this rule is: "external":
  "field:networks:router:external=True")

  After more debugging, I found out that the field check was comparing
  u'True' with True. That is, the "True" that is in rule:external was a
  unicode, and not a boolean.

  Looking at extensions/external_net.py, though, I could see that
  convert_to was set to attr.convert_to_boolean, so it should have
  worked.

  Adding more debug output, I found out that the policies were loaded
  before the external-net extension was loaded. Therefore, the
  convert_to field wasn't available yet, and so the conversion to false
  wasn't true.

  This all happened because there was some handling of an event before
  the external-net extension was loaded, causing the policy file to be
  loaded a bit too early.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1280738/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next