yahoo-eng-team team mailing list archive

[Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>]

** Changed in: neutron
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1258438

Title:
  Can't create a firewall for admin tenant when at least one other
  tenant has a firewall

Status in OpenStack Neutron (virtual network service):
  Fix Released

Bug description:
  Only one firewall is allowed per tenant. This works as expected for
  non-admin tenants.

  When a new firewall is added in the context of admin, this fails if
  some other tenant already has a firewall. This is because
  'get_firewall_count' returns sum of all firewalls in the system.
  Addition of a new firewall for admin fails with the following error
  message.

  500-{u'NeutronError': {u'message': u'Exceeded allowed count of
  firewalls for tenant tenant-2. Only one firewall is supported per
  tenant.', u'type': u'FirewallCountExceeded', u'detail': u''}}

  
  fwaas_plugin.py
  ----------------
  def create_firewall(self, context, firewall):
          LOG.debug(_("create_firewall() called"))
          tenant_id = self._get_tenant_id_for_create(context,
                                                     firewall['firewall'])
          fw_count = self.get_firewalls_count(context)
          if fw_count:
              raise FirewallCountExceeded(tenant_id=tenant_id)
  ----------------

  => fw_count = self.get_firewalls_count(context)

  In the context of admin, the function counts other tenant's firewall.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1258438/+subscriptions