yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1322105] [NEW] NVP FWaaS occurs error when removing a rule which is shared by two firewalls

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: berlin <linb@xxxxxxxxxx>
Date: Thu, 22 May 2014 09:03:22 -0000
Reply-to: Bug 1322105 <1322105@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

Bugs reproduce process:
1. create a firewall rule and attache it to a firewall policy
2. create two firewalls with the firewall policy attached alternatively on two routers 
3. remove the firewall rule from the firewall policy
it would occur the following error:

 Traceback (most recent call last):
  File "/home/stack/neutron/neutron/api/v2/resource.py", line 87, in resource
    result = method(request=request, **args)
  File "/home/stack/neutron/neutron/api/v2/base.py", line 201, in _handle_action
    return getattr(self._plugin, name)(*arg_list, **kwargs)
  File "/home/stack/neutron/neutron/plugins/vmware/plugins/service.py", line 1077, in remove_rule
    context, fwr['id'], edge_id)
  File "/home/stack/neutron/neutron/plugins/vmware/vshield/edge_firewall_driver.py", line 270, in delete_firewall_rule
    vcns_rule_id = rule_map.rule_vseid
AttributeError: 'NoneType' object has no attribute 'rule_vseid'
2014-05-22 16:21:22,244     INFO [neutron.plugins.vmware.vshield.tasks.tasks] TaskManager terminated
}}}

Traceback (most recent call last):
  File "/home/stack/neutron/neutron/tests/unit/vmware/vshield/test_fwaas_plugin.py", line 650, in test_remove_rule_with_firewalls
    expected_body=attrs)
  File "/home/stack/neutron/neutron/tests/unit/db/firewall/test_db_firewall.py", line 295, in _rule_action
    self.assertEqual(res.status_int, expected_code)
  File "/home/stack/neutron/.venv/local/lib/python2.7/site-packages/testtools/testcase.py", line 322, in assertEqual
    self.assertThat(observed, matcher, message)
  File "/home/stack/neutron/.venv/local/lib/python2.7/site-packages/testtools/testcase.py", line 412, in assertThat
    raise MismatchError(matchee, matcher, mismatch, verbose)
MismatchError: 500 != 200

It is because when deleting the corresponding
vcns_edge_firewallrule_binding entry, it query based on id instead of
(edge_id, id) which leads to deleting the other rule_binding entry.

** Affects: neutron
     Importance: Undecided
         Status: New


** Tags: nicira

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1322105

Title:
  NVP FWaaS occurs error when removing a rule which is shared by two
  firewalls

Status in OpenStack Neutron (virtual network service):
  New

Bug description:
  Bugs reproduce process:
  1. create a firewall rule and attache it to a firewall policy
  2. create two firewalls with the firewall policy attached alternatively on two routers 
  3. remove the firewall rule from the firewall policy
  it would occur the following error:

   Traceback (most recent call last):
    File "/home/stack/neutron/neutron/api/v2/resource.py", line 87, in resource
      result = method(request=request, **args)
    File "/home/stack/neutron/neutron/api/v2/base.py", line 201, in _handle_action
      return getattr(self._plugin, name)(*arg_list, **kwargs)
    File "/home/stack/neutron/neutron/plugins/vmware/plugins/service.py", line 1077, in remove_rule
      context, fwr['id'], edge_id)
    File "/home/stack/neutron/neutron/plugins/vmware/vshield/edge_firewall_driver.py", line 270, in delete_firewall_rule
      vcns_rule_id = rule_map.rule_vseid
  AttributeError: 'NoneType' object has no attribute 'rule_vseid'
  2014-05-22 16:21:22,244     INFO [neutron.plugins.vmware.vshield.tasks.tasks] TaskManager terminated
  }}}

  Traceback (most recent call last):
    File "/home/stack/neutron/neutron/tests/unit/vmware/vshield/test_fwaas_plugin.py", line 650, in test_remove_rule_with_firewalls
      expected_body=attrs)
    File "/home/stack/neutron/neutron/tests/unit/db/firewall/test_db_firewall.py", line 295, in _rule_action
      self.assertEqual(res.status_int, expected_code)
    File "/home/stack/neutron/.venv/local/lib/python2.7/site-packages/testtools/testcase.py", line 322, in assertEqual
      self.assertThat(observed, matcher, message)
    File "/home/stack/neutron/.venv/local/lib/python2.7/site-packages/testtools/testcase.py", line 412, in assertThat
      raise MismatchError(matchee, matcher, mismatch, verbose)
  MismatchError: 500 != 200

  It is because when deleting the corresponding
  vcns_edge_firewallrule_binding entry, it query based on id instead of
  (edge_id, id) which leads to deleting the other rule_binding entry.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1322105/+subscriptions

Follow ups

[Bug 1322105] Re: NVP FWaaS occurs error when removing a rule which is shared by two firewalls
From: Russell Bryant, 2014-07-23
[Bug 1322105] [NEW] NVP FWaaS occurs error when removing a rule which is shared by two firewalls
From: berlin, 2014-05-22

References

[Bug 1322105] [NEW] NVP FWaaS occurs error when removing a rule which is shared by two firewalls
From: berlin, 2014-05-22