yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #15327
[Bug 1327057] [NEW] fwaas:Admin should not be able to create Firewall policy with tenant's firewall rule
Public bug reported:
Admin tenant should not be able to create Firewall policy with tenant's firewall rule
Steps to Reproduce:
1. Install icehouse GA
2. Enable firewall in OSC and NN node
3. create a firewall rule from the tenant
4. Create a firewall policy from admin attaching the tenant's firewal rule
Actual Results:
admin able to create firewall policy with tenant's firewall rule
root@IGA-OSC:~# neutron firewall-policy-create p1 --firewall-rules r3
Created a new firewall_policy:
+----------------+--------------------------------------+
| Field | Value |
+----------------+--------------------------------------+
| audited | False |
| description | |
| firewall_rules | ef553a18-6eb6-41ee-a3ea-f10455ea5650 |
| id | 082fc40c-a3ad-48a0-a9c7-1151c77b3f1c |
| name | p1 |
| shared | False |
| tenant_id | 0ad385e00e97476e9456945c079a21ea |
+----------------+--------------------------------------+
root@IGA-OSC:~# neutron firewall-rule-show r3
+------------------------+--------------------------------------+
| Field | Value |
+------------------------+--------------------------------------+
| action | allow |
| description | |
| destination_ip_address | |
| destination_port | |
| enabled | True |
| firewall_policy_id | 082fc40c-a3ad-48a0-a9c7-1151c77b3f1c |
| id | ef553a18-6eb6-41ee-a3ea-f10455ea5650 |
| ip_version | 4 |
| name | r3 |
| position | 1 |
| protocol | udp |
| shared | False |
| source_ip_address | |
| source_port | |
| tenant_id | d9481c57a11c46eea62886938b5378a7 |
+------------------------+--------------------------------------+
root@IGA-OSC:~# ktl
+----------------------------------+---------+---------+
| id | name | enabled |
+----------------------------------+---------+---------+
| 0ad385e00e97476e9456945c079a21ea | admin | True |
| 43af7b7c0dbc40bd90d03cc08df201ce | service | True |
| d9481c57a11c46eea62886938b5378a7 | tenant1 | True |
| bf4fbb928d574829855ebfd9e5d0e58c | tenant2 | True |
+----------------------------------+---------+---------+
** Affects: neutron
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1327057
Title:
fwaas:Admin should not be able to create Firewall policy with tenant's
firewall rule
Status in OpenStack Neutron (virtual network service):
New
Bug description:
Admin tenant should not be able to create Firewall policy with tenant's firewall rule
Steps to Reproduce:
1. Install icehouse GA
2. Enable firewall in OSC and NN node
3. create a firewall rule from the tenant
4. Create a firewall policy from admin attaching the tenant's firewal rule
Actual Results:
admin able to create firewall policy with tenant's firewall rule
root@IGA-OSC:~# neutron firewall-policy-create p1 --firewall-rules r3
Created a new firewall_policy:
+----------------+--------------------------------------+
| Field | Value |
+----------------+--------------------------------------+
| audited | False |
| description | |
| firewall_rules | ef553a18-6eb6-41ee-a3ea-f10455ea5650 |
| id | 082fc40c-a3ad-48a0-a9c7-1151c77b3f1c |
| name | p1 |
| shared | False |
| tenant_id | 0ad385e00e97476e9456945c079a21ea |
+----------------+--------------------------------------+
root@IGA-OSC:~# neutron firewall-rule-show r3
+------------------------+--------------------------------------+
| Field | Value |
+------------------------+--------------------------------------+
| action | allow |
| description | |
| destination_ip_address | |
| destination_port | |
| enabled | True |
| firewall_policy_id | 082fc40c-a3ad-48a0-a9c7-1151c77b3f1c |
| id | ef553a18-6eb6-41ee-a3ea-f10455ea5650 |
| ip_version | 4 |
| name | r3 |
| position | 1 |
| protocol | udp |
| shared | False |
| source_ip_address | |
| source_port | |
| tenant_id | d9481c57a11c46eea62886938b5378a7 |
+------------------------+--------------------------------------+
root@IGA-OSC:~# ktl
+----------------------------------+---------+---------+
| id | name | enabled |
+----------------------------------+---------+---------+
| 0ad385e00e97476e9456945c079a21ea | admin | True |
| 43af7b7c0dbc40bd90d03cc08df201ce | service | True |
| d9481c57a11c46eea62886938b5378a7 | tenant1 | True |
| bf4fbb928d574829855ebfd9e5d0e58c | tenant2 | True |
+----------------------------------+---------+---------+
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1327057/+subscriptions
Follow ups
References
