yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #15335
[Bug 1327071] [NEW] fwaas:Error not thrown when duplicate protocol options are present while creating firewall rule
Public bug reported:
Duplicate option Error not thrown, when creating firewall rule with duplicate option of protocol field. however error is throwing for action field while updating the firewall rule.
Steps to Reproduce:
create firewall rule by specifying the protocol field two times
Actual Results:
root@IH-HL-OSC:~# fwru r1 --protocol tcp --protocol icmp
Updated firewall_rule: r1
root@IH-HL-OSC:~# fwrl
+--------------------------------------+------+--------------------------------------+----------------------+---------+
| id | name | firewall_policy_id | summary | enabled |
+--------------------------------------+------+--------------------------------------+----------------------+---------+
| 7fd12232-2fd2-4fbc-a70b-2e3479f93392 | r1 | e8f3f423-0e38-4f58-85de-2ec9559cefb9 | ICMP, | True |
| | | | source: none(none), | |
| | | | dest: none(22), | |
| | | | allow | |
| c81dd745-b71d-4879-a16e-401d9e60d68d | r2 | | TCP, | True |
| | | | source: none(none), | |
| | | | dest: none(none), | |
| | | | allow | |
+--------------------------------------+------+--------------------------------------+----------------------+---------+
root@IH-HL-OSC:~# fwrc --name r2 --protocol icmp --action allow --action deny
Created a new firewall_rule:
+------------------------+--------------------------------------+
| Field | Value |
+------------------------+--------------------------------------+
| action | deny |
| description | |
| destination_ip_address | |
| destination_port | |
| enabled | True |
| firewall_policy_id | |
| id | bcdbe24d-93ac-4d2e-889d-ad6f8f5a2b29 |
| ip_version | 4 |
| name | r2 |
| position | |
| protocol | icmp |
| shared | False |
| source_ip_address | |
| source_port | |
| tenant_id | 8aac6cceec774dec8821d76e0c1bdd8c |
+------------------------+--------------------------------------+
root@IH-HL-OSC:~# fwrc --name r2 --protocol icmp --action allow --protocol tcp
Created a new firewall_rule:
+------------------------+--------------------------------------+
| Field | Value |
+------------------------+--------------------------------------+
| action | allow |
| description | |
| destination_ip_address | |
| destination_port | |
| enabled | True |
| firewall_policy_id | |
| id | af7de3ec-344c-44c0-98b2-bd7bc9db3d93 |
| ip_version | 4 |
| name | r2 |
| position | |
| protocol | tcp |
| shared | False |
| source_ip_address | |
| source_port | |
| tenant_id | 8aac6cceec774dec8821d76e0c1bdd8c |
+------------------------+--------------------------------------+
root@IH-HL-OSC:~#
root@IH-HL-OSC:~# fwru --protocol icmp --action allow --action deny --protocol tcp
Duplicated options --action --action deny-----------------------------------------> error thrown for action
Expected Results:
It should throw error when same option is given multiple times
** Affects: neutron
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1327071
Title:
fwaas:Error not thrown when duplicate protocol options are present
while creating firewall rule
Status in OpenStack Neutron (virtual network service):
New
Bug description:
Duplicate option Error not thrown, when creating firewall rule with duplicate option of protocol field. however error is throwing for action field while updating the firewall rule.
Steps to Reproduce:
create firewall rule by specifying the protocol field two times
Actual Results:
root@IH-HL-OSC:~# fwru r1 --protocol tcp --protocol icmp
Updated firewall_rule: r1
root@IH-HL-OSC:~# fwrl
+--------------------------------------+------+--------------------------------------+----------------------+---------+
| id | name | firewall_policy_id | summary | enabled |
+--------------------------------------+------+--------------------------------------+----------------------+---------+
| 7fd12232-2fd2-4fbc-a70b-2e3479f93392 | r1 | e8f3f423-0e38-4f58-85de-2ec9559cefb9 | ICMP, | True |
| | | | source: none(none), | |
| | | | dest: none(22), | |
| | | | allow | |
| c81dd745-b71d-4879-a16e-401d9e60d68d | r2 | | TCP, | True |
| | | | source: none(none), | |
| | | | dest: none(none), | |
| | | | allow | |
+--------------------------------------+------+--------------------------------------+----------------------+---------+
root@IH-HL-OSC:~# fwrc --name r2 --protocol icmp --action allow --action deny
Created a new firewall_rule:
+------------------------+--------------------------------------+
| Field | Value |
+------------------------+--------------------------------------+
| action | deny |
| description | |
| destination_ip_address | |
| destination_port | |
| enabled | True |
| firewall_policy_id | |
| id | bcdbe24d-93ac-4d2e-889d-ad6f8f5a2b29 |
| ip_version | 4 |
| name | r2 |
| position | |
| protocol | icmp |
| shared | False |
| source_ip_address | |
| source_port | |
| tenant_id | 8aac6cceec774dec8821d76e0c1bdd8c |
+------------------------+--------------------------------------+
root@IH-HL-OSC:~# fwrc --name r2 --protocol icmp --action allow --protocol tcp
Created a new firewall_rule:
+------------------------+--------------------------------------+
| Field | Value |
+------------------------+--------------------------------------+
| action | allow |
| description | |
| destination_ip_address | |
| destination_port | |
| enabled | True |
| firewall_policy_id | |
| id | af7de3ec-344c-44c0-98b2-bd7bc9db3d93 |
| ip_version | 4 |
| name | r2 |
| position | |
| protocol | tcp |
| shared | False |
| source_ip_address | |
| source_port | |
| tenant_id | 8aac6cceec774dec8821d76e0c1bdd8c |
+------------------------+--------------------------------------+
root@IH-HL-OSC:~#
root@IH-HL-OSC:~# fwru --protocol icmp --action allow --action deny --protocol tcp
Duplicated options --action --action deny-----------------------------------------> error thrown for action
Expected Results:
It should throw error when same option is given multiple times
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1327071/+subscriptions
Follow ups
References
