← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1334994] [NEW] Unsharing a shared policy/rule should not be allowed when it is in use by other tenant

 

Public bug reported:

Steps to reproduce:

1. As admin, create a shared policy p1 with shared rule r1
2. As tenant1, create a firewall f1 with policy p1
3. As admin, update p1 and r1 as unshared -- Actually it should not be allowed as they are in use but allowed in icehouse GA
4. As tenant1, try to delete f1. It fails with following error

Console of tenant1
======================
root@koti-icega-osc:/usr/share/pyshared/neutron# neutron firewall-create p1 --name f1
Created a new firewall:
+--------------------+--------------------------------------+
| Field              | Value                                |
+--------------------+--------------------------------------+
| admin_state_up     | True                                 |
| description        |                                      |
| firewall_policy_id | 367ff338-1014-4788-9cd9-d9d60035dd52 |
| id                 | 1665bbf3-f527-4ec9-950f-a3f41d618faf |
| name               | f1                                   |
| status             | PENDING_CREATE                       |
| tenant_id          | d637bea7d56b4ac288485143ee2a65af     |
+--------------------+--------------------------------------+

root@koti-icega-osc:/usr/share/pyshared/neutron# neutron firewall-show f1
+--------------------+--------------------------------------+
| Field              | Value                                |
+--------------------+--------------------------------------+
| admin_state_up     | True                                 |
| description        |                                      |
| firewall_policy_id | 367ff338-1014-4788-9cd9-d9d60035dd52 |
| id                 | 1665bbf3-f527-4ec9-950f-a3f41d618faf |
| name               | f1                                   |
| status             | ACTIVE                               |
| tenant_id          | d637bea7d56b4ac288485143ee2a65af     |
+--------------------+--------------------------------------+

/********unshare p1 and r1 as admin**********/

root@koti-icega-osc:/usr/share/pyshared/neutron# neutron firewall-delete f1
404-{u'NeutronError': {u'message': u'Firewall Policy 367ff338-1014-4788-9cd9-d9d60035dd52 could not be found.', u'type': u'FirewallPolicyNotFound', u'detail': u''}}<<<<<<<<<<<<<<<<<<<<<<<<<Error as p1 and r1 are not shared now
root@koti-icega-osc:/usr/share/pyshared/neutron# neutron firewall-show f1
+--------------------+--------------------------------------+
| Field              | Value                                |
+--------------------+--------------------------------------+
| admin_state_up     | True                                 |
| description        |                                      |
| firewall_policy_id | 367ff338-1014-4788-9cd9-d9d60035dd52 |
| id                 | 1665bbf3-f527-4ec9-950f-a3f41d618faf |
| name               | f1                                   |
| status             | PENDING_DELETE                       |<<<<<<<<<<<<<<<<<<<<<<<<< f1 went to pending delete state
| tenant_id          | d637bea7d56b4ac288485143ee2a65af     |
+--------------------+--------------------------------------+

** Affects: neutron
     Importance: Undecided
         Status: New


** Tags: fwaas

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1334994

Title:
  Unsharing a shared policy/rule should not be allowed when it is in use
  by other tenant

Status in OpenStack Neutron (virtual network service):
  New

Bug description:
  Steps to reproduce:

  1. As admin, create a shared policy p1 with shared rule r1
  2. As tenant1, create a firewall f1 with policy p1
  3. As admin, update p1 and r1 as unshared -- Actually it should not be allowed as they are in use but allowed in icehouse GA
  4. As tenant1, try to delete f1. It fails with following error

  Console of tenant1
  ======================
  root@koti-icega-osc:/usr/share/pyshared/neutron# neutron firewall-create p1 --name f1
  Created a new firewall:
  +--------------------+--------------------------------------+
  | Field              | Value                                |
  +--------------------+--------------------------------------+
  | admin_state_up     | True                                 |
  | description        |                                      |
  | firewall_policy_id | 367ff338-1014-4788-9cd9-d9d60035dd52 |
  | id                 | 1665bbf3-f527-4ec9-950f-a3f41d618faf |
  | name               | f1                                   |
  | status             | PENDING_CREATE                       |
  | tenant_id          | d637bea7d56b4ac288485143ee2a65af     |
  +--------------------+--------------------------------------+

  root@koti-icega-osc:/usr/share/pyshared/neutron# neutron firewall-show f1
  +--------------------+--------------------------------------+
  | Field              | Value                                |
  +--------------------+--------------------------------------+
  | admin_state_up     | True                                 |
  | description        |                                      |
  | firewall_policy_id | 367ff338-1014-4788-9cd9-d9d60035dd52 |
  | id                 | 1665bbf3-f527-4ec9-950f-a3f41d618faf |
  | name               | f1                                   |
  | status             | ACTIVE                               |
  | tenant_id          | d637bea7d56b4ac288485143ee2a65af     |
  +--------------------+--------------------------------------+

  /********unshare p1 and r1 as admin**********/

  root@koti-icega-osc:/usr/share/pyshared/neutron# neutron firewall-delete f1
  404-{u'NeutronError': {u'message': u'Firewall Policy 367ff338-1014-4788-9cd9-d9d60035dd52 could not be found.', u'type': u'FirewallPolicyNotFound', u'detail': u''}}<<<<<<<<<<<<<<<<<<<<<<<<<Error as p1 and r1 are not shared now
  root@koti-icega-osc:/usr/share/pyshared/neutron# neutron firewall-show f1
  +--------------------+--------------------------------------+
  | Field              | Value                                |
  +--------------------+--------------------------------------+
  | admin_state_up     | True                                 |
  | description        |                                      |
  | firewall_policy_id | 367ff338-1014-4788-9cd9-d9d60035dd52 |
  | id                 | 1665bbf3-f527-4ec9-950f-a3f41d618faf |
  | name               | f1                                   |
  | status             | PENDING_DELETE                       |<<<<<<<<<<<<<<<<<<<<<<<<< f1 went to pending delete state
  | tenant_id          | d637bea7d56b4ac288485143ee2a65af     |
  +--------------------+--------------------------------------+

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1334994/+subscriptions


Follow ups

References