yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #16702
[Bug 1334994] [NEW] Unsharing a shared policy/rule should not be allowed when it is in use by other tenant
Public bug reported:
Steps to reproduce:
1. As admin, create a shared policy p1 with shared rule r1
2. As tenant1, create a firewall f1 with policy p1
3. As admin, update p1 and r1 as unshared -- Actually it should not be allowed as they are in use but allowed in icehouse GA
4. As tenant1, try to delete f1. It fails with following error
Console of tenant1
======================
root@koti-icega-osc:/usr/share/pyshared/neutron# neutron firewall-create p1 --name f1
Created a new firewall:
+--------------------+--------------------------------------+
| Field | Value |
+--------------------+--------------------------------------+
| admin_state_up | True |
| description | |
| firewall_policy_id | 367ff338-1014-4788-9cd9-d9d60035dd52 |
| id | 1665bbf3-f527-4ec9-950f-a3f41d618faf |
| name | f1 |
| status | PENDING_CREATE |
| tenant_id | d637bea7d56b4ac288485143ee2a65af |
+--------------------+--------------------------------------+
root@koti-icega-osc:/usr/share/pyshared/neutron# neutron firewall-show f1
+--------------------+--------------------------------------+
| Field | Value |
+--------------------+--------------------------------------+
| admin_state_up | True |
| description | |
| firewall_policy_id | 367ff338-1014-4788-9cd9-d9d60035dd52 |
| id | 1665bbf3-f527-4ec9-950f-a3f41d618faf |
| name | f1 |
| status | ACTIVE |
| tenant_id | d637bea7d56b4ac288485143ee2a65af |
+--------------------+--------------------------------------+
/********unshare p1 and r1 as admin**********/
root@koti-icega-osc:/usr/share/pyshared/neutron# neutron firewall-delete f1
404-{u'NeutronError': {u'message': u'Firewall Policy 367ff338-1014-4788-9cd9-d9d60035dd52 could not be found.', u'type': u'FirewallPolicyNotFound', u'detail': u''}}<<<<<<<<<<<<<<<<<<<<<<<<<Error as p1 and r1 are not shared now
root@koti-icega-osc:/usr/share/pyshared/neutron# neutron firewall-show f1
+--------------------+--------------------------------------+
| Field | Value |
+--------------------+--------------------------------------+
| admin_state_up | True |
| description | |
| firewall_policy_id | 367ff338-1014-4788-9cd9-d9d60035dd52 |
| id | 1665bbf3-f527-4ec9-950f-a3f41d618faf |
| name | f1 |
| status | PENDING_DELETE |<<<<<<<<<<<<<<<<<<<<<<<<< f1 went to pending delete state
| tenant_id | d637bea7d56b4ac288485143ee2a65af |
+--------------------+--------------------------------------+
** Affects: neutron
Importance: Undecided
Status: New
** Tags: fwaas
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1334994
Title:
Unsharing a shared policy/rule should not be allowed when it is in use
by other tenant
Status in OpenStack Neutron (virtual network service):
New
Bug description:
Steps to reproduce:
1. As admin, create a shared policy p1 with shared rule r1
2. As tenant1, create a firewall f1 with policy p1
3. As admin, update p1 and r1 as unshared -- Actually it should not be allowed as they are in use but allowed in icehouse GA
4. As tenant1, try to delete f1. It fails with following error
Console of tenant1
======================
root@koti-icega-osc:/usr/share/pyshared/neutron# neutron firewall-create p1 --name f1
Created a new firewall:
+--------------------+--------------------------------------+
| Field | Value |
+--------------------+--------------------------------------+
| admin_state_up | True |
| description | |
| firewall_policy_id | 367ff338-1014-4788-9cd9-d9d60035dd52 |
| id | 1665bbf3-f527-4ec9-950f-a3f41d618faf |
| name | f1 |
| status | PENDING_CREATE |
| tenant_id | d637bea7d56b4ac288485143ee2a65af |
+--------------------+--------------------------------------+
root@koti-icega-osc:/usr/share/pyshared/neutron# neutron firewall-show f1
+--------------------+--------------------------------------+
| Field | Value |
+--------------------+--------------------------------------+
| admin_state_up | True |
| description | |
| firewall_policy_id | 367ff338-1014-4788-9cd9-d9d60035dd52 |
| id | 1665bbf3-f527-4ec9-950f-a3f41d618faf |
| name | f1 |
| status | ACTIVE |
| tenant_id | d637bea7d56b4ac288485143ee2a65af |
+--------------------+--------------------------------------+
/********unshare p1 and r1 as admin**********/
root@koti-icega-osc:/usr/share/pyshared/neutron# neutron firewall-delete f1
404-{u'NeutronError': {u'message': u'Firewall Policy 367ff338-1014-4788-9cd9-d9d60035dd52 could not be found.', u'type': u'FirewallPolicyNotFound', u'detail': u''}}<<<<<<<<<<<<<<<<<<<<<<<<<Error as p1 and r1 are not shared now
root@koti-icega-osc:/usr/share/pyshared/neutron# neutron firewall-show f1
+--------------------+--------------------------------------+
| Field | Value |
+--------------------+--------------------------------------+
| admin_state_up | True |
| description | |
| firewall_policy_id | 367ff338-1014-4788-9cd9-d9d60035dd52 |
| id | 1665bbf3-f527-4ec9-950f-a3f41d618faf |
| name | f1 |
| status | PENDING_DELETE |<<<<<<<<<<<<<<<<<<<<<<<<< f1 went to pending delete state
| tenant_id | d637bea7d56b4ac288485143ee2a65af |
+--------------------+--------------------------------------+
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1334994/+subscriptions
Follow ups
References
