yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #16916
[Bug 1337801] [NEW] Port's device_owner field should not be editable
Public bug reported:
According to 'delete_router' code, a router can not be deleted if there
is a user port attached to it with
device_owner==network:router_interface :
device_owner = self._get_device_owner(context, router) // device owner is actually the string network:router_interface
device_filter = {'device_id': [router_id],
'device_owner': [device_owner]}
port_count = self._core_plugin.get_ports_count(
admin_ctx, filters=device_filter)
if port_count:
raise l3.RouterInUse(router_id=router_id)
At this is what happens when you try to delete a router with the admin
user:
vagrant@devstack-single:~ > neutron router-delete 83d2c3d7-1665-41a1-99cf-9e6dfc24dcb7
Router 83d2c3d7-1665-41a1-99cf-9e6dfc24dcb7 still has ports
However, if you switch user and edit the device_owner of the port
attached to the router:
vagrant@devstack-single:~ > export OS_USERNAME=demo
vagrant@devstack-single:~ > neutron port-list -c id -c fixed_ips -c device_owner
+--------------------------------------+---------------------------------------------------------------------------------+--------------------------+
| id | fixed_ips | device_owner |
+--------------------------------------+---------------------------------------------------------------------------------+--------------------------+
| 4f82e9a3-5044-4d31-96c1-f0128fb8ff77 | {"subnet_id": "ea64b97a-626a-436a-a474-fa0dc082a80a", "ip_address": "10.0.0.1"} | network:router_interface |
vagrant@devstack-single:~ > neutron port-update 4f82e9a3-5044-4d31-96c1-f0128fb8ff77 --device_owner dummy_owner
Updated port: 4f82e9a3-5044-4d31-96c1-f0128fb8ff77
The condition that avoids the router deletion does not exist anymore.
Hence, you can switch back to admin user and delete the router:
vagrant@devstack-single:~ > export OS_USERNAME=admin
vagrant@devstack-single:~ > neutron router-delete 83d2c3d7-1665-41a1-99cf-9e6dfc24dcb7
Deleted router: 83d2c3d7-1665-41a1-99cf-9e6dfc24dcb7
>From the point of view of the raw user, the port still exist, and with
the same device_id:
vagrant@devstack-single:~ > export OS_USERNAME=demo
vagrant@devstack-single:~ > neutron port-list -c id -c fixed_ips -c device_owner -c device_id
+--------------------------------------+---------------------------------------------------------------------------------+--------------+--------------------------------------+
| id | fixed_ips | device_owner | device_id |
+--------------------------------------+---------------------------------------------------------------------------------+--------------+--------------------------------------+
| 4f82e9a3-5044-4d31-96c1-f0128fb8ff77 | {"subnet_id": "ea64b97a-626a-436a-a474-fa0dc082a80a", "ip_address": "10.0.0.1"} | dummy_owner | 83d2c3d7-1665-41a1-99cf-9e6dfc24dcb7 |
+--------------------------------------+---------------------------------------------------------------------------------+--------------+--------------------------------------+
I would suggest:
* Don't let edit the device_owner field
* Modify the first chunck of code to count ports based on device id instead of device_owner
or both...
** Affects: neutron
Importance: Undecided
Status: New
** Description changed:
According to 'delete_router' code, a router can not be deleted if there
- is a user port attached to it:
+ is a user port attached to it with
+ device_owner==network:router_interface :
- device_owner = self._get_device_owner(context, router) // device owner is actually the string network:router_interface
- device_filter = {'device_id': [router_id],
- 'device_owner': [device_owner]}
- port_count = self._core_plugin.get_ports_count(
- admin_ctx, filters=device_filter)
- if port_count:
- raise l3.RouterInUse(router_id=router_id)
+ device_owner = self._get_device_owner(context, router) // device owner is actually the string network:router_interface
+ device_filter = {'device_id': [router_id],
+ 'device_owner': [device_owner]}
+ port_count = self._core_plugin.get_ports_count(
+ admin_ctx, filters=device_filter)
+ if port_count:
+ raise l3.RouterInUse(router_id=router_id)
At this is what happens when you try to delete a router with the admin
user:
- vagrant@devstack-single:~ > neutron router-delete 83d2c3d7-1665-41a1-99cf-9e6dfc24dcb7
- Router 83d2c3d7-1665-41a1-99cf-9e6dfc24dcb7 still has ports
+ vagrant@devstack-single:~ > neutron router-delete 83d2c3d7-1665-41a1-99cf-9e6dfc24dcb7
+ Router 83d2c3d7-1665-41a1-99cf-9e6dfc24dcb7 still has ports
However, if you switch user and edit the device_owner of the port
attached to the router:
- vagrant@devstack-single:~ > export OS_USERNAME=demo
- vagrant@devstack-single:~ > neutron port-list -c id -c fixed_ips -c device_owner
- +--------------------------------------+---------------------------------------------------------------------------------+--------------------------+
- | id | fixed_ips | device_owner |
- +--------------------------------------+---------------------------------------------------------------------------------+--------------------------+
- | 4f82e9a3-5044-4d31-96c1-f0128fb8ff77 | {"subnet_id": "ea64b97a-626a-436a-a474-fa0dc082a80a", "ip_address": "10.0.0.1"} | network:router_interface |
- vagrant@devstack-single:~ > neutron port-update 4f82e9a3-5044-4d31-96c1-f0128fb8ff77 --device_owner dummy_owner
- Updated port: 4f82e9a3-5044-4d31-96c1-f0128fb8ff77
+ vagrant@devstack-single:~ > export OS_USERNAME=demo
+ vagrant@devstack-single:~ > neutron port-list -c id -c fixed_ips -c device_owner
+ +--------------------------------------+---------------------------------------------------------------------------------+--------------------------+
+ | id | fixed_ips | device_owner |
+ +--------------------------------------+---------------------------------------------------------------------------------+--------------------------+
+ | 4f82e9a3-5044-4d31-96c1-f0128fb8ff77 | {"subnet_id": "ea64b97a-626a-436a-a474-fa0dc082a80a", "ip_address": "10.0.0.1"} | network:router_interface |
+ vagrant@devstack-single:~ > neutron port-update 4f82e9a3-5044-4d31-96c1-f0128fb8ff77 --device_owner dummy_owner
+ Updated port: 4f82e9a3-5044-4d31-96c1-f0128fb8ff77
The condition that avoids the router deletion does not exist anymore.
Hence, you can switch back to admin user and delete the router:
- vagrant@devstack-single:~ > export OS_USERNAME=admin
- vagrant@devstack-single:~ > neutron router-delete 83d2c3d7-1665-41a1-99cf-9e6dfc24dcb7
- Deleted router: 83d2c3d7-1665-41a1-99cf-9e6dfc24dcb7
+ vagrant@devstack-single:~ > export OS_USERNAME=admin
+ vagrant@devstack-single:~ > neutron router-delete 83d2c3d7-1665-41a1-99cf-9e6dfc24dcb7
+ Deleted router: 83d2c3d7-1665-41a1-99cf-9e6dfc24dcb7
From the point of view of the raw user, the port still exist, and with
the same device_id:
- vagrant@devstack-single:~ > export OS_USERNAME=demo
- vagrant@devstack-single:~ > neutron port-list -c id -c fixed_ips -c device_owner -c device_id
- +--------------------------------------+---------------------------------------------------------------------------------+--------------+--------------------------------------+
- | id | fixed_ips | device_owner | device_id |
- +--------------------------------------+---------------------------------------------------------------------------------+--------------+--------------------------------------+
- | 4f82e9a3-5044-4d31-96c1-f0128fb8ff77 | {"subnet_id": "ea64b97a-626a-436a-a474-fa0dc082a80a", "ip_address": "10.0.0.1"} | dummy_owner | 83d2c3d7-1665-41a1-99cf-9e6dfc24dcb7 |
- +--------------------------------------+---------------------------------------------------------------------------------+--------------+--------------------------------------+
-
+ vagrant@devstack-single:~ > export OS_USERNAME=demo
+ vagrant@devstack-single:~ > neutron port-list -c id -c fixed_ips -c device_owner -c device_id
+ +--------------------------------------+---------------------------------------------------------------------------------+--------------+--------------------------------------+
+ | id | fixed_ips | device_owner | device_id |
+ +--------------------------------------+---------------------------------------------------------------------------------+--------------+--------------------------------------+
+ | 4f82e9a3-5044-4d31-96c1-f0128fb8ff77 | {"subnet_id": "ea64b97a-626a-436a-a474-fa0dc082a80a", "ip_address": "10.0.0.1"} | dummy_owner | 83d2c3d7-1665-41a1-99cf-9e6dfc24dcb7 |
+ +--------------------------------------+---------------------------------------------------------------------------------+--------------+--------------------------------------+
I would suggest:
* Don't let edit the device_owner field
* Modify the first chunck of code to count ports based on device id instead of device_owner
or both...
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1337801
Title:
Port's device_owner field should not be editable
Status in OpenStack Neutron (virtual network service):
New
Bug description:
According to 'delete_router' code, a router can not be deleted if
there is a user port attached to it with
device_owner==network:router_interface :
device_owner = self._get_device_owner(context, router) // device owner is actually the string network:router_interface
device_filter = {'device_id': [router_id],
'device_owner': [device_owner]}
port_count = self._core_plugin.get_ports_count(
admin_ctx, filters=device_filter)
if port_count:
raise l3.RouterInUse(router_id=router_id)
At this is what happens when you try to delete a router with the admin
user:
vagrant@devstack-single:~ > neutron router-delete 83d2c3d7-1665-41a1-99cf-9e6dfc24dcb7
Router 83d2c3d7-1665-41a1-99cf-9e6dfc24dcb7 still has ports
However, if you switch user and edit the device_owner of the port
attached to the router:
vagrant@devstack-single:~ > export OS_USERNAME=demo
vagrant@devstack-single:~ > neutron port-list -c id -c fixed_ips -c device_owner
+--------------------------------------+---------------------------------------------------------------------------------+--------------------------+
| id | fixed_ips | device_owner |
+--------------------------------------+---------------------------------------------------------------------------------+--------------------------+
| 4f82e9a3-5044-4d31-96c1-f0128fb8ff77 | {"subnet_id": "ea64b97a-626a-436a-a474-fa0dc082a80a", "ip_address": "10.0.0.1"} | network:router_interface |
vagrant@devstack-single:~ > neutron port-update 4f82e9a3-5044-4d31-96c1-f0128fb8ff77 --device_owner dummy_owner
Updated port: 4f82e9a3-5044-4d31-96c1-f0128fb8ff77
The condition that avoids the router deletion does not exist anymore.
Hence, you can switch back to admin user and delete the router:
vagrant@devstack-single:~ > export OS_USERNAME=admin
vagrant@devstack-single:~ > neutron router-delete 83d2c3d7-1665-41a1-99cf-9e6dfc24dcb7
Deleted router: 83d2c3d7-1665-41a1-99cf-9e6dfc24dcb7
From the point of view of the raw user, the port still exist, and with
the same device_id:
vagrant@devstack-single:~ > export OS_USERNAME=demo
vagrant@devstack-single:~ > neutron port-list -c id -c fixed_ips -c device_owner -c device_id
+--------------------------------------+---------------------------------------------------------------------------------+--------------+--------------------------------------+
| id | fixed_ips | device_owner | device_id |
+--------------------------------------+---------------------------------------------------------------------------------+--------------+--------------------------------------+
| 4f82e9a3-5044-4d31-96c1-f0128fb8ff77 | {"subnet_id": "ea64b97a-626a-436a-a474-fa0dc082a80a", "ip_address": "10.0.0.1"} | dummy_owner | 83d2c3d7-1665-41a1-99cf-9e6dfc24dcb7 |
+--------------------------------------+---------------------------------------------------------------------------------+--------------+--------------------------------------+
I would suggest:
* Don't let edit the device_owner field
* Modify the first chunck of code to count ports based on device id instead of device_owner
or both...
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1337801/+subscriptions
Follow ups
References