← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1337801] [NEW] Port's device_owner field should not be editable

 

Public bug reported:

According to 'delete_router' code, a router can not be deleted if there
is a user port attached to it with
device_owner==network:router_interface :

        device_owner = self._get_device_owner(context, router) // device owner is actually the string network:router_interface
        device_filter = {'device_id': [router_id],
                         'device_owner': [device_owner]}
        port_count = self._core_plugin.get_ports_count(
            admin_ctx, filters=device_filter)
        if port_count:
            raise l3.RouterInUse(router_id=router_id)

At this is what happens when you try to delete a router with the admin
user:

    vagrant@devstack-single:~ > neutron router-delete 83d2c3d7-1665-41a1-99cf-9e6dfc24dcb7
    Router 83d2c3d7-1665-41a1-99cf-9e6dfc24dcb7 still has ports

However, if you switch user and edit the device_owner of the port
attached to the router:

    vagrant@devstack-single:~ > export OS_USERNAME=demo
    vagrant@devstack-single:~ > neutron port-list -c id -c fixed_ips -c device_owner
    +--------------------------------------+---------------------------------------------------------------------------------+--------------------------+
    | id                                   | fixed_ips                                                                       | device_owner             |
    +--------------------------------------+---------------------------------------------------------------------------------+--------------------------+
    | 4f82e9a3-5044-4d31-96c1-f0128fb8ff77 | {"subnet_id": "ea64b97a-626a-436a-a474-fa0dc082a80a", "ip_address": "10.0.0.1"} |      network:router_interface |
    vagrant@devstack-single:~ > neutron port-update 4f82e9a3-5044-4d31-96c1-f0128fb8ff77 --device_owner dummy_owner
    Updated port: 4f82e9a3-5044-4d31-96c1-f0128fb8ff77

The condition that avoids the router deletion does not exist anymore.
Hence, you can switch back to admin user and delete the router:

     vagrant@devstack-single:~ > export OS_USERNAME=admin
     vagrant@devstack-single:~ > neutron router-delete 83d2c3d7-1665-41a1-99cf-9e6dfc24dcb7
     Deleted router: 83d2c3d7-1665-41a1-99cf-9e6dfc24dcb7

>From the point of view of the raw user, the port still exist, and with
the same device_id:

    vagrant@devstack-single:~ > export OS_USERNAME=demo
    vagrant@devstack-single:~ > neutron port-list -c id -c fixed_ips -c device_owner -c device_id
    +--------------------------------------+---------------------------------------------------------------------------------+--------------+--------------------------------------+
    | id                                   | fixed_ips                                                                       | device_owner | device_id                            |
    +--------------------------------------+---------------------------------------------------------------------------------+--------------+--------------------------------------+
    | 4f82e9a3-5044-4d31-96c1-f0128fb8ff77 | {"subnet_id": "ea64b97a-626a-436a-a474-fa0dc082a80a", "ip_address": "10.0.0.1"} | dummy_owner  | 83d2c3d7-1665-41a1-99cf-9e6dfc24dcb7 |
    +--------------------------------------+---------------------------------------------------------------------------------+--------------+--------------------------------------+

I would suggest:

* Don't let edit the device_owner field
* Modify the first chunck of code to count ports based on device id instead of device_owner

or both...

** Affects: neutron
     Importance: Undecided
         Status: New

** Description changed:

  According to 'delete_router' code, a router can not be deleted if there
- is a user port attached to it:
+ is a user port attached to it with
+ device_owner==network:router_interface :
  
-         device_owner = self._get_device_owner(context, router) // device owner is actually the string network:router_interface
-         device_filter = {'device_id': [router_id],
-                          'device_owner': [device_owner]}
-         port_count = self._core_plugin.get_ports_count(
-             admin_ctx, filters=device_filter)
-         if port_count:
-             raise l3.RouterInUse(router_id=router_id)
+         device_owner = self._get_device_owner(context, router) // device owner is actually the string network:router_interface
+         device_filter = {'device_id': [router_id],
+                          'device_owner': [device_owner]}
+         port_count = self._core_plugin.get_ports_count(
+             admin_ctx, filters=device_filter)
+         if port_count:
+             raise l3.RouterInUse(router_id=router_id)
  
  At this is what happens when you try to delete a router with the admin
  user:
  
-     vagrant@devstack-single:~ > neutron router-delete 83d2c3d7-1665-41a1-99cf-9e6dfc24dcb7
-     Router 83d2c3d7-1665-41a1-99cf-9e6dfc24dcb7 still has ports
+     vagrant@devstack-single:~ > neutron router-delete 83d2c3d7-1665-41a1-99cf-9e6dfc24dcb7
+     Router 83d2c3d7-1665-41a1-99cf-9e6dfc24dcb7 still has ports
  
  However, if you switch user and edit the device_owner of the port
  attached to the router:
  
-     vagrant@devstack-single:~ > export OS_USERNAME=demo
-     vagrant@devstack-single:~ > neutron port-list -c id -c fixed_ips -c device_owner
-     +--------------------------------------+---------------------------------------------------------------------------------+--------------------------+
-     | id                                   | fixed_ips                                                                       | device_owner             |
-     +--------------------------------------+---------------------------------------------------------------------------------+--------------------------+
-     | 4f82e9a3-5044-4d31-96c1-f0128fb8ff77 | {"subnet_id": "ea64b97a-626a-436a-a474-fa0dc082a80a", "ip_address": "10.0.0.1"} |      network:router_interface |
-     vagrant@devstack-single:~ > neutron port-update 4f82e9a3-5044-4d31-96c1-f0128fb8ff77 --device_owner dummy_owner
-     Updated port: 4f82e9a3-5044-4d31-96c1-f0128fb8ff77
+     vagrant@devstack-single:~ > export OS_USERNAME=demo
+     vagrant@devstack-single:~ > neutron port-list -c id -c fixed_ips -c device_owner
+     +--------------------------------------+---------------------------------------------------------------------------------+--------------------------+
+     | id                                   | fixed_ips                                                                       | device_owner             |
+     +--------------------------------------+---------------------------------------------------------------------------------+--------------------------+
+     | 4f82e9a3-5044-4d31-96c1-f0128fb8ff77 | {"subnet_id": "ea64b97a-626a-436a-a474-fa0dc082a80a", "ip_address": "10.0.0.1"} |      network:router_interface |
+     vagrant@devstack-single:~ > neutron port-update 4f82e9a3-5044-4d31-96c1-f0128fb8ff77 --device_owner dummy_owner
+     Updated port: 4f82e9a3-5044-4d31-96c1-f0128fb8ff77
  
  The condition that avoids the router deletion does not exist anymore.
  Hence, you can switch back to admin user and delete the router:
  
-      vagrant@devstack-single:~ > export OS_USERNAME=admin
-      vagrant@devstack-single:~ > neutron router-delete 83d2c3d7-1665-41a1-99cf-9e6dfc24dcb7
-      Deleted router: 83d2c3d7-1665-41a1-99cf-9e6dfc24dcb7
+      vagrant@devstack-single:~ > export OS_USERNAME=admin
+      vagrant@devstack-single:~ > neutron router-delete 83d2c3d7-1665-41a1-99cf-9e6dfc24dcb7
+      Deleted router: 83d2c3d7-1665-41a1-99cf-9e6dfc24dcb7
  
  From the point of view of the raw user, the port still exist, and with
  the same device_id:
  
-     vagrant@devstack-single:~ > export OS_USERNAME=demo
-     vagrant@devstack-single:~ > neutron port-list -c id -c fixed_ips -c device_owner -c device_id
-     +--------------------------------------+---------------------------------------------------------------------------------+--------------+--------------------------------------+
-     | id                                   | fixed_ips                                                                       | device_owner | device_id                            |
-     +--------------------------------------+---------------------------------------------------------------------------------+--------------+--------------------------------------+
-     | 4f82e9a3-5044-4d31-96c1-f0128fb8ff77 | {"subnet_id": "ea64b97a-626a-436a-a474-fa0dc082a80a", "ip_address": "10.0.0.1"} | dummy_owner  | 83d2c3d7-1665-41a1-99cf-9e6dfc24dcb7 |
-     +--------------------------------------+---------------------------------------------------------------------------------+--------------+--------------------------------------+
- 
+     vagrant@devstack-single:~ > export OS_USERNAME=demo
+     vagrant@devstack-single:~ > neutron port-list -c id -c fixed_ips -c device_owner -c device_id
+     +--------------------------------------+---------------------------------------------------------------------------------+--------------+--------------------------------------+
+     | id                                   | fixed_ips                                                                       | device_owner | device_id                            |
+     +--------------------------------------+---------------------------------------------------------------------------------+--------------+--------------------------------------+
+     | 4f82e9a3-5044-4d31-96c1-f0128fb8ff77 | {"subnet_id": "ea64b97a-626a-436a-a474-fa0dc082a80a", "ip_address": "10.0.0.1"} | dummy_owner  | 83d2c3d7-1665-41a1-99cf-9e6dfc24dcb7 |
+     +--------------------------------------+---------------------------------------------------------------------------------+--------------+--------------------------------------+
  
  I would suggest:
  
  * Don't let edit the device_owner field
  * Modify the first chunck of code to count ports based on device id instead of device_owner
  
  or both...

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1337801

Title:
  Port's device_owner field should not be editable

Status in OpenStack Neutron (virtual network service):
  New

Bug description:
  According to 'delete_router' code, a router can not be deleted if
  there is a user port attached to it with
  device_owner==network:router_interface :

          device_owner = self._get_device_owner(context, router) // device owner is actually the string network:router_interface
          device_filter = {'device_id': [router_id],
                           'device_owner': [device_owner]}
          port_count = self._core_plugin.get_ports_count(
              admin_ctx, filters=device_filter)
          if port_count:
              raise l3.RouterInUse(router_id=router_id)

  At this is what happens when you try to delete a router with the admin
  user:

      vagrant@devstack-single:~ > neutron router-delete 83d2c3d7-1665-41a1-99cf-9e6dfc24dcb7
      Router 83d2c3d7-1665-41a1-99cf-9e6dfc24dcb7 still has ports

  However, if you switch user and edit the device_owner of the port
  attached to the router:

      vagrant@devstack-single:~ > export OS_USERNAME=demo
      vagrant@devstack-single:~ > neutron port-list -c id -c fixed_ips -c device_owner
      +--------------------------------------+---------------------------------------------------------------------------------+--------------------------+
      | id                                   | fixed_ips                                                                       | device_owner             |
      +--------------------------------------+---------------------------------------------------------------------------------+--------------------------+
      | 4f82e9a3-5044-4d31-96c1-f0128fb8ff77 | {"subnet_id": "ea64b97a-626a-436a-a474-fa0dc082a80a", "ip_address": "10.0.0.1"} |      network:router_interface |
      vagrant@devstack-single:~ > neutron port-update 4f82e9a3-5044-4d31-96c1-f0128fb8ff77 --device_owner dummy_owner
      Updated port: 4f82e9a3-5044-4d31-96c1-f0128fb8ff77

  The condition that avoids the router deletion does not exist anymore.
  Hence, you can switch back to admin user and delete the router:

       vagrant@devstack-single:~ > export OS_USERNAME=admin
       vagrant@devstack-single:~ > neutron router-delete 83d2c3d7-1665-41a1-99cf-9e6dfc24dcb7
       Deleted router: 83d2c3d7-1665-41a1-99cf-9e6dfc24dcb7

  From the point of view of the raw user, the port still exist, and with
  the same device_id:

      vagrant@devstack-single:~ > export OS_USERNAME=demo
      vagrant@devstack-single:~ > neutron port-list -c id -c fixed_ips -c device_owner -c device_id
      +--------------------------------------+---------------------------------------------------------------------------------+--------------+--------------------------------------+
      | id                                   | fixed_ips                                                                       | device_owner | device_id                            |
      +--------------------------------------+---------------------------------------------------------------------------------+--------------+--------------------------------------+
      | 4f82e9a3-5044-4d31-96c1-f0128fb8ff77 | {"subnet_id": "ea64b97a-626a-436a-a474-fa0dc082a80a", "ip_address": "10.0.0.1"} | dummy_owner  | 83d2c3d7-1665-41a1-99cf-9e6dfc24dcb7 |
      +--------------------------------------+---------------------------------------------------------------------------------+--------------+--------------------------------------+

  I would suggest:

  * Don't let edit the device_owner field
  * Modify the first chunck of code to count ports based on device id instead of device_owner

  or both...

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1337801/+subscriptions


Follow ups

References