yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #22598
[Bug 1375564] [NEW] unable to delete correct security rules
Public bug reported:
Description:
==========
Version: Icehouse/stable
Try to add a security group rule, like:
stack@ThinkCentre:~$ nova secgroup-add-group-rule default default tcp
121 121
+-------------+-----------+---------+----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+----------+--------------+
| tcp | 121 | 121 | | default |
+-------------+-----------+---------+----------+--------------+
=============
Now try to delete that group rule :
stack@ThinkCentre:~$ nova secgroup-delete-group-rule default default tcp 121 121
ERROR (AttributeError): 'NoneType' object has no attribute 'upper'
================
Now try to add invalid group rule :
stack@tcs-ThinkCentre:~$ nova secgroup-add-group-rule default default
tcp -1 -1
ERROR (BadRequest): Invalid port range -1:-1. Valid TCP ports should be between 1-65535 (HTTP 400) (Request-ID: req-4fb01dfe-c0f6-4309-87fb-e61777e980e2)
=====================
Now try to add group rule of icmp protocol :
stack@ThinkCentre:~$ nova secgroup-add-group-rule default default icmp
-1 -1
+-------------+-----------+---------+----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+----------+--------------+
| icmp | -1 | -1 | | default |
+-------------+-----------+---------+----------+--------------+
this group rule is added because port range define as( -1 to 255) for icmp.
=======================
Now try to add one more group rule as :
stack@ThinkCentre:~$ nova secgroup-add-group-rule default default icmp -2 -2
ERROR (BadRequest): Invalid port range -2:-2. For ICMP, the type:code must be valid (HTTP 400) (Request-ID: req-24432ef8-ef05-4d6c-bbfd-8c2d199340e0)
======================
Now check the group rule list:
stack@ThinkCentre-M91P:~$ nova secgroup-list-rules default
+-------------+-----------+---------+----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+----------+--------------+
|
| tcp | 12 | 12 | | default |
| | | | | default |
| | | | | default |
| icmp | -1 | -1 | | default |
| | | | | |
+-------------+-----------+---------+----------+--------------+
=====================
Actual results:
Only valid rules can be created but not able to delete them.
Expected results:
There should be a way to delete them.
** Affects: nova
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1375564
Title:
unable to delete correct security rules
Status in OpenStack Compute (Nova):
New
Bug description:
Description:
==========
Version: Icehouse/stable
Try to add a security group rule, like:
stack@ThinkCentre:~$ nova secgroup-add-group-rule default default tcp
121 121
+-------------+-----------+---------+----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+----------+--------------+
| tcp | 121 | 121 | | default |
+-------------+-----------+---------+----------+--------------+
=============
Now try to delete that group rule :
stack@ThinkCentre:~$ nova secgroup-delete-group-rule default default tcp 121 121
ERROR (AttributeError): 'NoneType' object has no attribute 'upper'
================
Now try to add invalid group rule :
stack@tcs-ThinkCentre:~$ nova secgroup-add-group-rule default default
tcp -1 -1
ERROR (BadRequest): Invalid port range -1:-1. Valid TCP ports should be between 1-65535 (HTTP 400) (Request-ID: req-4fb01dfe-c0f6-4309-87fb-e61777e980e2)
=====================
Now try to add group rule of icmp protocol :
stack@ThinkCentre:~$ nova secgroup-add-group-rule default default icmp
-1 -1
+-------------+-----------+---------+----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+----------+--------------+
| icmp | -1 | -1 | | default |
+-------------+-----------+---------+----------+--------------+
this group rule is added because port range define as( -1 to 255) for icmp.
=======================
Now try to add one more group rule as :
stack@ThinkCentre:~$ nova secgroup-add-group-rule default default icmp -2 -2
ERROR (BadRequest): Invalid port range -2:-2. For ICMP, the type:code must be valid (HTTP 400) (Request-ID: req-24432ef8-ef05-4d6c-bbfd-8c2d199340e0)
======================
Now check the group rule list:
stack@ThinkCentre-M91P:~$ nova secgroup-list-rules default
+-------------+-----------+---------+----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+----------+--------------+
|
| tcp | 12 | 12 | | default |
| | | | | default |
| | | | | default |
| icmp | -1 | -1 | | default |
| | | | | |
+-------------+-----------+---------+----------+--------------+
=====================
Actual results:
Only valid rules can be created but not able to delete them.
Expected results:
There should be a way to delete them.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1375564/+subscriptions
Follow ups
References
