yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1375564] Re: unable to delete correct security rules

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Christopher Yeoh <cyeoh@xxxxxxxxxxx>
Date: Wed, 01 Oct 2014 06:01:12 -0000
Reply-to: Bug 1375564 <1375564@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This is already implemented in Juno as secgroup-delete-group-rule

** Changed in: nova
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1375564

Title:
  unable to delete correct security rules

Status in OpenStack Compute (Nova):
  Invalid

Bug description:
  Description:
  ==========

  Version: Icehouse/stable

  Try to add a security group rule, like:

  stack@ThinkCentre:~$ nova secgroup-add-group-rule default default tcp
  121 121

  +-------------+-----------+---------+----------+--------------+
  | IP Protocol | From Port | To Port | IP Range | Source Group |
  +-------------+-----------+---------+----------+--------------+
  | tcp         | 121       | 121     |          | default      |
  +-------------+-----------+---------+----------+--------------+
  =============
  Now try to delete that group rule :

  stack@ThinkCentre:~$ nova secgroup-delete-group-rule default default tcp 121 121
   
  ERROR (AttributeError): 'NoneType' object has no attribute 'upper'
  ================
  Now try to add invalid group rule :

  stack@tcs-ThinkCentre:~$ nova secgroup-add-group-rule default default
  tcp -1 -1

  ERROR (BadRequest): Invalid port range -1:-1. Valid TCP ports should be between 1-65535 (HTTP 400) (Request-ID: req-4fb01dfe-c0f6-4309-87fb-e61777e980e2)
  =====================
  Now try to add group rule of icmp protocol :

  stack@ThinkCentre:~$ nova secgroup-add-group-rule default default icmp
  -1 -1

  +-------------+-----------+---------+----------+--------------+
  | IP Protocol | From Port | To Port | IP Range | Source Group |
  +-------------+-----------+---------+----------+--------------+
  | icmp        | -1        | -1      |          | default      |
  +-------------+-----------+---------+----------+--------------+

  this group rule is added because port range define as( -1 to 255) for icmp.
  =======================
  Now try to add one more group rule as :
   
  stack@ThinkCentre:~$ nova secgroup-add-group-rule default default icmp -2 -2

  ERROR (BadRequest): Invalid port range -2:-2. For ICMP, the type:code must be valid (HTTP 400) (Request-ID: req-24432ef8-ef05-4d6c-bbfd-8c2d199340e0)
  ======================
  Now check the group rule list:

  stack@ThinkCentre-M91P:~$ nova secgroup-list-rules default

  +-------------+-----------+---------+----------+--------------+
  | IP Protocol | From Port | To Port | IP Range | Source Group |
  +-------------+-----------+---------+----------+--------------+
  |
  | tcp         | 12        | 12      |          | default      |
  |                |           |         |          | default      |
  |                |           |         |          | default      |
  |  icmp     | -1      | -1      |          | default      |
  |                |           |         |          |              |
  +-------------+-----------+---------+----------+--------------+
  =====================
  Actual results:
  Only valid rules can be created but not able to delete them.

  Expected results:
  There should be a way to delete them.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1375564/+subscriptions

References

[Bug 1375564] [NEW] unable to delete correct security rules
From: Amandeep, 2014-09-30