← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #23185

[Bug 1327057] Re: fwaas:Admin should not be able to create Firewall policy with tenant's firewall rule

  Thread PreviousDate PreviousThread Next 
** Changed in: neutron
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1327057

Title:
  fwaas:Admin should not be able to create Firewall policy with tenant's
  firewall rule

Status in OpenStack Neutron (virtual network service):
  Fix Released

Bug description:
  Admin tenant should not be able to create Firewall policy with tenant's firewall rule
  Steps to Reproduce: 
   
                  1. Install icehouse GA
                   2. Enable firewall in OSC and NN node
                 3. create a firewall rule from the tenant
                 4. Create a firewall policy from admin attaching the tenant's firewal rule
  Actual Results: 
  admin able to create firewall policy with tenant's firewall rule
   
  root@IGA-OSC:~# neutron firewall-policy-create p1 --firewall-rules r3
  Created a new firewall_policy:
  +----------------+--------------------------------------+
  | Field          | Value                                |
  +----------------+--------------------------------------+
  | audited        | False                                |
  | description    |                                      |
  | firewall_rules | ef553a18-6eb6-41ee-a3ea-f10455ea5650 |
  | id             | 082fc40c-a3ad-48a0-a9c7-1151c77b3f1c |
  | name           | p1                                   |
  | shared         | False                                |
  | tenant_id      | 0ad385e00e97476e9456945c079a21ea     |
  +----------------+--------------------------------------+
  root@IGA-OSC:~# neutron firewall-rule-show r3
  +------------------------+--------------------------------------+
  | Field                  | Value                                |
  +------------------------+--------------------------------------+
  | action                 | allow                                |
  | description            |                                      |
  | destination_ip_address |                                      |
  | destination_port       |                                      |
  | enabled                | True                                 |
  | firewall_policy_id     | 082fc40c-a3ad-48a0-a9c7-1151c77b3f1c |
  | id                     | ef553a18-6eb6-41ee-a3ea-f10455ea5650 |
  | ip_version             | 4                                    |
  | name                   | r3                                   |
  | position               | 1                                    |
  | protocol               | udp                                  |
  | shared                 | False                                |
  | source_ip_address      |                                      |
  | source_port            |                                      |
  | tenant_id              | d9481c57a11c46eea62886938b5378a7     |
  +------------------------+--------------------------------------+
   
  root@IGA-OSC:~# ktl
  +----------------------------------+---------+---------+
  |                id                |   name  | enabled |
  +----------------------------------+---------+---------+
  | 0ad385e00e97476e9456945c079a21ea |  admin  |   True  |
  | 43af7b7c0dbc40bd90d03cc08df201ce | service |   True  |
  | d9481c57a11c46eea62886938b5378a7 | tenant1 |   True  |
  | bf4fbb928d574829855ebfd9e5d0e58c | tenant2 |   True  |
  +----------------------------------+---------+---------+

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1327057/+subscriptions

References

  Thread PreviousDate PreviousThread Next