← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #26658

[Bug 1408236] [NEW] incorrect behavior in creating firewall with unavailable firewall_policy

  Thread PreviousDate PreviousThread Next 
Public bug reported:

When creating firewall with following conditions, current neutron
behaves as follows:

[Condition]
  1. Create firewall-policy with admin privilege.
      => id: <fw_policy_id_admin>
  2. Create firewall with general user privilege using the policy.
      Request body:
        {
          "firewall": {
             "firewall_policy_id": <fw_policy_id_admin>
          }
        }

[Response]
  {
    "NeutronError": {
      "message": "Firewall Policy <fw_policy_id_admin> could not be found.",
      "type": "FirewallPolicyNotFound",
      "detail": ""
    }
  }

But, the firewall is created.  And that, only the user who has the access authorizations
into the firewall_policy can delete this resource.
In the above case , the general user can not delete the firewall resource.

** Affects: neutron
     Importance: Undecided
     Assignee: Yushiro FURUKAWA (y-furukawa-2)
         Status: In Progress

** Changed in: neutron
     Assignee: (unassigned) => Yushiro FURUKAWA (y-furukawa-2)

** Changed in: neutron
       Status: New => In Progress

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1408236

Title:
  incorrect behavior in creating firewall with unavailable
  firewall_policy

Status in OpenStack Neutron (virtual network service):
  In Progress

Bug description:
  When creating firewall with following conditions, current neutron
  behaves as follows:

  [Condition]
    1. Create firewall-policy with admin privilege.
        => id: <fw_policy_id_admin>
    2. Create firewall with general user privilege using the policy.
        Request body:
          {
            "firewall": {
               "firewall_policy_id": <fw_policy_id_admin>
            }
          }

  [Response]
    {
      "NeutronError": {
        "message": "Firewall Policy <fw_policy_id_admin> could not be found.",
        "type": "FirewallPolicyNotFound",
        "detail": ""
      }
    }

  But, the firewall is created.  And that, only the user who has the access authorizations
  into the firewall_policy can delete this resource.
  In the above case , the general user can not delete the firewall resource.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1408236/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next