yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1410651] Re: wrong output when trying to delete a default security group of admin tenant

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: "yanheven@xxxxxxxxx" <yanheven@xxxxxxxxx>
Date: Sun, 18 Jan 2015 14:28:27 -0000
Reply-to: Bug 1410651 <1410651@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

codes in Neutron.db.securitygroups_db:
def _ensure_default_security_group(self, context, tenant_id):
        """Create a default security group if one doesn't exist.

        :returns: the default security group id.
        """
        filters = {'name': ['default'], 'tenant_id': [tenant_id]}
        default_group = self.get_security_groups(context, filters,
                                                 default_sg=True)
        if not default_group:
            security_group = {'security_group': {'name': 'default',
                                                 'tenant_id': tenant_id,
                                                 'description': 'default'}}
            ret = self.create_security_group(context, security_group, True)
            return ret['id']
        else:
            return default_group[0]['id']

and only admin is able to delete the default secgroup:
def delete_security_group(self, context, id):
        filters = {'security_group_id': [id]}
        ports = self._get_port_security_group_bindings(context, filters)
        if ports:
            raise ext_sg.SecurityGroupInUse(id=id)
        # confirm security group exists
        sg = self._get_security_group(context, id)

        if sg['name'] == 'default' and not context.is_admin:
            raise ext_sg.SecurityGroupCannotRemoveDefault()
        with context.session.begin(subtransactions=True):
            context.session.delete(sg)


** Changed in: nova
       Status: New => Invalid

** Changed in: nova
     Assignee: Padmakanth (padmakanth-chandrapati) => yanheven@xxxxxxxxx (yanheven)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1410651

Title:
  wrong output when trying to delete a default security group of admin
  tenant

Status in OpenStack Compute (Nova):
  Invalid

Bug description:
  When we are trying to delete a default security group from admin
  tenant then the wrong output displayed to the user.

  Steps to replicate :

  in admin tenant:

  1.  nova secgroup-list
  +--------------------------------------+---------+-------------+
  | Id                                   | Name    | Description |
  +--------------------------------------+---------+-------------+
  | 2d504a0f-b8c6-4ae5-b7f0-7184d43a998a| default | default     |
  +--------------------------------------+---------+-------------+
  2. nova secgroup-delete default

  +--------------------------------------+---------+-------------+
  | Id                                   | Name    | Description |
  +--------------------------------------+---------+-------------+
  | 2d504a0f-b8c6-4ae5-b7f0-7184d43a998a | default | default     |
  +--------------------------------------+---------+-------------+

  3. again list the security group you will found the same list

    nova secgroup-list
  +--------------------------------------+---------+-------------+
  | Id                                   | Name    | Description |
  +--------------------------------------+---------+-------------+
  | 2d504a0f-b8c6-4ae5-b7f0-7184d43a998a| default | default     |
  +--------------------------------------+---------+-------------+

  delete command successfully runs but did not delete the default
  security group.

  Expected result :

  Removing default security group not allowed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1410651/+subscriptions

References

[Bug 1410651] [NEW] wrong output when trying to delete a default security group of admin tenant
From: Amandeep, 2015-01-14