yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #32097
[Bug 1446074] [NEW] FWaaS - Missing tenant_id validation between firewall and firewall_policy in creating/updating firewall
Public bug reported:
In creating/updating firewall, it is not implemented tenant_id check in validation.
Therefore, when executing following operation with admin privilege,
the error continues to tracing into neutron's log even the firewall has created.
[Operation]
1. Create firewall-policy(shared=False) in alt_demo tenant.
$ source devstack/openrc alt_demo alt_demo
2. Change privilege from alt_demo to admin(in demo tenant)
$ source devstack/openrc admin demo
3. Create firewall using firweall-policy in alt_demo tenant.
$ neutron firewall-create <firewall-policy-in-alt_demo> --name my_fw
[Result]
Created a new firewall:
+--------------------+--------------------------------------+
| Field | Value |
+--------------------+--------------------------------------+
| admin_state_up | True |
| description | |
| firewall_policy_id | 40648e44-2175-4ad7-b190-93179900ac63 |
| id | fff7cbc0-1896-4b6c-8dee-633df68624c2 |
| name | my_fw |
| router_ids | cab4d01f-053b-4e07-a764-d829e66a3f6e |
| status | PENDING_CREATE |
| tenant_id | 65ecf5dfa6f8484f81027d3b25af1dbc |
+--------------------+--------------------------------------+
[Error log] continues to tracing...
ERROR oslo_messaging.rpc.dispatcher [req-bedc6d68-268d-4be0-8e68-9c14bf659390 None 65ecf5dfa6f8484f81027d3b25af1dbc] Exception during message handling: Firewall Policy 40648e44-2175-4ad7-b190-93179900ac63 could not be found.
TRACE oslo_messaging.rpc.dispatcher Traceback (most recent call last):
TRACE oslo_messaging.rpc.dispatcher File "/usr/local/lib/python2.7/dist-packages/oslo_messaging/rpc/dispatcher.py", line 142, in _dispatch_and_reply
TRACE oslo_messaging.rpc.dispatcher executor_callback))
TRACE oslo_messaging.rpc.dispatcher File "/usr/local/lib/python2.7/dist-packages/oslo_messaging/rpc/dispatcher.py", line 186, in _dispatch
TRACE oslo_messaging.rpc.dispatcher executor_callback)
TRACE oslo_messaging.rpc.dispatcher File "/usr/local/lib/python2.7/dist-packages/oslo_messaging/rpc/dispatcher.py", line 130, in _do_dispatch
TRACE oslo_messaging.rpc.dispatcher result = func(ctxt, **new_args)
TRACE oslo_messaging.rpc.dispatcher File "/opt/stack/neutron-fwaas/neutron_fwaas/services/firewall/fwaas_plugin.py", line 85, in get_firewalls_for_tenant
TRACE oslo_messaging.rpc.dispatcher context, fw['id'])
TRACE oslo_messaging.rpc.dispatcher File "/opt/stack/neutron-fwaas/neutron_fwaas/db/firewall/firewall_db.py", line 169, in _make_firewall_dict_with_rules
TRACE oslo_messaging.rpc.dispatcher fw_policy = self.get_firewall_policy(context, fw_policy_id)
TRACE oslo_messaging.rpc.dispatcher File "/opt/stack/neutron-fwaas/neutron_fwaas/db/firewall/firewall_db.py", line 395, in get_firewall_policy
TRACE oslo_messaging.rpc.dispatcher fwp = self._get_firewall_policy(context, id)
TRACE oslo_messaging.rpc.dispatcher File "/opt/stack/neutron-fwaas/neutron_fwaas/db/firewall/firewall_db.py", line 103, in _get_firewall_policy
TRACE oslo_messaging.rpc.dispatcher raise fw_ext.FirewallPolicyNotFound(firewall_policy_id=id)
TRACE oslo_messaging.rpc.dispatcher FirewallPolicyNotFound: Firewall Policy 40648e44-2175-4ad7-b190-93179900ac63 could not be found.
TRACE oslo_messaging.rpc.dispatcher
ERROR oslo_messaging._drivers.common [req-bedc6d68-268d-4be0-8e68-9c14bf659390 None 65ecf5dfa6f8484f81027d3b25af1dbc] Returning exception Firewall Policy 40648e44-2175-4ad7-b190-93179900ac63 could not be found. to caller
ERROR oslo_messaging._drivers.common [req-bedc6d68-268d-4be0-8e68-9c14bf659390 None 65ecf5dfa6f8484f81027d3b25af1dbc] ['Traceback (most recent call last):\n', ' File "/usr/local/lib/python2.7/dist-packages/oslo_messaging/rpc/dispatcher.py", line 142, in _dispatch_and_reply\n executor_callback))\n', ' File "/usr/local/lib/python2.7/dist-packages/oslo_messaging/rpc/dispatcher.py", line 186, in _dispatch\n executor_callback)\n', ' File "/usr/local/lib/python2.7/dist-packages/oslo_messaging/rpc/dispatcher.py", line 130, in _do_dispatch\n result = func(ctxt, **new_args)\n', ' File "/opt/stack/neutron-fwaas/neutron_fwaas/services/firewall/fwaas_plugin.py", line 85, in get_firewalls_for_tenant\n context, fw[\'id\'])\n', ' File "/opt/stack/neutron-fwaas/neutron_fwaas/db/firewall/firewall_db.py", line 169, in _make_firewall_dict_with_rules\n fw_policy = self.get_firewall_policy(context, fw_policy_id)\n', ' File "/opt/stack/neutron-fwaas/neutron_fwaas/db/firewall/firewall_db.py", line 395, in get_firewall_policy\n fwp = self._get_firewall_policy(context, id)\n', ' File "/opt/stack/neutron-fwaas/neutron_fwaas/db/firewall/firewall_db.py", line 103, in _get_firewall_policy\n raise fw_ext.FirewallPolicyNotFound(firewall_policy_id=id)\n', 'FirewallPolicyNotFound: Firewall Policy 40648e44-2175-4ad7-b190-93179900ac63 could not be found.\n']
** Affects: neutron
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1446074
Title:
FWaaS - Missing tenant_id validation between firewall and
firewall_policy in creating/updating firewall
Status in OpenStack Neutron (virtual network service):
New
Bug description:
In creating/updating firewall, it is not implemented tenant_id check in validation.
Therefore, when executing following operation with admin privilege,
the error continues to tracing into neutron's log even the firewall has created.
[Operation]
1. Create firewall-policy(shared=False) in alt_demo tenant.
$ source devstack/openrc alt_demo alt_demo
2. Change privilege from alt_demo to admin(in demo tenant)
$ source devstack/openrc admin demo
3. Create firewall using firweall-policy in alt_demo tenant.
$ neutron firewall-create <firewall-policy-in-alt_demo> --name my_fw
[Result]
Created a new firewall:
+--------------------+--------------------------------------+
| Field | Value |
+--------------------+--------------------------------------+
| admin_state_up | True |
| description | |
| firewall_policy_id | 40648e44-2175-4ad7-b190-93179900ac63 |
| id | fff7cbc0-1896-4b6c-8dee-633df68624c2 |
| name | my_fw |
| router_ids | cab4d01f-053b-4e07-a764-d829e66a3f6e |
| status | PENDING_CREATE |
| tenant_id | 65ecf5dfa6f8484f81027d3b25af1dbc |
+--------------------+--------------------------------------+
[Error log] continues to tracing...
ERROR oslo_messaging.rpc.dispatcher [req-bedc6d68-268d-4be0-8e68-9c14bf659390 None 65ecf5dfa6f8484f81027d3b25af1dbc] Exception during message handling: Firewall Policy 40648e44-2175-4ad7-b190-93179900ac63 could not be found.
TRACE oslo_messaging.rpc.dispatcher Traceback (most recent call last):
TRACE oslo_messaging.rpc.dispatcher File "/usr/local/lib/python2.7/dist-packages/oslo_messaging/rpc/dispatcher.py", line 142, in _dispatch_and_reply
TRACE oslo_messaging.rpc.dispatcher executor_callback))
TRACE oslo_messaging.rpc.dispatcher File "/usr/local/lib/python2.7/dist-packages/oslo_messaging/rpc/dispatcher.py", line 186, in _dispatch
TRACE oslo_messaging.rpc.dispatcher executor_callback)
TRACE oslo_messaging.rpc.dispatcher File "/usr/local/lib/python2.7/dist-packages/oslo_messaging/rpc/dispatcher.py", line 130, in _do_dispatch
TRACE oslo_messaging.rpc.dispatcher result = func(ctxt, **new_args)
TRACE oslo_messaging.rpc.dispatcher File "/opt/stack/neutron-fwaas/neutron_fwaas/services/firewall/fwaas_plugin.py", line 85, in get_firewalls_for_tenant
TRACE oslo_messaging.rpc.dispatcher context, fw['id'])
TRACE oslo_messaging.rpc.dispatcher File "/opt/stack/neutron-fwaas/neutron_fwaas/db/firewall/firewall_db.py", line 169, in _make_firewall_dict_with_rules
TRACE oslo_messaging.rpc.dispatcher fw_policy = self.get_firewall_policy(context, fw_policy_id)
TRACE oslo_messaging.rpc.dispatcher File "/opt/stack/neutron-fwaas/neutron_fwaas/db/firewall/firewall_db.py", line 395, in get_firewall_policy
TRACE oslo_messaging.rpc.dispatcher fwp = self._get_firewall_policy(context, id)
TRACE oslo_messaging.rpc.dispatcher File "/opt/stack/neutron-fwaas/neutron_fwaas/db/firewall/firewall_db.py", line 103, in _get_firewall_policy
TRACE oslo_messaging.rpc.dispatcher raise fw_ext.FirewallPolicyNotFound(firewall_policy_id=id)
TRACE oslo_messaging.rpc.dispatcher FirewallPolicyNotFound: Firewall Policy 40648e44-2175-4ad7-b190-93179900ac63 could not be found.
TRACE oslo_messaging.rpc.dispatcher
ERROR oslo_messaging._drivers.common [req-bedc6d68-268d-4be0-8e68-9c14bf659390 None 65ecf5dfa6f8484f81027d3b25af1dbc] Returning exception Firewall Policy 40648e44-2175-4ad7-b190-93179900ac63 could not be found. to caller
ERROR oslo_messaging._drivers.common [req-bedc6d68-268d-4be0-8e68-9c14bf659390 None 65ecf5dfa6f8484f81027d3b25af1dbc] ['Traceback (most recent call last):\n', ' File "/usr/local/lib/python2.7/dist-packages/oslo_messaging/rpc/dispatcher.py", line 142, in _dispatch_and_reply\n executor_callback))\n', ' File "/usr/local/lib/python2.7/dist-packages/oslo_messaging/rpc/dispatcher.py", line 186, in _dispatch\n executor_callback)\n', ' File "/usr/local/lib/python2.7/dist-packages/oslo_messaging/rpc/dispatcher.py", line 130, in _do_dispatch\n result = func(ctxt, **new_args)\n', ' File "/opt/stack/neutron-fwaas/neutron_fwaas/services/firewall/fwaas_plugin.py", line 85, in get_firewalls_for_tenant\n context, fw[\'id\'])\n', ' File "/opt/stack/neutron-fwaas/neutron_fwaas/db/firewall/firewall_db.py", line 169, in _make_firewall_dict_with_rules\n fw_policy = self.get_firewall_policy(context, fw_policy_id)\n', ' File "/opt/stack/neutron-fwaas/neutron_fwaas/db/firewall/firewall_db.py", line 395, in get_firewall_policy\n fwp = self._get_firewall_policy(context, id)\n', ' File "/opt/stack/neutron-fwaas/neutron_fwaas/db/firewall/firewall_db.py", line 103, in _get_firewall_policy\n raise fw_ext.FirewallPolicyNotFound(firewall_policy_id=id)\n', 'FirewallPolicyNotFound: Firewall Policy 40648e44-2175-4ad7-b190-93179900ac63 could not be found.\n']
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1446074/+subscriptions
Follow ups
References