yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1534113] [NEW] default sg could add same rule as original egress ipv4 rule

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: yujie <yujie@xxxxxxxxxxxxxxxxxxxx>
Date: Thu, 14 Jan 2016 11:45:15 -0000
Reply-to: Bug 1534113 <1534113@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

In default securitygroup,  we could add a rule in default same as the
original egress ipv4 rule.

Reproduce step: 
# neutron security-group-rule-create --direction egress --remote-ip-prefix 0.0.0.0/0 default

It returns:
Created a new security_group_rule:
+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| direction         | egress                               |
| ethertype         | IPv4                                 |
| id                | d8f968e2-270b-4d6e-a2d0-a408726b7edc |
| port_range_max    |                                      |
| port_range_min    |                                      |
| protocol          |                                      |
| remote_group_id   |                                      |
| remote_ip_prefix  | 0.0.0.0/0                            |
| security_group_id | 9a2c0d86-4a36-46d4-a4da-43a239003eef |
| tenant_id         | 52953da91c0e47528d5317867391aaec     |
+-------------------+--------------------------------------+

Actually we expect that "Security group rule already exists. Rule id is
xxxxx".

** Affects: neutron
     Importance: Undecided
     Assignee: yujie (16189455-d)
         Status: New

** Changed in: neutron
     Assignee: (unassigned) => yujie (16189455-d)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1534113

Title:
  default sg could add same rule as original egress ipv4 rule

Status in neutron:
  New

Bug description:
  In default securitygroup,  we could add a rule in default same as the
  original egress ipv4 rule.

  Reproduce step: 
  # neutron security-group-rule-create --direction egress --remote-ip-prefix 0.0.0.0/0 default

  It returns:
  Created a new security_group_rule:
  +-------------------+--------------------------------------+
  | Field             | Value                                |
  +-------------------+--------------------------------------+
  | direction         | egress                               |
  | ethertype         | IPv4                                 |
  | id                | d8f968e2-270b-4d6e-a2d0-a408726b7edc |
  | port_range_max    |                                      |
  | port_range_min    |                                      |
  | protocol          |                                      |
  | remote_group_id   |                                      |
  | remote_ip_prefix  | 0.0.0.0/0                            |
  | security_group_id | 9a2c0d86-4a36-46d4-a4da-43a239003eef |
  | tenant_id         | 52953da91c0e47528d5317867391aaec     |
  +-------------------+--------------------------------------+

  Actually we expect that "Security group rule already exists. Rule id
  is xxxxx".

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1534113/+subscriptions

Follow ups

[Bug 1534113] Re: default sg could add same rule as original egress ipv4 rule
From: OpenStack Infra, 2017-02-08