yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1651327] [NEW] Different behavior in firewall_group creation and updation

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: zhaobo <zhaobo6@xxxxxxxxxx>
Date: Tue, 20 Dec 2016 06:37:25 -0000
Reply-to: Bug 1651327 <1651327@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

I use restApi to create firewall_group like:
    {
        "firewall_group": {
            "name": "ag1",
            "ports": ["2c6b1bcf-a1d6-4efa-8c7a-b7f0966aa3d1"]
        }
    }
The response is :
	{
  "firewall_group": {
    "status": "INACTIVE",
    "public": false,
    "egress_firewall_policy_id": null,
    "name": "ag1",
    "admin_state_up": true,
    "tenant_id": "88ecb8bb6abb4207bb9a832e08eef245",
    "project_id": "88ecb8bb6abb4207bb9a832e08eef245",
    "id": "1f6ae5b9-0820-4572-9057-457ed139d7e6",
    "ingress_firewall_policy_id": null,
    "description": ""
  }
}
This is correct, as no policy there is no meaning to call agent to refresh the iptables.

But when I use the same req_body to PUT.
PUT request:
    {
        "firewall_group": {
            "name": "ag1",
            "ports": ["2c6b1bcf-a1d6-4efa-8c7a-b7f0966aa3d1"],
        }
    }

PUT response:
{
  "firewall_group": {
    "status": "PENDING_UPDATE",
    "description": "",
    "ingress_firewall_policy_id": null,
    "id": "034763aa-841d-4e3c-a327-b3430330cd98",
    "name": "ag1",
    "admin_state_up": true,
    "tenant_id": "88ecb8bb6abb4207bb9a832e08eef245",
    "ports": [
      "2c6b1bcf-a1d6-4efa-8c7a-b7f0966aa3d1"
    ],
    "project_id": "88ecb8bb6abb4207bb9a832e08eef245",
    "public": false,
    "egress_firewall_policy_id": null
  }
}
Then the logic will call agent to input the default iptables chains with no policy port.

** Affects: neutron
     Importance: Undecided
     Assignee: zhaobo (zhaobo6)
         Status: In Progress

** Changed in: neutron
     Assignee: (unassigned) => zhaobo (zhaobo6)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1651327

Title:
  Different behavior in firewall_group creation and updation

Status in neutron:
  In Progress

Bug description:
  I use restApi to create firewall_group like:
      {
          "firewall_group": {
              "name": "ag1",
              "ports": ["2c6b1bcf-a1d6-4efa-8c7a-b7f0966aa3d1"]
          }
      }
  The response is :
  	{
    "firewall_group": {
      "status": "INACTIVE",
      "public": false,
      "egress_firewall_policy_id": null,
      "name": "ag1",
      "admin_state_up": true,
      "tenant_id": "88ecb8bb6abb4207bb9a832e08eef245",
      "project_id": "88ecb8bb6abb4207bb9a832e08eef245",
      "id": "1f6ae5b9-0820-4572-9057-457ed139d7e6",
      "ingress_firewall_policy_id": null,
      "description": ""
    }
  }
  This is correct, as no policy there is no meaning to call agent to refresh the iptables.

  But when I use the same req_body to PUT.
  PUT request:
      {
          "firewall_group": {
              "name": "ag1",
              "ports": ["2c6b1bcf-a1d6-4efa-8c7a-b7f0966aa3d1"],
          }
      }

  PUT response:
  {
    "firewall_group": {
      "status": "PENDING_UPDATE",
      "description": "",
      "ingress_firewall_policy_id": null,
      "id": "034763aa-841d-4e3c-a327-b3430330cd98",
      "name": "ag1",
      "admin_state_up": true,
      "tenant_id": "88ecb8bb6abb4207bb9a832e08eef245",
      "ports": [
        "2c6b1bcf-a1d6-4efa-8c7a-b7f0966aa3d1"
      ],
      "project_id": "88ecb8bb6abb4207bb9a832e08eef245",
      "public": false,
      "egress_firewall_policy_id": null
    }
  }
  Then the logic will call agent to input the default iptables chains with no policy port.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1651327/+subscriptions

Follow ups

[Bug 1651327] Re: Different behavior in firewall_group creation and updation
From: OpenStack Infra, 2017-01-14