yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #60114
[Bug 1653025] [NEW] neutron security-group-list with filtering by NON-EXISTING tenant-id will create unexpected default security-group
Public bug reported:
The neutron security-group-list command with filtering by NON-EXISTING
tenant-id will create unexpected default security-group, details are
shown below:
# neutron security-group-list --tenant-id UNDEFINED
# show neutron database table: securitygroups, you will find a sg entry with project_id: UNDEFINED, which is not existed in keystone.
MariaDB [neutron]> select * from securitygroups;
+----------------------------------+--------------------------------------+---------+------------------+
| project_id | id | name | standard_attr_id |
+----------------------------------+--------------------------------------+---------+------------------+
| XXXXXXX | 457dfd14-68d3-4a89-a987-52a6fab85496 | default | 103 |
| 12345 | 6fd9d319-10e4-4ec4-842d-7c049cf10113 | default | 233 |
| abc | 8666935a-520e-40f3-a92e-150934179535 | default | 223 |
| UNDEFINED | 9c282662-f973-4f7f-9fa3-d5ed6e2ac71f | default | 228 |
+----------------------------------+--------------------------------------+---------+------------------+
# same thing happens to the table securitygrouprules:
MariaDB [neutron]> select * from securitygrouprules WHERE project_id='UNDEFINED';
+------------+--------------------------------------+--------------------------------------+--------------------------------------+-----------+-----------+----------+----------------+----------------+------------------+------------------+
| project_id | id | security_group_id | remote_group_id | direction | ethertype | protocol | port_range_min | port_range_max | remote_ip_prefix | standard_attr_id |
+------------+--------------------------------------+--------------------------------------+--------------------------------------+-----------+-----------+----------+----------------+----------------+------------------+------------------+
| UNDEFINED | 376c6247-41b7-48b1-ae69-dd97062edc8a | 9c282662-f973-4f7f-9fa3-d5ed6e2ac71f | 9c282662-f973-4f7f-9fa3-d5ed6e2ac71f | ingress | IPv6 | NULL | NULL | NULL | NULL | 231 |
| UNDEFINED | 4aab7577-8433-4f62-b156-03ba1c374cb3 | 9c282662-f973-4f7f-9fa3-d5ed6e2ac71f | NULL | egress | IPv4 | NULL | NULL | NULL | NULL | 230 |
| UNDEFINED | 86337a57-1735-4dbb-874f-7cf13a32b4d1 | 9c282662-f973-4f7f-9fa3-d5ed6e2ac71f | 9c282662-f973-4f7f-9fa3-d5ed6e2ac71f | ingress | IPv4 | NULL | NULL | NULL | NULL | 229 |
| UNDEFINED | e7e774a9-ee3c-4dfb-9e77-fa3630751bfc | 9c282662-f973-4f7f-9fa3-d5ed6e2ac71f | NULL | egress | IPv6 | NULL | NULL | NULL | NULL | 232 |
+------------+--------------------------------------+--------------------------------------+--------------------------------------+-----------+-----------+----------+----------------+----------------+------------------+------------------+
4 rows in set (0.00 sec)
Tested under OpenStack Kilo and master
** Affects: neutron
Importance: Undecided
Assignee: Yi Zhao (zhaoyi44)
Status: New
** Tags: sg-fw
** Tags added: sg-fw
** Changed in: neutron
Assignee: (unassigned) => Yi Zhao (zhaoyi44)
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1653025
Title:
neutron security-group-list with filtering by NON-EXISTING tenant-id
will create unexpected default security-group
Status in neutron:
New
Bug description:
The neutron security-group-list command with filtering by NON-EXISTING
tenant-id will create unexpected default security-group, details are
shown below:
# neutron security-group-list --tenant-id UNDEFINED
# show neutron database table: securitygroups, you will find a sg entry with project_id: UNDEFINED, which is not existed in keystone.
MariaDB [neutron]> select * from securitygroups;
+----------------------------------+--------------------------------------+---------+------------------+
| project_id | id | name | standard_attr_id |
+----------------------------------+--------------------------------------+---------+------------------+
| XXXXXXX | 457dfd14-68d3-4a89-a987-52a6fab85496 | default | 103 |
| 12345 | 6fd9d319-10e4-4ec4-842d-7c049cf10113 | default | 233 |
| abc | 8666935a-520e-40f3-a92e-150934179535 | default | 223 |
| UNDEFINED | 9c282662-f973-4f7f-9fa3-d5ed6e2ac71f | default | 228 |
+----------------------------------+--------------------------------------+---------+------------------+
# same thing happens to the table securitygrouprules:
MariaDB [neutron]> select * from securitygrouprules WHERE project_id='UNDEFINED';
+------------+--------------------------------------+--------------------------------------+--------------------------------------+-----------+-----------+----------+----------------+----------------+------------------+------------------+
| project_id | id | security_group_id | remote_group_id | direction | ethertype | protocol | port_range_min | port_range_max | remote_ip_prefix | standard_attr_id |
+------------+--------------------------------------+--------------------------------------+--------------------------------------+-----------+-----------+----------+----------------+----------------+------------------+------------------+
| UNDEFINED | 376c6247-41b7-48b1-ae69-dd97062edc8a | 9c282662-f973-4f7f-9fa3-d5ed6e2ac71f | 9c282662-f973-4f7f-9fa3-d5ed6e2ac71f | ingress | IPv6 | NULL | NULL | NULL | NULL | 231 |
| UNDEFINED | 4aab7577-8433-4f62-b156-03ba1c374cb3 | 9c282662-f973-4f7f-9fa3-d5ed6e2ac71f | NULL | egress | IPv4 | NULL | NULL | NULL | NULL | 230 |
| UNDEFINED | 86337a57-1735-4dbb-874f-7cf13a32b4d1 | 9c282662-f973-4f7f-9fa3-d5ed6e2ac71f | 9c282662-f973-4f7f-9fa3-d5ed6e2ac71f | ingress | IPv4 | NULL | NULL | NULL | NULL | 229 |
| UNDEFINED | e7e774a9-ee3c-4dfb-9e77-fa3630751bfc | 9c282662-f973-4f7f-9fa3-d5ed6e2ac71f | NULL | egress | IPv6 | NULL | NULL | NULL | NULL | 232 |
+------------+--------------------------------------+--------------------------------------+--------------------------------------+-----------+-----------+----------+----------------+----------------+------------------+------------------+
4 rows in set (0.00 sec)
Tested under OpenStack Kilo and master
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1653025/+subscriptions
Follow ups