yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1651327] Re: Different behavior in firewall_group creation and updation

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1651327@xxxxxxxxxxxxxxxxxx>
Date: Sat, 14 Jan 2017 04:45:28 -0000
Reply-to: Bug 1651327 <1651327@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/412754
Committed: https://git.openstack.org/cgit/openstack/neutron-fwaas/commit/?id=58417e5f434b2cb8feecfe8aa78b60d4de21693f
Submitter: Jenkins
Branch:    master

commit 58417e5f434b2cb8feecfe8aa78b60d4de21693f
Author: ZhaoBo <zhaobo6@xxxxxxxxxx>
Date:   Tue Dec 20 10:44:07 2016 +0800

    Fix PENDING_UPDATE state when update exist no policy fw_group with ports
    
    This patch return the 'INVAILD' state which is the same with fw_group
    creation when update the exist fw_group. The exist fw_group just contained
    the ports.
    
    Closes-Bug: #1651327
    Change-Id: I64e1ed4d790f11cb321f32651bbdc57ff265cd68


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1651327

Title:
  Different behavior in firewall_group creation and updation

Status in neutron:
  Fix Released

Bug description:
  I use restApi to create firewall_group like:
      {
          "firewall_group": {
              "name": "ag1",
              "ports": ["2c6b1bcf-a1d6-4efa-8c7a-b7f0966aa3d1"]
          }
      }
  The response is :
  	{
    "firewall_group": {
      "status": "INACTIVE",
      "public": false,
      "egress_firewall_policy_id": null,
      "name": "ag1",
      "admin_state_up": true,
      "tenant_id": "88ecb8bb6abb4207bb9a832e08eef245",
      "project_id": "88ecb8bb6abb4207bb9a832e08eef245",
      "id": "1f6ae5b9-0820-4572-9057-457ed139d7e6",
      "ingress_firewall_policy_id": null,
      "description": ""
    }
  }
  This is correct, as no policy there is no meaning to call agent to refresh the iptables.

  But when I use the same req_body to PUT.
  PUT request:
      {
          "firewall_group": {
              "name": "ag1",
              "ports": ["2c6b1bcf-a1d6-4efa-8c7a-b7f0966aa3d1"],
          }
      }

  PUT response:
  {
    "firewall_group": {
      "status": "PENDING_UPDATE",
      "description": "",
      "ingress_firewall_policy_id": null,
      "id": "034763aa-841d-4e3c-a327-b3430330cd98",
      "name": "ag1",
      "admin_state_up": true,
      "tenant_id": "88ecb8bb6abb4207bb9a832e08eef245",
      "ports": [
        "2c6b1bcf-a1d6-4efa-8c7a-b7f0966aa3d1"
      ],
      "project_id": "88ecb8bb6abb4207bb9a832e08eef245",
      "public": false,
      "egress_firewall_policy_id": null
    }
  }
  Then the logic will call agent to input the default iptables chains with no policy port.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1651327/+subscriptions

References

[Bug 1651327] [NEW] Different behavior in firewall_group creation and updation
From: zhaobo, 2016-12-20