← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #60511

[Bug 1656735] [NEW] Fwaas - insert_rule and remove_rule always set audited to False

  Thread PreviousDate PreviousThread Next 
Public bug reported:

when people use "insert_rule" or "remove_rule" on a firewall policy, the "audited" attribute of the firewall policy  is always  set to be "false" in function _process_rule_for_policy().I think it's not right and can bring users problems.
First, It's not logical when the firewall policy was created with "audited" to be "true" and both "insert_rule" and "remove_rule" don't intend to modify "audited" attribute.
Second, after bug https://bugs.launchpad.net/neutron/+bug/1438615 is resolved, operation of "update_firewall_policy" will not change "audited" attribute, it only sets "audited" to be "false" when people haven't set this attribute explicitly. 

Above is the error in fwaas code. There is alse an error in fwaas v1.0
api as to the description about "audited" attribute.The api document
says "Each time that the firewall policy or its associated rules are
changed, the API sets this attribute to false. To audit the policy,
explicitly set this attribute to true.". But why user needs to
explicitly set it again after insert_rule or remove_rule ? And in fact
,"update_firewall_policy" doesn't need to do so.

So I think we should correct this error both in code and api document.

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1656735

Title:
  Fwaas - insert_rule and remove_rule always set audited to False

Status in neutron:
  New

Bug description:
  when people use "insert_rule" or "remove_rule" on a firewall policy, the "audited" attribute of the firewall policy  is always  set to be "false" in function _process_rule_for_policy().I think it's not right and can bring users problems.
  First, It's not logical when the firewall policy was created with "audited" to be "true" and both "insert_rule" and "remove_rule" don't intend to modify "audited" attribute.
  Second, after bug https://bugs.launchpad.net/neutron/+bug/1438615 is resolved, operation of "update_firewall_policy" will not change "audited" attribute, it only sets "audited" to be "false" when people haven't set this attribute explicitly. 

  Above is the error in fwaas code. There is alse an error in fwaas v1.0
  api as to the description about "audited" attribute.The api document
  says "Each time that the firewall policy or its associated rules are
  changed, the API sets this attribute to false. To audit the policy,
  explicitly set this attribute to true.". But why user needs to
  explicitly set it again after insert_rule or remove_rule ? And in fact
  ,"update_firewall_policy" doesn't need to do so.

  So I think we should correct this error both in code and api document.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1656735/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next