yahoo-eng-team team mailing list archive

[Miguel Angel Ajo <majopela@xxxxxxxxxx>]

Please involve any FWaaS folks to discuss on this, and revert the
"Opinion" flag.

** Changed in: neutron
       Status: In Progress => Opinion

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1656735

Title:
  Fwaas - insert_rule and remove_rule always set audited to False

Status in neutron:
  Opinion
Status in openstack-api-site:
  Invalid

Bug description:
  when people use "insert_rule" or "remove_rule" on a firewall policy, the "audited" attribute of the firewall policy  is always  set to be "false" in function _process_rule_for_policy().I think it's not right and can bring users problems.
  First, It's not logical when the firewall policy was created with "audited" to be "true" and both "insert_rule" and "remove_rule" don't intend to modify "audited" attribute.
  Second, after bug https://bugs.launchpad.net/neutron/+bug/1438615 is resolved, operation of "update_firewall_policy" will not change "audited" attribute, it only sets "audited" to be "false" when people haven't set this attribute explicitly. 

  Above is the error in fwaas code. There is alse an error in fwaas v1.0
  api as to the description about "audited" attribute.The api document
  says "Each time that the firewall policy or its associated rules are
  changed, the API sets this attribute to false. To audit the policy,
  explicitly set this attribute to true.". But why user needs to
  explicitly set it again after insert_rule or remove_rule ? And in fact
  ,"update_firewall_policy" doesn't need to do so.

  So I think we should correct this error both in code and api document.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1656735/+subscriptions