← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1816740] Re: FWaaS v2 - incorrect shared rule check

 

Reviewed:  https://review.openstack.org/638394
Committed: https://git.openstack.org/cgit/openstack/neutron-fwaas/commit/?id=9844e5e09cd10c45e7ec391a2f5af8b9fae1dd96
Submitter: Zuul
Branch:    master

commit 9844e5e09cd10c45e7ec391a2f5af8b9fae1dd96
Author: Yushiro FURUKAWA <y.furukawa_2@xxxxxxxxxxxxxx>
Date:   Thu Feb 21 20:01:56 2019 +0900

    Fix firewall rule 'shared' check in updating fwp
    
    This commit fixes 'shared' validation for existing firewall rules in
    updating firewall policy with 'non-shared' to 'shared'.
    
    Change-Id: I172632679f59e2aff79624753e1ef01f7ba1fdab
    Closes-Bug: #1816740


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1816740

Title:
  FWaaS v2 - incorrect shared rule check

Status in neutron:
  Fix Released

Bug description:
  Reference: http://git.openstack.org/cgit/openstack/neutron-
  fwaas/tree/neutron_fwaas/db/firewall/v2/firewall_db_v2.py#n644

      def _check_if_rules_shared_for_policy_shared(self, context, fwp_db, fwp):
          if fwp['shared']:
              rules_in_db = fwp_db.rule_associations
              for entry in rules_in_db:
                  fwr_db = self._get_firewall_rule(context,
                                                   entry.firewall_rule_id)
                  if not fwp_db['shared']:
                      raise f_exc.FirewallPolicySharingConflict(
                          firewall_rule_id=fwr_db['id'],
                          firewall_policy_id=fwp_db['id'])

  The logic above will always raise an exception if a policy is changed
  from not shared to shared. There is most likely a typo in:

  if not fwp_db['shared']:

  as it should be:

  if not fwr_db['shared']:

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1816740/+subscriptions


References