← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1858680] [NEW] Succeed to create new security group, even if security group rule quota is exceeded

 

Public bug reported:

Description of problem:
Even if the quota for SG rules is exhausted, new security groups (with two default rules by default) can be created successfully.

How to reproduce:
  OS_PROJECT_NAME=admin
  CREATED=`openstack security group list --project $OS_PROJECT_NAME -f json | jq -r '.[] | .ID' |     xargs -I {} openstack security group rule list {} -f value | wc -l`
  let "CREATED +=1"
  SG=`openstack security group list --project $OS_PROJECT_NAME -f json | jq -r '.[0] | .ID'`
  QUOTA=`openstack quota show $OS_PROJECT_NAME -f json | jq -r '.["secgroup-rules"]'`
  for ((i=CREATED; i<=QUOTA; i++)); do
    PORT=`printf "%04d" $i`
    openstack security group rule create --ingress --protocol tcp --dst-port 5$PORT:5$PORT $SG
done
  openstack security group create --project $OS_PROJECT_NAME sec_group_with_excess_rules


Actual results:
The number of SG rules after the last command exceeds in 2 the maximum quota assigned for SG rules.


Related bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1787933

** Affects: neutron
     Importance: Undecided
     Assignee: Rodolfo Alonso (rodolfo-alonso-hernandez)
         Status: New

** Changed in: neutron
     Assignee: (unassigned) => Rodolfo Alonso (rodolfo-alonso-hernandez)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1858680

Title:
  Succeed to create new security group, even if security group rule
  quota is exceeded

Status in neutron:
  New

Bug description:
  Description of problem:
  Even if the quota for SG rules is exhausted, new security groups (with two default rules by default) can be created successfully.

  How to reproduce:
    OS_PROJECT_NAME=admin
    CREATED=`openstack security group list --project $OS_PROJECT_NAME -f json | jq -r '.[] | .ID' |     xargs -I {} openstack security group rule list {} -f value | wc -l`
    let "CREATED +=1"
    SG=`openstack security group list --project $OS_PROJECT_NAME -f json | jq -r '.[0] | .ID'`
    QUOTA=`openstack quota show $OS_PROJECT_NAME -f json | jq -r '.["secgroup-rules"]'`
    for ((i=CREATED; i<=QUOTA; i++)); do
      PORT=`printf "%04d" $i`
      openstack security group rule create --ingress --protocol tcp --dst-port 5$PORT:5$PORT $SG
  done
    openstack security group create --project $OS_PROJECT_NAME sec_group_with_excess_rules

  
  Actual results:
  The number of SG rules after the last command exceeds in 2 the maximum quota assigned for SG rules.

  
  Related bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1787933

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1858680/+subscriptions


Follow ups