yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #81179
[Bug 1858680] [NEW] Succeed to create new security group, even if security group rule quota is exceeded
Public bug reported:
Description of problem:
Even if the quota for SG rules is exhausted, new security groups (with two default rules by default) can be created successfully.
How to reproduce:
OS_PROJECT_NAME=admin
CREATED=`openstack security group list --project $OS_PROJECT_NAME -f json | jq -r '.[] | .ID' | xargs -I {} openstack security group rule list {} -f value | wc -l`
let "CREATED +=1"
SG=`openstack security group list --project $OS_PROJECT_NAME -f json | jq -r '.[0] | .ID'`
QUOTA=`openstack quota show $OS_PROJECT_NAME -f json | jq -r '.["secgroup-rules"]'`
for ((i=CREATED; i<=QUOTA; i++)); do
PORT=`printf "%04d" $i`
openstack security group rule create --ingress --protocol tcp --dst-port 5$PORT:5$PORT $SG
done
openstack security group create --project $OS_PROJECT_NAME sec_group_with_excess_rules
Actual results:
The number of SG rules after the last command exceeds in 2 the maximum quota assigned for SG rules.
Related bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1787933
** Affects: neutron
Importance: Undecided
Assignee: Rodolfo Alonso (rodolfo-alonso-hernandez)
Status: New
** Changed in: neutron
Assignee: (unassigned) => Rodolfo Alonso (rodolfo-alonso-hernandez)
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1858680
Title:
Succeed to create new security group, even if security group rule
quota is exceeded
Status in neutron:
New
Bug description:
Description of problem:
Even if the quota for SG rules is exhausted, new security groups (with two default rules by default) can be created successfully.
How to reproduce:
OS_PROJECT_NAME=admin
CREATED=`openstack security group list --project $OS_PROJECT_NAME -f json | jq -r '.[] | .ID' | xargs -I {} openstack security group rule list {} -f value | wc -l`
let "CREATED +=1"
SG=`openstack security group list --project $OS_PROJECT_NAME -f json | jq -r '.[0] | .ID'`
QUOTA=`openstack quota show $OS_PROJECT_NAME -f json | jq -r '.["secgroup-rules"]'`
for ((i=CREATED; i<=QUOTA; i++)); do
PORT=`printf "%04d" $i`
openstack security group rule create --ingress --protocol tcp --dst-port 5$PORT:5$PORT $SG
done
openstack security group create --project $OS_PROJECT_NAME sec_group_with_excess_rules
Actual results:
The number of SG rules after the last command exceeds in 2 the maximum quota assigned for SG rules.
Related bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1787933
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1858680/+subscriptions
Follow ups