yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #94140
[Bug 2069071] Re: address pair not working with oslo policy http check
Hello Rico:
Please check https://docs.openstack.org/security-
guide/identity/policies.html. This kind of remote policy enforcer is not
allowed in the Neutron policies. You can use a rule defined in
neutron.conf.policies.base or create your own following the examples you
have in the code (filter by user, by field, etc).
Regards.
** Changed in: neutron
Status: Incomplete => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2069071
Title:
address pair not working with oslo policy http check
Status in neutron:
Invalid
Bug description:
With policy.json added which http://127.0.0.1:8181/enforce is a remote policy enforcer
{
"create_port:allowed_address_pairs": "http://127.0.0.1:8181/enforce";
}
I can't create address pair anymore
ubuntu@instance:~$ openstack port create --network private3 --allowed-address mac-address=fa:16:3e:60:10:da,ip-address=192.168.4.65 port4
HttpException: 500: Server Error for url: http://192.168.1.130:9696/networking/v2.0/ports, Request Failed: internal server error while processing your request.
That failed either oslo.policy/remote_content_type set to application/x-www-form-urlencoded or application/json
Traceback for application/json
```
DEBUG neutron.pecan_wsgi.hooks.quota_enforcement [None req-5272d867-a800-44a6-853c-edc6ada92b16 demo admin] Made reservation on behalf of 9e88a8269ab2478e949a25e9643284b1 for: {'port': 1} {{(pid=995401) before /opt/stack/neutron/neutron/pecan_wsgi/hooks/quota_enforcement.py:53}}
ERROR neutron.pecan_wsgi.hooks.translation [None req-5272d867-a800-44a6-853c-edc6ada92b16 demo admin] POST failed.: TypeError: Object of type Sentinel is not JSON serializable
ERROR neutron.pecan_wsgi.hooks.translation Traceback (most recent call last):
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/data/venv/lib/python3.10/site-packages/pecan/core.py", line 681, in __call__
ERROR neutron.pecan_wsgi.hooks.translation controller, args, kwargs = self.find_controller(state)
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/data/venv/lib/python3.10/site-packages/pecan/core.py", line 859, in find_controller
ERROR neutron.pecan_wsgi.hooks.translation controller, args, kw = super(Pecan, self).find_controller(_state)
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/data/venv/lib/python3.10/site-packages/pecan/core.py", line 549, in find_controller
ERROR neutron.pecan_wsgi.hooks.translation self.handle_hooks(self.determine_hooks(controller), 'before', state)
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/data/venv/lib/python3.10/site-packages/pecan/core.py", line 866, in handle_hooks
ERROR neutron.pecan_wsgi.hooks.translation return super(Pecan, self).handle_hooks(hooks, *args, **kw)
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/data/venv/lib/python3.10/site-packages/pecan/core.py", line 331, in handle_hooks
ERROR neutron.pecan_wsgi.hooks.translation result = getattr(hook, hook_type)(*args)
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/neutron/neutron/pecan_wsgi/hooks/policy_enforcement.py", line 133, in before
ERROR neutron.pecan_wsgi.hooks.translation policy.enforce(
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/neutron/neutron/policy.py", line 525, in enforce
ERROR neutron.pecan_wsgi.hooks.translation result = _ENFORCER.enforce(rule, target, context, action=action,
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/data/venv/lib/python3.10/site-packages/oslo_policy/policy.py", line 1054, in enforce
ERROR neutron.pecan_wsgi.hooks.translation result = _checks._check(
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/data/venv/lib/python3.10/site-packages/oslo_policy/_checks.py", line 80, in _check
ERROR neutron.pecan_wsgi.hooks.translation return rule(*rule_args)
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/data/venv/lib/python3.10/site-packages/oslo_policy/_checks.py", line 178, in __call__
ERROR neutron.pecan_wsgi.hooks.translation if not _check(rule, target, cred, enforcer, current_rule):
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/data/venv/lib/python3.10/site-packages/oslo_policy/_checks.py", line 80, in _check
ERROR neutron.pecan_wsgi.hooks.translation return rule(*rule_args)
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/data/venv/lib/python3.10/site-packages/oslo_policy/_checks.py", line 178, in __call__
ERROR neutron.pecan_wsgi.hooks.translation if not _check(rule, target, cred, enforcer, current_rule):
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/data/venv/lib/python3.10/site-packages/oslo_policy/_checks.py", line 80, in _check
ERROR neutron.pecan_wsgi.hooks.translation return rule(*rule_args)
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/data/venv/lib/python3.10/site-packages/oslo_policy/_checks.py", line 257, in __call__
ERROR neutron.pecan_wsgi.hooks.translation return _check(
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/data/venv/lib/python3.10/site-packages/oslo_policy/_checks.py", line 80, in _check
ERROR neutron.pecan_wsgi.hooks.translation return rule(*rule_args)
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/data/venv/lib/python3.10/site-packages/oslo_policy/_external.py", line 40, in __call__
ERROR neutron.pecan_wsgi.hooks.translation requests.post(url, json=json, data=data)
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/data/venv/lib/python3.10/site-packages/requests/api.py", line 115, in post
ERROR neutron.pecan_wsgi.hooks.translation return request("post", url, data=data, json=json, **kwargs)
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/data/venv/lib/python3.10/site-packages/requests/api.py", line 59, in request
ERROR neutron.pecan_wsgi.hooks.translation return session.request(method=method, url=url, **kwargs)
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/data/venv/lib/python3.10/site-packages/requests/sessions.py", line 575, in request
ERROR neutron.pecan_wsgi.hooks.translation prep = self.prepare_request(req)
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/data/venv/lib/python3.10/site-packages/requests/sessions.py", line 486, in prepare_request
ERROR neutron.pecan_wsgi.hooks.translation p.prepare(
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/data/venv/lib/python3.10/site-packages/requests/models.py", line 371, in prepare
ERROR neutron.pecan_wsgi.hooks.translation self.prepare_body(data, files, json)
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/data/venv/lib/python3.10/site-packages/requests/models.py", line 511, in prepare_body
ERROR neutron.pecan_wsgi.hooks.translation body = complexjson.dumps(json, allow_nan=False)
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/data/venv/lib/python3.10/site-packages/simplejson/__init__.py", line 378, in dumps
ERROR neutron.pecan_wsgi.hooks.translation return _default_encoder.encode(obj)
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/data/venv/lib/python3.10/site-packages/simplejson/encoder.py", line 298, in encode
ERROR neutron.pecan_wsgi.hooks.translation chunks = self.iterencode(o)
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/data/venv/lib/python3.10/site-packages/simplejson/encoder.py", line 379, in iterencode
ERROR neutron.pecan_wsgi.hooks.translation return _iterencode(o, 0)
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/data/venv/lib/python3.10/site-packages/simplejson/encoder.py", line 274, in default
ERROR neutron.pecan_wsgi.hooks.translation raise TypeError('Object of type %s is not JSON serializable' %
ERROR neutron.pecan_wsgi.hooks.translation TypeError: Object of type Sentinel is not JSON serializable
ERROR neutron.pecan_wsgi.hooks.translation
DEBUG neutron.pecan_wsgi.hooks.notifier [None req-5272d867-a800-44a6-853c-edc6ada92b16 demo admin] No notification will be sent due to unsuccessful status code: 500 {{(pid=995401) after /opt/stack/neutron/neutron/pecan_wsgi/hooks/notifier.py:78}}
```
and for application/x-www-form-urlencoded
```
DEBUG neutron.api.v2.base [None req-5bb52e89-30d6-4850-a3cd-305ab0acb663 demo admin] Request body: {'port': {'name': 'port4', 'allowed_address_pairs': [{'ip_address': '192.168.4.65', 'mac_address': 'fa:16:3e:60:10:da'}], 'admin_state_up': True, 'network_id': '7a588a17-fdd9-4f94-8f2e-eb650b8da39e'}} {{(pid=997437) prepare_request_body /opt/stack/neutron/neutron/api/v2/base.py:734}}
DEBUG neutron.pecan_wsgi.hooks.quota_enforcement [None req-5bb52e89-30d6-4850-a3cd-305ab0acb663 demo admin] Made reservation on behalf of 9e88a8269ab2478e949a25e9643284b1 for: {'port': 1} {{(pid=997437) before /opt/stack/neutron/neutron/pecan_wsgi/hooks/quota_enforcement.py:53}}
ERROR neutron.pecan_wsgi.hooks.translation [None req-5bb52e89-30d6-4850-a3cd-305ab0acb663 demo admin] POST failed.: ValueError: Cannot convert <neutron_lib.constants.Sentinel object at 0x7fa53cc42b00> to primitive
ERROR neutron.pecan_wsgi.hooks.translation Traceback (most recent call last):
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/data/venv/lib/python3.10/site-packages/pecan/core.py", line 681, in __call__
ERROR neutron.pecan_wsgi.hooks.translation controller, args, kwargs = self.find_controller(state)
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/data/venv/lib/python3.10/site-packages/pecan/core.py", line 859, in find_controller
ERROR neutron.pecan_wsgi.hooks.translation controller, args, kw = super(Pecan, self).find_controller(_state)
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/data/venv/lib/python3.10/site-packages/pecan/core.py", line 549, in find_controller
ERROR neutron.pecan_wsgi.hooks.translation self.handle_hooks(self.determine_hooks(controller), 'before', state)
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/data/venv/lib/python3.10/site-packages/pecan/core.py", line 866, in handle_hooks
ERROR neutron.pecan_wsgi.hooks.translation return super(Pecan, self).handle_hooks(hooks, *args, **kw)
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/data/venv/lib/python3.10/site-packages/pecan/core.py", line 331, in handle_hooks
ERROR neutron.pecan_wsgi.hooks.translation result = getattr(hook, hook_type)(*args)
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/neutron/neutron/pecan_wsgi/hooks/policy_enforcement.py", line 133, in before
ERROR neutron.pecan_wsgi.hooks.translation policy.enforce(
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/neutron/neutron/policy.py", line 525, in enforce
ERROR neutron.pecan_wsgi.hooks.translation result = _ENFORCER.enforce(rule, target, context, action=action,
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/data/venv/lib/python3.10/site-packages/oslo_policy/policy.py", line 1054, in enforce
ERROR neutron.pecan_wsgi.hooks.translation result = _checks._check(
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/data/venv/lib/python3.10/site-packages/oslo_policy/_checks.py", line 80, in _check
ERROR neutron.pecan_wsgi.hooks.translation return rule(*rule_args)
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/data/venv/lib/python3.10/site-packages/oslo_policy/_checks.py", line 178, in __call__
ERROR neutron.pecan_wsgi.hooks.translation if not _check(rule, target, cred, enforcer, current_rule):
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/data/venv/lib/python3.10/site-packages/oslo_policy/_checks.py", line 80, in _check
ERROR neutron.pecan_wsgi.hooks.translation return rule(*rule_args)
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/data/venv/lib/python3.10/site-packages/oslo_policy/_checks.py", line 178, in __call__
ERROR neutron.pecan_wsgi.hooks.translation if not _check(rule, target, cred, enforcer, current_rule):
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/data/venv/lib/python3.10/site-packages/oslo_policy/_checks.py", line 80, in _check
ERROR neutron.pecan_wsgi.hooks.translation return rule(*rule_args)
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/data/venv/lib/python3.10/site-packages/oslo_policy/_checks.py", line 257, in __call__
ERROR neutron.pecan_wsgi.hooks.translation return _check(
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/data/venv/lib/python3.10/site-packages/oslo_policy/_checks.py", line 80, in _check
ERROR neutron.pecan_wsgi.hooks.translation return rule(*rule_args)
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/data/venv/lib/python3.10/site-packages/oslo_policy/_external.py", line 37, in __call__
ERROR neutron.pecan_wsgi.hooks.translation data, json = self._construct_payload(creds, current_rule,
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/data/venv/lib/python3.10/site-packages/oslo_policy/_external.py", line 58, in _construct_payload
ERROR neutron.pecan_wsgi.hooks.translation 'target': jsonutils.dumps(temp_target),
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/data/venv/lib/python3.10/site-packages/oslo_serialization/jsonutils.py", line 198, in dumps
ERROR neutron.pecan_wsgi.hooks.translation return json.dumps(obj, default=default, **kwargs)
ERROR neutron.pecan_wsgi.hooks.translation File "/usr/lib/python3.10/json/__init__.py", line 238, in dumps
ERROR neutron.pecan_wsgi.hooks.translation **kw).encode(obj)
ERROR neutron.pecan_wsgi.hooks.translation File "/usr/lib/python3.10/json/encoder.py", line 199, in encode
ERROR neutron.pecan_wsgi.hooks.translation chunks = self.iterencode(o, _one_shot=True)
ERROR neutron.pecan_wsgi.hooks.translation File "/usr/lib/python3.10/json/encoder.py", line 257, in iterencode
ERROR neutron.pecan_wsgi.hooks.translation return _iterencode(o, 0)
ERROR neutron.pecan_wsgi.hooks.translation File "/opt/stack/data/venv/lib/python3.10/site-packages/oslo_serialization/jsonutils.py", line 176, in to_primitive
ERROR neutron.pecan_wsgi.hooks.translation raise ValueError("Cannot convert %r to primitive" % (value,))
ERROR neutron.pecan_wsgi.hooks.translation ValueError: Cannot convert <neutron_lib.constants.Sentinel object at 0x7fa53cc42b00> to primitive
ERROR neutron.pecan_wsgi.hooks.translation
DEBUG neutron.pecan_wsgi.hooks.notifier [None req-5bb52e89-30d6-4850-a3cd-305ab0acb663 demo admin] No notification will be sent due to unsuccessful status code: 500 {{(pid=997437) after /opt/stack/neutron/neutron/pecan_wsgi/hooks/notifier.py:78}}
INFO neutron.wsgi [None req-5bb52e89-30d6-4850-a3cd-305ab0acb663 demo admin] 192.168.1.130 "POST /networking/v2.0/ports HTTP/1.1" status: 500 len: 368 time: 0.0521467
```
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2069071/+subscriptions
References
