yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #94375
[Bug 2075529] [NEW] Unable to delete "access_as_shared" RBAC policy
Public bug reported:
I encounter a very strange behavior when I try to add and delete the "access_as_shared" RBAC policy.
I can add it successfully, but the subsequent delete doesn't work:
openstack network rbac create ... # SUCCESS
openstack network rbac delete $ID # FAIL
Pre-requirements:
- The network is external.
- There is a floating IP or router in the network.
Here is a demo:
Creating an external network and a Floating IP address:
[root@devoct30 ~]# openstack network create net0 --external -c id -f value
9e3285c5-6034-4851-bd72-02d24f5e3f98
[root@devoct30 ~]# openstack subnet create sub --network net0 --subnet-range 192.168.100.0/24 --no-dhcp
[root@devoct30 ~]# openstack floating ip create net0
[root@devoct30 ~]# openstack network rbac list --long
+--------------------------------------+-------------+--------------------------------------+--------------------+
| ID | Object Type | Object ID | Action |
+--------------------------------------+-------------+--------------------------------------+--------------------+
| 324163f7-b79f-493e-a78d-58da0990830e | network | 9e3285c5-6034-4851-bd72-02d24f5e3f98 | access_as_external |
+--------------------------------------+-------------+--------------------------------------+--------------------+
[root@devoct30 ~]#
Adding the "access_as_shared" RBAC policy and trying to delete it:
[root@devoct30 ~]# openstack network rbac create 9e3285c5-6034-4851-bd72-02d24f5e3f98 --type network --action access_as_shared --target-all-projects
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| action | access_as_shared |
| id | 4eff94d8-f872-41b3-b3ce-71cdcb40d2e6 |
| object_id | 9e3285c5-6034-4851-bd72-02d24f5e3f98 |
| object_type | network |
| project_id | af61bf69ee0a4a7db97d2dd640d967c2 |
| target_project_id | * |
+-------------------+--------------------------------------+
[root@devoct30 ~]# openstack network rbac list --long
+--------------------------------------+-------------+--------------------------------------+--------------------+
| ID | Object Type | Object ID | Action |
+--------------------------------------+-------------+--------------------------------------+--------------------+
| 324163f7-b79f-493e-a78d-58da0990830e | network | 9e3285c5-6034-4851-bd72-02d24f5e3f98 | access_as_external |
| 4eff94d8-f872-41b3-b3ce-71cdcb40d2e6 | network | 9e3285c5-6034-4851-bd72-02d24f5e3f98 | access_as_shared |
+--------------------------------------+-------------+--------------------------------------+--------------------+
[root@devoct30 ~]#
[root@devoct30 ~]# openstack network rbac delete 4eff94d8-f872-41b3-b3ce-71cdcb40d2e6
Failed to delete RBAC policy with ID '4eff94d8-f872-41b3-b3ce-71cdcb40d2e6': ConflictException: 409: Client Error for url: http://10.136.19.166:9696/networking/v2.0/rbac-policies/4eff94d8-f872-41b3-b3ce-71cdcb40d2e6, RBAC policy on object 9e3285c5-6034-4851-bd72-02d24f5e3f98 cannot be removed because other objects depend on it.
Details: Callback neutron.plugins.ml2.plugin.NeutronDbPluginV2.validate_network_rbac_policy_change-3919969 failed with "Unable to reconfigure sharing settings for network 9e3285c5-6034-4851-bd72-02d24f5e3f98. Multiple tenants are using it.",Callback neutron.services.network_ip_availability.plugin.NeutronDbPluginV2.validate_network_rbac_policy_change-999219 failed with "Unable to reconfigure sharing settings for network 9e3285c5-6034-4851-bd72-02d24f5e3f98. Multiple tenants are using it.",Callback neutron.services.network_ip_availability.plugin.NeutronDbPluginV2.validate_network_rbac_policy_change-994607 failed with "Unable to reconfigure sharing settings for network 9e3285c5-6034-4851-bd72-02d24f5e3f98. Multiple tenants are using it."
1 of 1 RBAC policies failed to delete.
[root@devoct30 ~]#
Environment:
single devstack installation from master branch
** Affects: neutron
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2075529
Title:
Unable to delete "access_as_shared" RBAC policy
Status in neutron:
New
Bug description:
I encounter a very strange behavior when I try to add and delete the "access_as_shared" RBAC policy.
I can add it successfully, but the subsequent delete doesn't work:
openstack network rbac create ... # SUCCESS
openstack network rbac delete $ID # FAIL
Pre-requirements:
- The network is external.
- There is a floating IP or router in the network.
Here is a demo:
Creating an external network and a Floating IP address:
[root@devoct30 ~]# openstack network create net0 --external -c id -f value
9e3285c5-6034-4851-bd72-02d24f5e3f98
[root@devoct30 ~]# openstack subnet create sub --network net0 --subnet-range 192.168.100.0/24 --no-dhcp
[root@devoct30 ~]# openstack floating ip create net0
[root@devoct30 ~]# openstack network rbac list --long
+--------------------------------------+-------------+--------------------------------------+--------------------+
| ID | Object Type | Object ID | Action |
+--------------------------------------+-------------+--------------------------------------+--------------------+
| 324163f7-b79f-493e-a78d-58da0990830e | network | 9e3285c5-6034-4851-bd72-02d24f5e3f98 | access_as_external |
+--------------------------------------+-------------+--------------------------------------+--------------------+
[root@devoct30 ~]#
Adding the "access_as_shared" RBAC policy and trying to delete it:
[root@devoct30 ~]# openstack network rbac create 9e3285c5-6034-4851-bd72-02d24f5e3f98 --type network --action access_as_shared --target-all-projects
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| action | access_as_shared |
| id | 4eff94d8-f872-41b3-b3ce-71cdcb40d2e6 |
| object_id | 9e3285c5-6034-4851-bd72-02d24f5e3f98 |
| object_type | network |
| project_id | af61bf69ee0a4a7db97d2dd640d967c2 |
| target_project_id | * |
+-------------------+--------------------------------------+
[root@devoct30 ~]# openstack network rbac list --long
+--------------------------------------+-------------+--------------------------------------+--------------------+
| ID | Object Type | Object ID | Action |
+--------------------------------------+-------------+--------------------------------------+--------------------+
| 324163f7-b79f-493e-a78d-58da0990830e | network | 9e3285c5-6034-4851-bd72-02d24f5e3f98 | access_as_external |
| 4eff94d8-f872-41b3-b3ce-71cdcb40d2e6 | network | 9e3285c5-6034-4851-bd72-02d24f5e3f98 | access_as_shared |
+--------------------------------------+-------------+--------------------------------------+--------------------+
[root@devoct30 ~]#
[root@devoct30 ~]# openstack network rbac delete 4eff94d8-f872-41b3-b3ce-71cdcb40d2e6
Failed to delete RBAC policy with ID '4eff94d8-f872-41b3-b3ce-71cdcb40d2e6': ConflictException: 409: Client Error for url: http://10.136.19.166:9696/networking/v2.0/rbac-policies/4eff94d8-f872-41b3-b3ce-71cdcb40d2e6, RBAC policy on object 9e3285c5-6034-4851-bd72-02d24f5e3f98 cannot be removed because other objects depend on it.
Details: Callback neutron.plugins.ml2.plugin.NeutronDbPluginV2.validate_network_rbac_policy_change-3919969 failed with "Unable to reconfigure sharing settings for network 9e3285c5-6034-4851-bd72-02d24f5e3f98. Multiple tenants are using it.",Callback neutron.services.network_ip_availability.plugin.NeutronDbPluginV2.validate_network_rbac_policy_change-999219 failed with "Unable to reconfigure sharing settings for network 9e3285c5-6034-4851-bd72-02d24f5e3f98. Multiple tenants are using it.",Callback neutron.services.network_ip_availability.plugin.NeutronDbPluginV2.validate_network_rbac_policy_change-994607 failed with "Unable to reconfigure sharing settings for network 9e3285c5-6034-4851-bd72-02d24f5e3f98. Multiple tenants are using it."
1 of 1 RBAC policies failed to delete.
[root@devoct30 ~]#
Environment:
single devstack installation from master branch
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2075529/+subscriptions
Follow ups
