[Yahoo-eng-team] [Bug 1823847] Re: Multiple rules in a mapping is not working with type: "local" attribute
** Changed in: keystone Status: Invalid => New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1823847 Title: Multiple rules in a mapping is not working with type: "local" attribute Status in OpenStack Identity (keystone): New Bug description: We have a requirement in which we want to setup an external Identity provider with keystone federation for SSO. I have added two rules in a mapping which will match to below criteria and added this mapping to OS_FEDERATION identity provider. Rule 1. If user already exists in keystone, it should not create a new ephemeral user. Rule 2. If user is not found in keystone, it should create a new user in SSO federated domain. Problem: If user is not present already, it should match second rule and new user should be created. But its throwing Unauthorized Error. I think, with type:"local" specified, it will throw Unauthorized error even if there are multiple rules for a given mapping. With multiple rules specified, it should try to match the a rule in an order which is not working as expected Have attached mapping object for reference. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1823847/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1823847] [NEW] Multiple rules in a mapping is not working with type: "local" attribute
Public bug reported: We have a requirement in which we want to setup an external Identity provider with keystone federation for SSO. I have added two rules in a mapping which will match to below criteria and added this mapping to OS_FEDERATION identity provider. Rule 1. If user already exists in keystone, it should not create a new ephemeral user. Rule 2. If user is not found in keystone, it should create a new user in SSO federated domain. Problem: If user is not present already, it should match second rule and new user should be created. But its throwing Unauthorized Error. I think, with type:"local" specified, it will throw Unauthorized error even if there are multiple rules for a given mapping. With multiple rules specified, it should try to match the a rule in an order which is not working as expected Have attached mapping object for reference. ** Affects: keystone Importance: Undecided Status: New ** Tags: federation -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1823847 Title: Multiple rules in a mapping is not working with type: "local" attribute Status in OpenStack Identity (keystone): New Bug description: We have a requirement in which we want to setup an external Identity provider with keystone federation for SSO. I have added two rules in a mapping which will match to below criteria and added this mapping to OS_FEDERATION identity provider. Rule 1. If user already exists in keystone, it should not create a new ephemeral user. Rule 2. If user is not found in keystone, it should create a new user in SSO federated domain. Problem: If user is not present already, it should match second rule and new user should be created. But its throwing Unauthorized Error. I think, with type:"local" specified, it will throw Unauthorized error even if there are multiple rules for a given mapping. With multiple rules specified, it should try to match the a rule in an order which is not working as expected Have attached mapping object for reference. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1823847/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1521071] [NEW] Network connectivity fails when a provider network is scheduled to a Node which has invalid physical network mappings
Public bug reported: I have a setup with 2 Network nodes, with bridge_mappings of l2 agents as follows. Network Node 1 : bridge_mappings: provider:10:1000 Network Node 2 : bridge_mappings: physnet1:1000:1500 Now, I create a provider network. neutron net-create net1 --provider:network_type vlan --provider:physical_network physnet1 Now, when I add a port to that network, the network gets scheduled to NN1, in which physical_network "physnet1" has no meaning. Solution: A pre-check to be added while scheduling a provider network, whether physical network specified exists in the bridge_mappings config of the respective NN node. ** Affects: neutron Importance: Undecided Status: New ** Tags: neutron ovs vlan -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1521071 Title: Network connectivity fails when a provider network is scheduled to a Node which has invalid physical network mappings Status in neutron: New Bug description: I have a setup with 2 Network nodes, with bridge_mappings of l2 agents as follows. Network Node 1 : bridge_mappings: provider:10:1000 Network Node 2 : bridge_mappings: physnet1:1000:1500 Now, I create a provider network. neutron net-create net1 --provider:network_type vlan --provider:physical_network physnet1 Now, when I add a port to that network, the network gets scheduled to NN1, in which physical_network "physnet1" has no meaning. Solution: A pre-check to be added while scheduling a provider network, whether physical network specified exists in the bridge_mappings config of the respective NN node. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1521071/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1324496] Re: shared firewall policies and rules are not displayed in horizon
*** This bug is a duplicate of bug 1294541 *** https://bugs.launchpad.net/bugs/1294541 ** This bug has been marked a duplicate of bug 1294541 shared firewall policies can't be displayed in horizon -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1324496 Title: shared firewall policies and rules are not displayed in horizon Status in OpenStack Dashboard (Horizon): In Progress Bug description: This bug is an extension to https://bugs.launchpad.net/neutron/+bug/1323322 As a normal user, Shared Firewall Policies and Rules which are created by admin , are listed for CLI command. But, those are not visible in Horizon UI. Steps to reproduce: As admin: Create a firewall rule and mark it as shared. Create a firewall policy and mark it as shared. Now, as a normal user: Try CLI commands: neutron firewall-rule-list neutron-firewall-policy-list It will list all the policies and rules which are shared also. Now login to Horizon as normal user, In Firewall panel, Nothing is displayed under firewall-policies and firewall-rules. Expected Results: Shared firewall policies and rules should be listed as in CLI. And modification of those should be disabled for all users other than admin. To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1324496/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1422629] [NEW] Creating a network with explicitly specified segmentation id must fail, if that id is not confiured
Public bug reported: Consider scenario, where ml2 plugin is configured with following segment ranges. network_vlan_ranges=physnet1:1000:1999 vni_ranges=500:999 Now, if I create a Network specifying a segmentation id which is not in the range specified in the configuration file, the resource is getting created. neutron net-create net1 --provider:network_type=vlan --provider:physical_network=physnet1 --provider:segmentation_id=100 Created a new network: +---+--+ | Field | Value| +---+--+ | admin_state_up| True | | id| dbe747f5-9d45-403d-97b2-6f4dd82aef47 | | name | net1 | | provider:network_type | vlan | | provider:physical_network | physnet1 | | provider:segmentation_id | 100 | | router:external | False| | shared| False| | status| ACTIVE | | subnets | | | tenant_id | e7897ad9e9f84826a0a7bfe6086e9278 | +---+--+ neutron net-create net2 --provider:network_type=vxlan --provider:segmentation_id=1 Created a new network: +---+--+ | Field | Value| +---+--+ | admin_state_up| True | | id| ec9dd22a-ae53-41f0-9c78-348e77508dff | | name | net2 | | provider:network_type | vxlan| | provider:physical_network | | | provider:segmentation_id | 1| | router:external | False| | shared| False| | status| ACTIVE | | subnets | | | tenant_id | e7897ad9e9f84826a0a7bfe6086e9278 | +---+--+ ** Affects: neutron Importance: Undecided Assignee: Shivakumar M (shiva-m) Status: New ** Tags: ml2 neutron-core ** Changed in: neutron Assignee: (unassigned) => Shivakumar M (shiva-m) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1422629 Title: Creating a network with explicitly specified segmentation id must fail, if that id is not confiured Status in OpenStack Neutron (virtual network service): New Bug description: Consider scenario, where ml2 plugin is configured with following segment ranges. network_vlan_ranges=physnet1:1000:1999 vni_ranges=500:999 Now, if I create a Network specifying a segmentation id which is not in the range specified in the configuration file, the resource is getting created. neutron net-create net1 --provider:network_type=vlan --provider:physical_network=physnet1 --provider:segmentation_id=100 Created a new network: +---+--+ | Field | Value| +---+--+ | admin_state_up| True | | id| dbe747f5-9d45-403d-97b2-6f4dd82aef47 | | name | net1 | | provider:network_type | vlan | | provider:physical_network | physnet1 | | provider:segmentation_id | 100 | | router:external | False| | shared| False| | status| ACTIVE | | subnets | | | tenant_id | e7897ad9e9f84826a0a7bfe6086e9278 | +---+--+ neutron net-create net2 --provider:network_type=vxlan --provider:segmentation_id=1 Created a new network: +---+--+ | Field | Va
[Yahoo-eng-team] [Bug 1405077] [NEW] VLAN configuration changes made is not updated until neutron server is restarted
Public bug reported: I changed network_vlan_ranges configuration in configuration file, and I want changes to take effect without restarting the neutron server. It may not be a bug, but restarting the networking service itself could lead to some critical processes to stop temporarily. As some configurations are subjected to change often, automatic reloading of configurations without restarting the whole service may be a feasible solution. ** Affects: neutron Importance: Undecided Status: New ** Tags: config neutron reload -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1405077 Title: VLAN configuration changes made is not updated until neutron server is restarted Status in OpenStack Neutron (virtual network service): New Bug description: I changed network_vlan_ranges configuration in configuration file, and I want changes to take effect without restarting the neutron server. It may not be a bug, but restarting the networking service itself could lead to some critical processes to stop temporarily. As some configurations are subjected to change often, automatic reloading of configurations without restarting the whole service may be a feasible solution. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1405077/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1405057] [NEW] Filter port-list based on security_groups associated not working
Public bug reported:
Sample Usecases:
1. neutron port-list --security_groups=6f3d9d9d-e84d-437c-ac40-82ce3196230c
Invalid input for operation: '6' is not an integer or uuid.
2.neutron port-list --security_groups list=true
6f3d9d9d-e84d-437c-ac40-82ce3196230c
Invalid input for operation: '6' is not an integer or uuid.
Since, security_groups associated to a port are referenced from securitygroups
db table, we can just filter ports
based on security_groups directly as it works for other paramters.
Example:
neutron port-list --mac_address list=true fa:16:3e:40:2b:cc fa:16:3e:8e:32:3e
+--+--+---+---+
| id | name | mac_address | fixed_ips
|
+--+--+---+---+
| 1cecec78-226f-4379-b5ad-c145e2e14048 | | fa:16:3e:40:2b:cc |
{"subnet_id": "af938c1c-e2d7-47a0-954a-ec8524677486", "ip_address":
"50.10.10.2"} |
| eec24494-09a8-4fa8-885d-e3fda37fe756 | | fa:16:3e:8e:32:3e |
{"subnet_id": "af938c1c-e2d7-47a0-954a-ec8524677486", "ip_address":
"50.10.10.3"} |
+--+--+---+-------+
** Affects: neutron
Importance: Undecided
Assignee: Shivakumar M (shiva-m)
Status: New
** Tags: neutron port-list security-groups
** Changed in: neutron
Assignee: (unassigned) => Shivakumar M (shiva-m)
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1405057
Title:
Filter port-list based on security_groups associated not working
Status in OpenStack Neutron (virtual network service):
New
Bug description:
Sample Usecases:
1. neutron port-list --security_groups=6f3d9d9d-e84d-437c-ac40-82ce3196230c
Invalid input for operation: '6' is not an integer or uuid.
2.neutron port-list --security_groups list=true
6f3d9d9d-e84d-437c-ac40-82ce3196230c
Invalid input for operation: '6' is not an integer or uuid.
Since, security_groups associated to a port are referenced from
securitygroups db table, we can just filter ports
based on security_groups directly as it works for other paramters.
Example:
neutron port-list --mac_address list=true fa:16:3e:40:2b:cc fa:16:3e:8e:32:3e
+--+--+---+---+
| id | name | mac_address | fixed_ips
|
+--+--+---+---+
| 1cecec78-226f-4379-b5ad-c145e2e14048 | | fa:16:3e:40:2b:cc |
{"subnet_id": "af938c1c-e2d7-47a0-954a-ec8524677486", "ip_address":
"50.10.10.2"} |
| eec24494-09a8-4fa8-885d-e3fda37fe756 | | fa:16:3e:8e:32:3e |
{"subnet_id": "af938c1c-e2d7-47a0-954a-ec8524677486", "ip_address":
"50.10.10.3"} |
+--+--+---+---+
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1405057/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1324496] Re: shared firewall policies and rules are not displayed in horizon
Think, you are right.. I should change it as horizon bug.. ** Tags added: horizon ** Project changed: neutron => horizon ** Changed in: horizon Status: Incomplete => New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1324496 Title: shared firewall policies and rules are not displayed in horizon Status in OpenStack Dashboard (Horizon): New Bug description: This bug is an extension to https://bugs.launchpad.net/neutron/+bug/1323322 As a normal user, Shared Firewall Policies and Rules which are created by admin , are listed for CLI command. But, those are not visible in Horizon UI. Steps to reproduce: As admin: Create a firewall rule and mark it as shared. Create a firewall policy and mark it as shared. Now, as a normal user: Try CLI commands: neutron firewall-rule-list neutron-firewall-policy-list It will list all the policies and rules which are shared also. Now login to Horizon as normal user, In Firewall panel, Nothing is displayed under firewall-policies and firewall-rules. Expected Results: Shared firewall policies and rules should be listed as in CLI. And modification of those should be disabled for all users other than admin. To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1324496/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1324496] [NEW] shared firewall policies and rules are not displayed in horizon
Public bug reported: This bug is an extension to https://bugs.launchpad.net/neutron/+bug/1323322 As a normal user, Shared Firewall Policies and Rules which are created by admin , are listed for CLI command. But, those are not visible in Horizon UI. Steps to reproduce: As admin: Create a firewall rule and mark it as shared. Create a firewall policy and mark it as shared. Now, as a normal user: Try CLI commands: neutron firewall-rule-list neutron-firewall-policy-list It will list all the policies and rules which are shared also. Now login to Horizon as normal user, In Firewall panel, Nothing is displayed under firewall-policies and firewall-rules. Expected Results: Shared firewall policies and rules should be listed as in CLI. And modification of those should be disabled for all users other than admin. ** Affects: neutron Importance: Undecided Assignee: Shivakumar M (shiva075gowda) Status: New ** Changed in: neutron Assignee: (unassigned) => Shivakumar M (shiva075gowda) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1324496 Title: shared firewall policies and rules are not displayed in horizon Status in OpenStack Neutron (virtual network service): New Bug description: This bug is an extension to https://bugs.launchpad.net/neutron/+bug/1323322 As a normal user, Shared Firewall Policies and Rules which are created by admin , are listed for CLI command. But, those are not visible in Horizon UI. Steps to reproduce: As admin: Create a firewall rule and mark it as shared. Create a firewall policy and mark it as shared. Now, as a normal user: Try CLI commands: neutron firewall-rule-list neutron-firewall-policy-list It will list all the policies and rules which are shared also. Now login to Horizon as normal user, In Firewall panel, Nothing is displayed under firewall-policies and firewall-rules. Expected Results: Shared firewall policies and rules should be listed as in CLI. And modification of those should be disabled for all users other than admin. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1324496/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
