Public bug reported: DESCRIPTION: firewall rule shared by admin is not able to use in tenant's firewall policy when the rule is already attached in other tenant's or admin's firewall policy Steps to Reproduce: 1. create a firewall rule r1 as share = true from admin tenant 2. create a firewall policy p1 and attach the aboce firewall rule r1 from admin tenant 3. Try to create a firewall policy from other tenant with the above firewall rule r1 Actual Results: cli throws error as its being in use and doesn't create firewall policy
root@IGA-OSC:~# fwrc --protocol icmp --action deny --name a2 --shared Created a new firewall_rule: +------------------------+--------------------------------------+ | Field | Value | +------------------------+--------------------------------------+ | action | deny | | description | | | destination_ip_address | | | destination_port | | | enabled | True | | firewall_policy_id | | | id | 15f3c1a8-f813-4809-ab44-00d12f7ff8ad | | ip_version | 4 | | name | a2 | | position | | | protocol | icmp | | shared | True | | source_ip_address | | | source_port | | | tenant_id | 0ad385e00e97476e9456945c079a21ea | +------------------------+--------------------------------------+ root@IGA-OSC:~# fwpc ap --firewall-rule a2 Created a new firewall_policy: +----------------+--------------------------------------+ | Field | Value | +----------------+--------------------------------------+ | audited | False | | description | | | firewall_rules | 15f3c1a8-f813-4809-ab44-00d12f7ff8ad | | id | 800bea29-f165-421e-8e56-a0ec9af2bfc0 | | name | ap | | shared | False | | tenant_id | 0ad385e00e97476e9456945c079a21ea | +----------------+--------------------------------------+ root@IGA-OSC:~# fwrs a2 +------------------------+--------------------------------------+ | Field | Value | +------------------------+--------------------------------------+ | action | deny | | description | | | destination_ip_address | | | destination_port | | | enabled | True | | firewall_policy_id | 800bea29-f165-421e-8e56-a0ec9af2bfc0 | | id | 15f3c1a8-f813-4809-ab44-00d12f7ff8ad | | ip_version | 4 | | name | a2 | | position | 1 | | protocol | icmp | | source_ip_address | | | source_port | | | tenant_id | 0ad385e00e97476e9456945c079a21ea | +------------------------+--------------------------------------+ >From other tenant ============== root@IGA-OSC:~# fwpc p3 --firewall-rule a2 409-{u'NeutronError': {u'message': u'Firewall Rule 15f3c1a8-f813-4809-ab44-00d12f7ff8ad is being used.', u'type': u'FirewallRuleInUse', u'detail': u''}} ** Affects: neutron Importance: Undecided Status: New ** Tags: fwaas -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1324417 Title: fwaas:shared firewall rule is not able to use when it is already attached in other tenant's firewall policy Status in OpenStack Neutron (virtual network service): New Bug description: DESCRIPTION: firewall rule shared by admin is not able to use in tenant's firewall policy when the rule is already attached in other tenant's or admin's firewall policy Steps to Reproduce: 1. create a firewall rule r1 as share = true from admin tenant 2. create a firewall policy p1 and attach the aboce firewall rule r1 from admin tenant 3. Try to create a firewall policy from other tenant with the above firewall rule r1 Actual Results: cli throws error as its being in use and doesn't create firewall policy root@IGA-OSC:~# fwrc --protocol icmp --action deny --name a2 --shared Created a new firewall_rule: +------------------------+--------------------------------------+ | Field | Value | +------------------------+--------------------------------------+ | action | deny | | description | | | destination_ip_address | | | destination_port | | | enabled | True | | firewall_policy_id | | | id | 15f3c1a8-f813-4809-ab44-00d12f7ff8ad | | ip_version | 4 | | name | a2 | | position | | | protocol | icmp | | shared | True | | source_ip_address | | | source_port | | | tenant_id | 0ad385e00e97476e9456945c079a21ea | +------------------------+--------------------------------------+ root@IGA-OSC:~# fwpc ap --firewall-rule a2 Created a new firewall_policy: +----------------+--------------------------------------+ | Field | Value | +----------------+--------------------------------------+ | audited | False | | description | | | firewall_rules | 15f3c1a8-f813-4809-ab44-00d12f7ff8ad | | id | 800bea29-f165-421e-8e56-a0ec9af2bfc0 | | name | ap | | shared | False | | tenant_id | 0ad385e00e97476e9456945c079a21ea | +----------------+--------------------------------------+ root@IGA-OSC:~# fwrs a2 +------------------------+--------------------------------------+ | Field | Value | +------------------------+--------------------------------------+ | action | deny | | description | | | destination_ip_address | | | destination_port | | | enabled | True | | firewall_policy_id | 800bea29-f165-421e-8e56-a0ec9af2bfc0 | | id | 15f3c1a8-f813-4809-ab44-00d12f7ff8ad | | ip_version | 4 | | name | a2 | | position | 1 | | protocol | icmp | | source_ip_address | | | source_port | | | tenant_id | 0ad385e00e97476e9456945c079a21ea | +------------------------+--------------------------------------+ From other tenant ============== root@IGA-OSC:~# fwpc p3 --firewall-rule a2 409-{u'NeutronError': {u'message': u'Firewall Rule 15f3c1a8-f813-4809-ab44-00d12f7ff8ad is being used.', u'type': u'FirewallRuleInUse', u'detail': u''}} To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1324417/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp