Public bug reported:
DESCRIPTION:
firewall rule shared by admin is not able to use in tenant's firewall policy
when the rule is already attached in other tenant's or admin's firewall policy
Steps to Reproduce:
1. create a firewall rule r1 as share = true from admin tenant
2. create a firewall policy p1 and attach the aboce firewall rule r1 from admin
tenant
3. Try to create a firewall policy from other tenant with the above firewall
rule r1
Actual Results:
cli throws error as its being in use and doesn't create firewall policy
root@IGA-OSC:~# fwrc --protocol icmp --action deny --name a2 --shared
Created a new firewall_rule:
+------------------------+--------------------------------------+
| Field | Value |
+------------------------+--------------------------------------+
| action | deny |
| description | |
| destination_ip_address | |
| destination_port | |
| enabled | True |
| firewall_policy_id | |
| id | 15f3c1a8-f813-4809-ab44-00d12f7ff8ad |
| ip_version | 4 |
| name | a2 |
| position | |
| protocol | icmp |
| shared | True |
| source_ip_address | |
| source_port | |
| tenant_id | 0ad385e00e97476e9456945c079a21ea |
+------------------------+--------------------------------------+
root@IGA-OSC:~# fwpc ap --firewall-rule a2
Created a new firewall_policy:
+----------------+--------------------------------------+
| Field | Value |
+----------------+--------------------------------------+
| audited | False |
| description | |
| firewall_rules | 15f3c1a8-f813-4809-ab44-00d12f7ff8ad |
| id | 800bea29-f165-421e-8e56-a0ec9af2bfc0 |
| name | ap |
| shared | False |
| tenant_id | 0ad385e00e97476e9456945c079a21ea |
+----------------+--------------------------------------+
root@IGA-OSC:~# fwrs a2
+------------------------+--------------------------------------+
| Field | Value |
+------------------------+--------------------------------------+
| action | deny |
| description | |
| destination_ip_address | |
| destination_port | |
| enabled | True |
| firewall_policy_id | 800bea29-f165-421e-8e56-a0ec9af2bfc0 |
| id | 15f3c1a8-f813-4809-ab44-00d12f7ff8ad |
| ip_version | 4 |
| name | a2 |
| position | 1 |
| protocol | icmp |
| source_ip_address | |
| source_port | |
| tenant_id | 0ad385e00e97476e9456945c079a21ea |
+------------------------+--------------------------------------+
>From other tenant
==============
root@IGA-OSC:~# fwpc p3 --firewall-rule a2
409-{u'NeutronError': {u'message': u'Firewall Rule
15f3c1a8-f813-4809-ab44-00d12f7ff8ad is being used.', u'type':
u'FirewallRuleInUse', u'detail': u''}}
** Affects: neutron
Importance: Undecided
Status: New
** Tags: fwaas
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1324417
Title:
fwaas:shared firewall rule is not able to use when it is already
attached in other tenant's firewall policy
Status in OpenStack Neutron (virtual network service):
New
Bug description:
DESCRIPTION:
firewall rule shared by admin is not able to use in tenant's firewall policy
when the rule is already attached in other tenant's or admin's firewall policy
Steps to Reproduce:
1. create a firewall rule r1 as share = true from admin tenant
2. create a firewall policy p1 and attach the aboce firewall rule r1 from
admin tenant
3. Try to create a firewall policy from other tenant with the above firewall
rule r1
Actual Results:
cli throws error as its being in use and doesn't create firewall policy
root@IGA-OSC:~# fwrc --protocol icmp --action deny --name a2 --shared
Created a new firewall_rule:
+------------------------+--------------------------------------+
| Field | Value |
+------------------------+--------------------------------------+
| action | deny |
| description | |
| destination_ip_address | |
| destination_port | |
| enabled | True |
| firewall_policy_id | |
| id | 15f3c1a8-f813-4809-ab44-00d12f7ff8ad |
| ip_version | 4 |
| name | a2 |
| position | |
| protocol | icmp |
| shared | True |
| source_ip_address | |
| source_port | |
| tenant_id | 0ad385e00e97476e9456945c079a21ea |
+------------------------+--------------------------------------+
root@IGA-OSC:~# fwpc ap --firewall-rule a2
Created a new firewall_policy:
+----------------+--------------------------------------+
| Field | Value |
+----------------+--------------------------------------+
| audited | False |
| description | |
| firewall_rules | 15f3c1a8-f813-4809-ab44-00d12f7ff8ad |
| id | 800bea29-f165-421e-8e56-a0ec9af2bfc0 |
| name | ap |
| shared | False |
| tenant_id | 0ad385e00e97476e9456945c079a21ea |
+----------------+--------------------------------------+
root@IGA-OSC:~# fwrs a2
+------------------------+--------------------------------------+
| Field | Value |
+------------------------+--------------------------------------+
| action | deny |
| description | |
| destination_ip_address | |
| destination_port | |
| enabled | True |
| firewall_policy_id | 800bea29-f165-421e-8e56-a0ec9af2bfc0 |
| id | 15f3c1a8-f813-4809-ab44-00d12f7ff8ad |
| ip_version | 4 |
| name | a2 |
| position | 1 |
| protocol | icmp |
| source_ip_address | |
| source_port | |
| tenant_id | 0ad385e00e97476e9456945c079a21ea |
+------------------------+--------------------------------------+
From other tenant
==============
root@IGA-OSC:~# fwpc p3 --firewall-rule a2
409-{u'NeutronError': {u'message': u'Firewall Rule
15f3c1a8-f813-4809-ab44-00d12f7ff8ad is being used.', u'type':
u'FirewallRuleInUse', u'detail': u''}}
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1324417/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
