Public bug reported:
In creating/updating firewall, it is not implemented tenant_id check in
validation.
Therefore, when executing following operation with admin privilege,
the error continues to tracing into neutron's log even the firewall has created.
[Operation]
1. Create firewall-policy(shared=False) in alt_demo tenant.
$ source devstack/openrc alt_demo alt_demo
2. Change privilege from alt_demo to admin(in demo tenant)
$ source devstack/openrc admin demo
3. Create firewall using firweall-policy in alt_demo tenant.
$ neutron firewall-create <firewall-policy-in-alt_demo> --name my_fw
[Result]
Created a new firewall:
+--------------------+--------------------------------------+
| Field | Value |
+--------------------+--------------------------------------+
| admin_state_up | True |
| description | |
| firewall_policy_id | 40648e44-2175-4ad7-b190-93179900ac63 |
| id | fff7cbc0-1896-4b6c-8dee-633df68624c2 |
| name | my_fw |
| router_ids | cab4d01f-053b-4e07-a764-d829e66a3f6e |
| status | PENDING_CREATE |
| tenant_id | 65ecf5dfa6f8484f81027d3b25af1dbc |
+--------------------+--------------------------------------+
[Error log] continues to tracing...
ERROR oslo_messaging.rpc.dispatcher [req-bedc6d68-268d-4be0-8e68-9c14bf659390
None 65ecf5dfa6f8484f81027d3b25af1dbc] Exception during message handling:
Firewall Policy 40648e44-2175-4ad7-b190-93179900ac63 could not be found.
TRACE oslo_messaging.rpc.dispatcher Traceback (most recent call last):
TRACE oslo_messaging.rpc.dispatcher File
"/usr/local/lib/python2.7/dist-packages/oslo_messaging/rpc/dispatcher.py", line
142, in _dispatch_and_reply
TRACE oslo_messaging.rpc.dispatcher executor_callback))
TRACE oslo_messaging.rpc.dispatcher File
"/usr/local/lib/python2.7/dist-packages/oslo_messaging/rpc/dispatcher.py", line
186, in _dispatch
TRACE oslo_messaging.rpc.dispatcher executor_callback)
TRACE oslo_messaging.rpc.dispatcher File
"/usr/local/lib/python2.7/dist-packages/oslo_messaging/rpc/dispatcher.py", line
130, in _do_dispatch
TRACE oslo_messaging.rpc.dispatcher result = func(ctxt, **new_args)
TRACE oslo_messaging.rpc.dispatcher File
"/opt/stack/neutron-fwaas/neutron_fwaas/services/firewall/fwaas_plugin.py",
line 85, in get_firewalls_for_tenant
TRACE oslo_messaging.rpc.dispatcher context, fw['id'])
TRACE oslo_messaging.rpc.dispatcher File
"/opt/stack/neutron-fwaas/neutron_fwaas/db/firewall/firewall_db.py", line 169,
in _make_firewall_dict_with_rules
TRACE oslo_messaging.rpc.dispatcher fw_policy =
self.get_firewall_policy(context, fw_policy_id)
TRACE oslo_messaging.rpc.dispatcher File
"/opt/stack/neutron-fwaas/neutron_fwaas/db/firewall/firewall_db.py", line 395,
in get_firewall_policy
TRACE oslo_messaging.rpc.dispatcher fwp =
self._get_firewall_policy(context, id)
TRACE oslo_messaging.rpc.dispatcher File
"/opt/stack/neutron-fwaas/neutron_fwaas/db/firewall/firewall_db.py", line 103,
in _get_firewall_policy
TRACE oslo_messaging.rpc.dispatcher raise
fw_ext.FirewallPolicyNotFound(firewall_policy_id=id)
TRACE oslo_messaging.rpc.dispatcher FirewallPolicyNotFound: Firewall Policy
40648e44-2175-4ad7-b190-93179900ac63 could not be found.
TRACE oslo_messaging.rpc.dispatcher
ERROR oslo_messaging._drivers.common [req-bedc6d68-268d-4be0-8e68-9c14bf659390
None 65ecf5dfa6f8484f81027d3b25af1dbc] Returning exception Firewall Policy
40648e44-2175-4ad7-b190-93179900ac63 could not be found. to caller
ERROR oslo_messaging._drivers.common [req-bedc6d68-268d-4be0-8e68-9c14bf659390
None 65ecf5dfa6f8484f81027d3b25af1dbc] ['Traceback (most recent call last):\n',
' File
"/usr/local/lib/python2.7/dist-packages/oslo_messaging/rpc/dispatcher.py", line
142, in _dispatch_and_reply\n executor_callback))\n', ' File
"/usr/local/lib/python2.7/dist-packages/oslo_messaging/rpc/dispatcher.py", line
186, in _dispatch\n executor_callback)\n', ' File
"/usr/local/lib/python2.7/dist-packages/oslo_messaging/rpc/dispatcher.py", line
130, in _do_dispatch\n result = func(ctxt, **new_args)\n', ' File
"/opt/stack/neutron-fwaas/neutron_fwaas/services/firewall/fwaas_plugin.py",
line 85, in get_firewalls_for_tenant\n context, fw[\'id\'])\n', ' File
"/opt/stack/neutron-fwaas/neutron_fwaas/db/firewall/firewall_db.py", line 169,
in _make_firewall_dict_with_rules\n fw_policy =
self.get_firewall_policy(context, fw_policy_id)\n', ' File
"/opt/stack/neutron-fwaas/neutron_fwaas/db/firewall/firewall_
db.py", line 395, in get_firewall_policy\n fwp =
self._get_firewall_policy(context, id)\n', ' File
"/opt/stack/neutron-fwaas/neutron_fwaas/db/firewall/firewall_db.py", line 103,
in _get_firewall_policy\n raise
fw_ext.FirewallPolicyNotFound(firewall_policy_id=id)\n',
'FirewallPolicyNotFound: Firewall Policy 40648e44-2175-4ad7-b190-93179900ac63
could not be found.\n']
** Affects: neutron
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1446074
Title:
FWaaS - Missing tenant_id validation between firewall and
firewall_policy in creating/updating firewall
Status in OpenStack Neutron (virtual network service):
New
Bug description:
In creating/updating firewall, it is not implemented tenant_id check in
validation.
Therefore, when executing following operation with admin privilege,
the error continues to tracing into neutron's log even the firewall has
created.
[Operation]
1. Create firewall-policy(shared=False) in alt_demo tenant.
$ source devstack/openrc alt_demo alt_demo
2. Change privilege from alt_demo to admin(in demo tenant)
$ source devstack/openrc admin demo
3. Create firewall using firweall-policy in alt_demo tenant.
$ neutron firewall-create <firewall-policy-in-alt_demo> --name my_fw
[Result]
Created a new firewall:
+--------------------+--------------------------------------+
| Field | Value |
+--------------------+--------------------------------------+
| admin_state_up | True |
| description | |
| firewall_policy_id | 40648e44-2175-4ad7-b190-93179900ac63 |
| id | fff7cbc0-1896-4b6c-8dee-633df68624c2 |
| name | my_fw |
| router_ids | cab4d01f-053b-4e07-a764-d829e66a3f6e |
| status | PENDING_CREATE |
| tenant_id | 65ecf5dfa6f8484f81027d3b25af1dbc |
+--------------------+--------------------------------------+
[Error log] continues to tracing...
ERROR oslo_messaging.rpc.dispatcher [req-bedc6d68-268d-4be0-8e68-9c14bf659390
None 65ecf5dfa6f8484f81027d3b25af1dbc] Exception during message handling:
Firewall Policy 40648e44-2175-4ad7-b190-93179900ac63 could not be found.
TRACE oslo_messaging.rpc.dispatcher Traceback (most recent call last):
TRACE oslo_messaging.rpc.dispatcher File
"/usr/local/lib/python2.7/dist-packages/oslo_messaging/rpc/dispatcher.py", line
142, in _dispatch_and_reply
TRACE oslo_messaging.rpc.dispatcher executor_callback))
TRACE oslo_messaging.rpc.dispatcher File
"/usr/local/lib/python2.7/dist-packages/oslo_messaging/rpc/dispatcher.py", line
186, in _dispatch
TRACE oslo_messaging.rpc.dispatcher executor_callback)
TRACE oslo_messaging.rpc.dispatcher File
"/usr/local/lib/python2.7/dist-packages/oslo_messaging/rpc/dispatcher.py", line
130, in _do_dispatch
TRACE oslo_messaging.rpc.dispatcher result = func(ctxt, **new_args)
TRACE oslo_messaging.rpc.dispatcher File
"/opt/stack/neutron-fwaas/neutron_fwaas/services/firewall/fwaas_plugin.py",
line 85, in get_firewalls_for_tenant
TRACE oslo_messaging.rpc.dispatcher context, fw['id'])
TRACE oslo_messaging.rpc.dispatcher File
"/opt/stack/neutron-fwaas/neutron_fwaas/db/firewall/firewall_db.py", line 169,
in _make_firewall_dict_with_rules
TRACE oslo_messaging.rpc.dispatcher fw_policy =
self.get_firewall_policy(context, fw_policy_id)
TRACE oslo_messaging.rpc.dispatcher File
"/opt/stack/neutron-fwaas/neutron_fwaas/db/firewall/firewall_db.py", line 395,
in get_firewall_policy
TRACE oslo_messaging.rpc.dispatcher fwp =
self._get_firewall_policy(context, id)
TRACE oslo_messaging.rpc.dispatcher File
"/opt/stack/neutron-fwaas/neutron_fwaas/db/firewall/firewall_db.py", line 103,
in _get_firewall_policy
TRACE oslo_messaging.rpc.dispatcher raise
fw_ext.FirewallPolicyNotFound(firewall_policy_id=id)
TRACE oslo_messaging.rpc.dispatcher FirewallPolicyNotFound: Firewall Policy
40648e44-2175-4ad7-b190-93179900ac63 could not be found.
TRACE oslo_messaging.rpc.dispatcher
ERROR oslo_messaging._drivers.common
[req-bedc6d68-268d-4be0-8e68-9c14bf659390 None
65ecf5dfa6f8484f81027d3b25af1dbc] Returning exception Firewall Policy
40648e44-2175-4ad7-b190-93179900ac63 could not be found. to caller
ERROR oslo_messaging._drivers.common
[req-bedc6d68-268d-4be0-8e68-9c14bf659390 None
65ecf5dfa6f8484f81027d3b25af1dbc] ['Traceback (most recent call last):\n', '
File "/usr/local/lib/python2.7/dist-packages/oslo_messaging/rpc/dispatcher.py",
line 142, in _dispatch_and_reply\n executor_callback))\n', ' File
"/usr/local/lib/python2.7/dist-packages/oslo_messaging/rpc/dispatcher.py", line
186, in _dispatch\n executor_callback)\n', ' File
"/usr/local/lib/python2.7/dist-packages/oslo_messaging/rpc/dispatcher.py", line
130, in _do_dispatch\n result = func(ctxt, **new_args)\n', ' File
"/opt/stack/neutron-fwaas/neutron_fwaas/services/firewall/fwaas_plugin.py",
line 85, in get_firewalls_for_tenant\n context, fw[\'id\'])\n', ' File
"/opt/stack/neutron-fwaas/neutron_fwaas/db/firewall/firewall_db.py", line 169,
in _make_firewall_dict_with_rules\n fw_policy =
self.get_firewall_policy(context, fw_policy_id)\n', ' File
"/opt/stack/neutron-fwaas/neutron_fwaas/db/firewall/firewal
l_db.py", line 395, in get_firewall_policy\n fwp =
self._get_firewall_policy(context, id)\n', ' File
"/opt/stack/neutron-fwaas/neutron_fwaas/db/firewall/firewall_db.py", line 103,
in _get_firewall_policy\n raise
fw_ext.FirewallPolicyNotFound(firewall_policy_id=id)\n',
'FirewallPolicyNotFound: Firewall Policy 40648e44-2175-4ad7-b190-93179900ac63
could not be found.\n']
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1446074/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
