[Yahoo-eng-team] [Bug 1699717] Re: Updating of firewall-rule while attached to firewall via non-admin user shows exception on Horizon

Wed, 28 Jun 2017 09:44:47 -0700 

** Also affects: neutron-fwaas-dashboard
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1699717

Title:
  Updating of firewall-rule while attached to firewall via non-admin
  user shows exception on Horizon

Status in OpenStack Dashboard (Horizon):
  In Progress
Status in Neutron FWaaS dashboard:
  New

Bug description:
  Created non-admin user using below commands:-
  # openstack project create sam
  # openstack user create --password openstack --project 
acdc3b0348224a019878d628cc40681c sam-user
  # openstack role create user-role
  # openstack role add  --project acdc3b0348224a019878d628cc40681c --user 
sam-user user-role

  Steps:-
  1) Created firewall-rule 
  2) Created firewall policy and firewall-rule.
  3) Created firewall and add firewall-policy to it
  4) Now try to update firewall-rule using non-admin user it shows exception.
  Error: Failed to update rule fire-rule-sam: {u'protocol': u'tcp', 
u'description': u'', 'attributes_to_update': [u'protocol', u'name', u'enabled', 
u'source_ip_address', u'destination_ip_address', u'action', u'source_port', 
u'shared', u'destination_port', u'ip_version', u'description'], u'source_port': 
None, u'source_ip_address': None, u'destination_ip_address': None, 
'firewall_policy_id': u'ce84a478-3eaf-45ba-9d00-2f82b90916e4', 
u'destination_port': None, 'id': u'86850f40-6b26-4849-8eb9-f65b4136cf87', 
u'name': u'fire-rule-sam', 'tenant_id': u'acdc3b0348224a019878d628cc40681c', 
u'enabled': True, u'action': u'allow', 'shared': False, 'project_id': 
u'acdc3b0348224a019878d628cc40681c', u'ip_version': 4} is disallowed by policy 
rule (rule:update_firewall_rule and rule:update_firewall_rule:shared) with 
{'project_id': u'acdc3b0348224a019878d628cc40681c', 'domain': None, 
'project_name': u'sam', 'user_id': u'2e4470864c674331bec8b9f25d546e04', 
'roles': [u'user-role'], 'user_domain_id': None, 
 'service_project_id': None, 'project_domain': None, 'tenant_id': 
u'acdc3b0348224a019878d628cc40681c', 'service_user_domain_id': None, 
'service_project_domain_id': None, 

  But issue doesn't comes when using cli command to update firewall-rules for 
non-admin user.
  Use credentials for non-admin tenant then run below command:-

  $  neutron firewall-rule-update 86850f40-6b26-4849-8eb9-f65b4136cf87 
--protocol tcp --action reject
  Updated firewall_rule: 86850f40-6b26-4849-8eb9-f65b4136cf87

  So above command via cli is executed fine but with horizon it shows
  issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1699717/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

Reply via email to