Public bug reported: Steps to reproduce:
1. As admin, create a shared policy p1 with shared rule r1 2. As tenant1, create a firewall f1 with policy p1 3. As admin, update p1 and r1 as unshared -- Actually it should not be allowed as they are in use but allowed in icehouse GA 4. As tenant1, try to delete f1. It fails with following error Console of tenant1 ====================== root@koti-icega-osc:/usr/share/pyshared/neutron# neutron firewall-create p1 --name f1 Created a new firewall: +--------------------+--------------------------------------+ | Field | Value | +--------------------+--------------------------------------+ | admin_state_up | True | | description | | | firewall_policy_id | 367ff338-1014-4788-9cd9-d9d60035dd52 | | id | 1665bbf3-f527-4ec9-950f-a3f41d618faf | | name | f1 | | status | PENDING_CREATE | | tenant_id | d637bea7d56b4ac288485143ee2a65af | +--------------------+--------------------------------------+ root@koti-icega-osc:/usr/share/pyshared/neutron# neutron firewall-show f1 +--------------------+--------------------------------------+ | Field | Value | +--------------------+--------------------------------------+ | admin_state_up | True | | description | | | firewall_policy_id | 367ff338-1014-4788-9cd9-d9d60035dd52 | | id | 1665bbf3-f527-4ec9-950f-a3f41d618faf | | name | f1 | | status | ACTIVE | | tenant_id | d637bea7d56b4ac288485143ee2a65af | +--------------------+--------------------------------------+ /********unshare p1 and r1 as admin**********/ root@koti-icega-osc:/usr/share/pyshared/neutron# neutron firewall-delete f1 404-{u'NeutronError': {u'message': u'Firewall Policy 367ff338-1014-4788-9cd9-d9d60035dd52 could not be found.', u'type': u'FirewallPolicyNotFound', u'detail': u''}}<<<<<<<<<<<<<<<<<<<<<<<<<Error as p1 and r1 are not shared now root@koti-icega-osc:/usr/share/pyshared/neutron# neutron firewall-show f1 +--------------------+--------------------------------------+ | Field | Value | +--------------------+--------------------------------------+ | admin_state_up | True | | description | | | firewall_policy_id | 367ff338-1014-4788-9cd9-d9d60035dd52 | | id | 1665bbf3-f527-4ec9-950f-a3f41d618faf | | name | f1 | | status | PENDING_DELETE |<<<<<<<<<<<<<<<<<<<<<<<<< f1 went to pending delete state | tenant_id | d637bea7d56b4ac288485143ee2a65af | +--------------------+--------------------------------------+ ** Affects: neutron Importance: Undecided Status: New ** Tags: fwaas -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1334994 Title: Unsharing a shared policy/rule should not be allowed when it is in use by other tenant Status in OpenStack Neutron (virtual network service): New Bug description: Steps to reproduce: 1. As admin, create a shared policy p1 with shared rule r1 2. As tenant1, create a firewall f1 with policy p1 3. As admin, update p1 and r1 as unshared -- Actually it should not be allowed as they are in use but allowed in icehouse GA 4. As tenant1, try to delete f1. It fails with following error Console of tenant1 ====================== root@koti-icega-osc:/usr/share/pyshared/neutron# neutron firewall-create p1 --name f1 Created a new firewall: +--------------------+--------------------------------------+ | Field | Value | +--------------------+--------------------------------------+ | admin_state_up | True | | description | | | firewall_policy_id | 367ff338-1014-4788-9cd9-d9d60035dd52 | | id | 1665bbf3-f527-4ec9-950f-a3f41d618faf | | name | f1 | | status | PENDING_CREATE | | tenant_id | d637bea7d56b4ac288485143ee2a65af | +--------------------+--------------------------------------+ root@koti-icega-osc:/usr/share/pyshared/neutron# neutron firewall-show f1 +--------------------+--------------------------------------+ | Field | Value | +--------------------+--------------------------------------+ | admin_state_up | True | | description | | | firewall_policy_id | 367ff338-1014-4788-9cd9-d9d60035dd52 | | id | 1665bbf3-f527-4ec9-950f-a3f41d618faf | | name | f1 | | status | ACTIVE | | tenant_id | d637bea7d56b4ac288485143ee2a65af | +--------------------+--------------------------------------+ /********unshare p1 and r1 as admin**********/ root@koti-icega-osc:/usr/share/pyshared/neutron# neutron firewall-delete f1 404-{u'NeutronError': {u'message': u'Firewall Policy 367ff338-1014-4788-9cd9-d9d60035dd52 could not be found.', u'type': u'FirewallPolicyNotFound', u'detail': u''}}<<<<<<<<<<<<<<<<<<<<<<<<<Error as p1 and r1 are not shared now root@koti-icega-osc:/usr/share/pyshared/neutron# neutron firewall-show f1 +--------------------+--------------------------------------+ | Field | Value | +--------------------+--------------------------------------+ | admin_state_up | True | | description | | | firewall_policy_id | 367ff338-1014-4788-9cd9-d9d60035dd52 | | id | 1665bbf3-f527-4ec9-950f-a3f41d618faf | | name | f1 | | status | PENDING_DELETE |<<<<<<<<<<<<<<<<<<<<<<<<< f1 went to pending delete state | tenant_id | d637bea7d56b4ac288485143ee2a65af | +--------------------+--------------------------------------+ To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1334994/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp