Public bug reported:
Steps to reproduce:
1. As admin, create a shared policy p1 with shared rule r1
2. As tenant1, create a firewall f1 with policy p1
3. As admin, update p1 and r1 as unshared -- Actually it should not be allowed
as they are in use but allowed in icehouse GA
4. As tenant1, try to delete f1. It fails with following error
Console of tenant1
======================
root@koti-icega-osc:/usr/share/pyshared/neutron# neutron firewall-create p1
--name f1
Created a new firewall:
+--------------------+--------------------------------------+
| Field | Value |
+--------------------+--------------------------------------+
| admin_state_up | True |
| description | |
| firewall_policy_id | 367ff338-1014-4788-9cd9-d9d60035dd52 |
| id | 1665bbf3-f527-4ec9-950f-a3f41d618faf |
| name | f1 |
| status | PENDING_CREATE |
| tenant_id | d637bea7d56b4ac288485143ee2a65af |
+--------------------+--------------------------------------+
root@koti-icega-osc:/usr/share/pyshared/neutron# neutron firewall-show f1
+--------------------+--------------------------------------+
| Field | Value |
+--------------------+--------------------------------------+
| admin_state_up | True |
| description | |
| firewall_policy_id | 367ff338-1014-4788-9cd9-d9d60035dd52 |
| id | 1665bbf3-f527-4ec9-950f-a3f41d618faf |
| name | f1 |
| status | ACTIVE |
| tenant_id | d637bea7d56b4ac288485143ee2a65af |
+--------------------+--------------------------------------+
/********unshare p1 and r1 as admin**********/
root@koti-icega-osc:/usr/share/pyshared/neutron# neutron firewall-delete f1
404-{u'NeutronError': {u'message': u'Firewall Policy
367ff338-1014-4788-9cd9-d9d60035dd52 could not be found.', u'type':
u'FirewallPolicyNotFound', u'detail': u''}}<<<<<<<<<<<<<<<<<<<<<<<<<Error as p1
and r1 are not shared now
root@koti-icega-osc:/usr/share/pyshared/neutron# neutron firewall-show f1
+--------------------+--------------------------------------+
| Field | Value |
+--------------------+--------------------------------------+
| admin_state_up | True |
| description | |
| firewall_policy_id | 367ff338-1014-4788-9cd9-d9d60035dd52 |
| id | 1665bbf3-f527-4ec9-950f-a3f41d618faf |
| name | f1 |
| status | PENDING_DELETE
|<<<<<<<<<<<<<<<<<<<<<<<<< f1 went to pending delete state
| tenant_id | d637bea7d56b4ac288485143ee2a65af |
+--------------------+--------------------------------------+
** Affects: neutron
Importance: Undecided
Status: New
** Tags: fwaas
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1334994
Title:
Unsharing a shared policy/rule should not be allowed when it is in use
by other tenant
Status in OpenStack Neutron (virtual network service):
New
Bug description:
Steps to reproduce:
1. As admin, create a shared policy p1 with shared rule r1
2. As tenant1, create a firewall f1 with policy p1
3. As admin, update p1 and r1 as unshared -- Actually it should not be
allowed as they are in use but allowed in icehouse GA
4. As tenant1, try to delete f1. It fails with following error
Console of tenant1
======================
root@koti-icega-osc:/usr/share/pyshared/neutron# neutron firewall-create p1
--name f1
Created a new firewall:
+--------------------+--------------------------------------+
| Field | Value |
+--------------------+--------------------------------------+
| admin_state_up | True |
| description | |
| firewall_policy_id | 367ff338-1014-4788-9cd9-d9d60035dd52 |
| id | 1665bbf3-f527-4ec9-950f-a3f41d618faf |
| name | f1 |
| status | PENDING_CREATE |
| tenant_id | d637bea7d56b4ac288485143ee2a65af |
+--------------------+--------------------------------------+
root@koti-icega-osc:/usr/share/pyshared/neutron# neutron firewall-show f1
+--------------------+--------------------------------------+
| Field | Value |
+--------------------+--------------------------------------+
| admin_state_up | True |
| description | |
| firewall_policy_id | 367ff338-1014-4788-9cd9-d9d60035dd52 |
| id | 1665bbf3-f527-4ec9-950f-a3f41d618faf |
| name | f1 |
| status | ACTIVE |
| tenant_id | d637bea7d56b4ac288485143ee2a65af |
+--------------------+--------------------------------------+
/********unshare p1 and r1 as admin**********/
root@koti-icega-osc:/usr/share/pyshared/neutron# neutron firewall-delete f1
404-{u'NeutronError': {u'message': u'Firewall Policy
367ff338-1014-4788-9cd9-d9d60035dd52 could not be found.', u'type':
u'FirewallPolicyNotFound', u'detail': u''}}<<<<<<<<<<<<<<<<<<<<<<<<<Error as p1
and r1 are not shared now
root@koti-icega-osc:/usr/share/pyshared/neutron# neutron firewall-show f1
+--------------------+--------------------------------------+
| Field | Value |
+--------------------+--------------------------------------+
| admin_state_up | True |
| description | |
| firewall_policy_id | 367ff338-1014-4788-9cd9-d9d60035dd52 |
| id | 1665bbf3-f527-4ec9-950f-a3f41d618faf |
| name | f1 |
| status | PENDING_DELETE
|<<<<<<<<<<<<<<<<<<<<<<<<< f1 went to pending delete state
| tenant_id | d637bea7d56b4ac288485143ee2a65af |
+--------------------+--------------------------------------+
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1334994/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
