Reviewed: https://review.openstack.org/412754 Committed: https://git.openstack.org/cgit/openstack/neutron-fwaas/commit/?id=58417e5f434b2cb8feecfe8aa78b60d4de21693f Submitter: Jenkins Branch: master
commit 58417e5f434b2cb8feecfe8aa78b60d4de21693f Author: ZhaoBo <[email protected]> Date: Tue Dec 20 10:44:07 2016 +0800 Fix PENDING_UPDATE state when update exist no policy fw_group with ports This patch return the 'INVAILD' state which is the same with fw_group creation when update the exist fw_group. The exist fw_group just contained the ports. Closes-Bug: #1651327 Change-Id: I64e1ed4d790f11cb321f32651bbdc57ff265cd68 ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1651327 Title: Different behavior in firewall_group creation and updation Status in neutron: Fix Released Bug description: I use restApi to create firewall_group like: { "firewall_group": { "name": "ag1", "ports": ["2c6b1bcf-a1d6-4efa-8c7a-b7f0966aa3d1"] } } The response is : { "firewall_group": { "status": "INACTIVE", "public": false, "egress_firewall_policy_id": null, "name": "ag1", "admin_state_up": true, "tenant_id": "88ecb8bb6abb4207bb9a832e08eef245", "project_id": "88ecb8bb6abb4207bb9a832e08eef245", "id": "1f6ae5b9-0820-4572-9057-457ed139d7e6", "ingress_firewall_policy_id": null, "description": "" } } This is correct, as no policy there is no meaning to call agent to refresh the iptables. But when I use the same req_body to PUT. PUT request: { "firewall_group": { "name": "ag1", "ports": ["2c6b1bcf-a1d6-4efa-8c7a-b7f0966aa3d1"], } } PUT response: { "firewall_group": { "status": "PENDING_UPDATE", "description": "", "ingress_firewall_policy_id": null, "id": "034763aa-841d-4e3c-a327-b3430330cd98", "name": "ag1", "admin_state_up": true, "tenant_id": "88ecb8bb6abb4207bb9a832e08eef245", "ports": [ "2c6b1bcf-a1d6-4efa-8c7a-b7f0966aa3d1" ], "project_id": "88ecb8bb6abb4207bb9a832e08eef245", "public": false, "egress_firewall_policy_id": null } } Then the logic will call agent to input the default iptables chains with no policy port. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1651327/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
