When security group rule of user is tried to be deleted with another user who is not the ower of Rule, error code of 500 is thrown.
Steps to reproduce:
1. Create two users A and B
2. Create a security group and assign rule 'R' using credentials of A
3. Try to DELETE rule 'R' using credentials of B
Expected Result:
The error message should indicate that Rule is not found i.e error code of 404 should be returned indicating NotFound exception
Actual Result:
novaclient.exceptions.ClientException: The server has either erred or is incapable of performing the requested operation. (HTTP 500)
LOG:
rajalakshmi_ganesan@pshys0183~tests:-)>./apitool.py GET os-security-groups
REQ: curl -i http://10.233.52.27:5000/v2.0/tokens -X POST -H "Content-Type: application/json" -H "User-Agent: python-novaclient"
REQ BODY: {"auth": {"tenantName": "demo", "passwordCredentials": {"username": "demo", "password": "muralik"}}}
RESP:{'date': 'Fri, 18 May 2012 12:37:23 GMT', 'content-type': 'application/json', 'content-length': '2149', 'status': '200', 'vary': 'X-Auth-Token'} {"access": {"token": {"expires": "2012-05-19T12:37:23Z", "id": "a7d2c1801e0547419f7aa928d4c54629", "tenant": {"enabled": true, "id": "732001bbd21942f1bec893c67c850066", "name": "demo", "description": null}}, "serviceCatalog": [{"endpoints": [{"adminURL": "http://10.233.52.27:8774/v2/732001bbd21942f1bec893c67c850066", "region": "RegionOne", "publicURL": "http://10.233.52.27:8774/v2/732001bbd21942f1bec893c67c850066", "internalURL": "http://10.233.52.27:8774/v2/732001bbd21942f1bec893c67c850066"}], "endpoints_links": [], "type": "compute", "name": "Compute Service"}, {"endpoints": [{"adminURL": "http://10.233.52.27:3333", "region": "RegionOne", "publicURL": "http://10.233.52.27:3333", "internalURL": "http://10.233.52.27:3333"}], "endpoints_links": [], "type": "s3", "name": "S3 Service"}, {"endpoints": [{"adminURL": "http://10.233.52.27:9292/v1", "region": "RegionOne", "publicURL": "http://10.233.52.27:9292/v1", "internalURL": "http://10.233.52.27:9292/v1"}], "endpoints_links": [], "type": "image", "name": "Image Service"}, {"endpoints": [{"adminURL": "http://10.233.52.27:8776/v1/732001bbd21942f1bec893c67c850066", "region": "RegionOne", "publicURL": "http://10.233.52.27:8776/v1/732001bbd21942f1bec893c67c850066", "internalURL": "http://10.233.52.27:8776/v1/732001bbd21942f1bec893c67c850066"}], "endpoints_links": [], "type": "volume", "name": "Volume Service"}, {"endpoints": [{"adminURL": "http://10.233.52.27:8773/services/Admin", "region": "RegionOne", "publicURL": "http://10.233.52.27:8773/services/Cloud", "internalURL": "http://10.233.52.27:8773/services/Cloud"}], "endpoints_links": [], "type": "ec2", "name": "EC2 Service"}, {"endpoints": [{"adminURL": "http://10.233.52.27:35357/v2.0", "region": "RegionOne", "publicURL": "http://10.233.52.27:5000/v2.0", "internalURL": "http://10.233.52.27:5000/v2.0"}], "endpoints_links": [], "type": "identity", "name": "Identity Service"}], "user": {"username": "demo", "roles_links": [], "id": "ea25a32fa3b941fdb18e09d696b842eb", "roles": [{"id": "0b2f9dbc2e484ca1a425cae0188ec5c7", "name": "Member"}, {"id": "84494358fd4c47d69127dd7befb3367b", "name": "anotherrole"}], "name": "demo"}}}
REQ: curl -i http://10.233.52.27:8774/v2/732001bbd21942f1bec893c67c850066/os-security-groups?fresh=1337324897.0 -X GET -H "X-Auth-Project-Id: demo" -H "User-Agent: python-novaclient" -H "X-Auth-Token: a7d2c1801e0547419f7aa928d4c54629"
REQ: curl -i http://10.233.52.27:8774/v2/732001bbd21942f1bec893c67c850066/os-security-groups?fresh=1337324897.0 -X GET -H "X-Auth-Project-Id: demo" -H "User-Agent: python-novaclient" -H "X-Auth-Token: a7d2c1801e0547419f7aa928d4c54629"
RESP:{'status': '200', 'content-length': '859', 'content-location': u'http://10.233.52.27:8774/v2/732001bbd21942f1bec893c67c850066/os-security-groups?fresh=1337324897.0', 'x-compute-request-id': 'req-a6be085b-44f4-4a63-9586-daaaa9bb2c94', 'date': 'Fri, 18 May 2012 12:37:23 GMT', 'content-type': 'application/json'} {"security_groups": [{"rules": [{"from_port": -1, "group": {}, "ip_protocol": "icmp", "to_port": -1, "parent_group_id": 1, "ip_range": {"cidr": "10.2.3.124/24"}, "id": 1}], "tenant_id": "732001bbd21942f1bec893c67c850066", "id": 1, "name": "default", "description": "default"}, {"rules": [], "tenant_id": "732001bbd21942f1bec893c67c850066", "id": 22, "name": "security10040667922", "description": "description4023195252"}, {"rules": [], "tenant_id": "732001bbd21942f1bec893c67c850066", "id": 2, "name": "security11097385858", "description": "description69093779700"}, {"rules": [], "tenant_id": "732001bbd21942f1bec893c67c850066", "id": 21, "name": "security17221182272", "description": "description57904094488"}, {"rules": [], "tenant_id": "732001bbd21942f1bec893c67c850066", "id": 23, "name": "security68637896404", "description": "description25025327179"}]}
RESP:{'status': '200', 'content-length': '859', 'content-location': u'http://10.233.52.27:8774/v2/732001bbd21942f1bec893c67c850066/os-security-groups?fresh=1337324897.0', 'x-compute-request-id': 'req-a6be085b-44f4-4a63-9586-daaaa9bb2c94', 'date': 'Fri, 18 May 2012 12:37:23 GMT', 'content-type': 'application/json'} {"security_groups": [{"rules": [{"from_port": -1, "group": {}, "ip_protocol": "icmp", "to_port": -1, "parent_group_id": 1, "ip_range": {"cidr": "10.2.3.124/24"}, "id": 1}], "tenant_id": "732001bbd21942f1bec893c67c850066", "id": 1, "name": "default", "description": "default"}, {"rules": [], "tenant_id": "732001bbd21942f1bec893c67c850066", "id": 22, "name": "security10040667922", "description": "description4023195252"}, {"rules": [], "tenant_id": "732001bbd21942f1bec893c67c850066", "id": 2, "name": "security11097385858", "description": "description69093779700"}, {"rules": [], "tenant_id": "732001bbd21942f1bec893c67c850066", "id": 21, "name": "security17221182272", "description": "description57904094488"}, {"rules": [], "tenant_id": "732001bbd21942f1bec893c67c850066", "id": 23, "name": "security68637896404", "description": "description25025327179"}]}
--- START OF RESPONSE ---
{ u'security_groups': [ { u'description': u'default',
u'id': 1,
u'name': u'default',
u'rules': [ { u'from_port': -1,
u'group': { },
u'id': 1,
u'ip_protocol': u'icmp',
u'ip_range': { u'cidr': u'10.2.3.124/24'},
u'parent_group_id': 1,
u'to_port': -1}],
u'tenant_id': u'732001bbd21942f1bec893c67c850066'},
{ u'description': u'description4023195252',
u'id': 22,
u'name': u'security10040667922',
u'rules': [],
u'tenant_id': u'732001bbd21942f1bec893c67c850066'},
{ u'description': u'description69093779700',
u'id': 2,
u'name': u'security11097385858',
u'rules': [],
u'tenant_id': u'732001bbd21942f1bec893c67c850066'},
{ u'description': u'description57904094488',
u'id': 21,
u'name': u'security17221182272',
u'rules': [],
u'tenant_id': u'732001bbd21942f1bec893c67c850066'},
{ u'description': u'description25025327179',
u'id': 23,
u'name': u'security68637896404',
u'rules': [],
u'tenant_id': u'732001bbd21942f1bec893c67c850066'}]}
--- ENF OF RESPONSE ---
********************************
rajalakshmi_ganesan@pshys0183~tests:-)>./apitool.py DELETE os-security-group-rules/1
REQ: curl -i http://10.233.52.27:5000/v2.0/tokens -X POST -H "Content-Type: application/json" -H "User-Agent: python-novaclient"
REQ BODY: {"auth": {"tenantName": "admin", "passwordCredentials": {"username": "raj", "password": "raj"}}}
RESP:{'date': 'Fri, 18 May 2012 12:45:07 GMT', 'content-type': 'application/json', 'content-length': '2021', 'status': '200', 'vary': 'X-Auth-Token'} {"access": {"token": {"expires": "2012-05-19T12:45:07Z", "id": "d9351206bcc7412eb4c09ab833d41f75", "tenant": {"enabled": true, "id": "cefa64d0ceeb49979c014dfb3af18642", "name": "admin", "description": null}}, "serviceCatalog": [{"endpoints": [{"adminURL": "http://10.233.52.27:8774/v2/cefa64d0ceeb49979c014dfb3af18642", "region": "RegionOne", "publicURL": "http://10.233.52.27:8774/v2/cefa64d0ceeb49979c014dfb3af18642", "internalURL": "http://10.233.52.27:8774/v2/cefa64d0ceeb49979c014dfb3af18642"}], "endpoints_links": [], "type": "compute", "name": "Compute Service"}, {"endpoints": [{"adminURL": "http://10.233.52.27:3333", "region": "RegionOne", "publicURL": "http://10.233.52.27:3333", "internalURL": "http://10.233.52.27:3333"}], "endpoints_links": [], "type": "s3", "name": "S3 Service"}, {"endpoints": [{"adminURL": "http://10.233.52.27:9292/v1", "region": "RegionOne", "publicURL": "http://10.233.52.27:9292/v1", "internalURL": "http://10.233.52.27:9292/v1"}], "endpoints_links": [], "type": "image", "name": "Image Service"}, {"endpoints": [{"adminURL": "http://10.233.52.27:8776/v1/cefa64d0ceeb49979c014dfb3af18642", "region": "RegionOne", "publicURL": "http://10.233.52.27:8776/v1/cefa64d0ceeb49979c014dfb3af18642", "internalURL": "http://10.233.52.27:8776/v1/cefa64d0ceeb49979c014dfb3af18642"}], "endpoints_links": [], "type": "volume", "name": "Volume Service"}, {"endpoints": [{"adminURL": "http://10.233.52.27:8773/services/Admin", "region": "RegionOne", "publicURL": "http://10.233.52.27:8773/services/Cloud", "internalURL": "http://10.233.52.27:8773/services/Cloud"}], "endpoints_links": [], "type": "ec2", "name": "EC2 Service"}, {"endpoints": [{"adminURL": "http://10.233.52.27:35357/v2.0", "region": "RegionOne", "publicURL": "http://10.233.52.27:5000/v2.0", "internalURL": "http://10.233.52.27:5000/v2.0"}], "endpoints_links": [], "type": "identity", "name": "Identity Service"}], "user": {"username": "raj", "roles_links": [], "id": "53aa2d5f3c5240078917405f35269eeb", "roles": [], "name": "raj"}}}
REQ: curl -i http://10.233.52.27:8774/v2/cefa64d0ceeb49979c014dfb3af18642/os-security-group-rules/1 DELETE -H "X-Auth-Project-Id: admin" -H "User-Agent: python-novaclient" -H "X-Auth-Token: d9351206bcc7412eb4c09ab833d41f75"
REQ: curl -i http://10.233.52.27:8774/v2/cefa64d0ceeb49979c014dfb3af18642/os-security-group-rules/1 DELETE -H "X-Auth-Project-Id: admin" -H "User-Agent: python-novaclient" -H "X-Auth-Token: d9351206bcc7412eb4c09ab833d41f75"
RESP:{'date': 'Fri, 18 May 2012 12:45:07 GMT', 'status': '500', 'content-length': '128', 'content-type': 'application/json; charset=UTF-8', 'x-compute-request-id': 'req-dc10a4d8-35f8-4111-ad5f-9ea4e0d4a847'} {"computeFault": {"message": "The server has either erred or is incapable of performing the requested operation.", "code": 500}}
RESP:{'date': 'Fri, 18 May 2012 12:45:07 GMT', 'status': '500', 'content-length': '128', 'content-type': 'application/json; charset=UTF-8', 'x-compute-request-id': 'req-dc10a4d8-35f8-4111-ad5f-9ea4e0d4a847'} {"computeFault": {"message": "The server has either erred or is incapable of performing the requested operation.", "code": 500}}
Traceback (most recent call last):
File "./apitool.py", line 75, in <module>
resp, body = get_action_func(nclient, args.verb[0])(path)
File "/usr/local/lib/python2.7/dist-packages/python_novaclient-2.6.8-py2.7.egg/novaclient/client.py", line 143, in delete
return self._cs_request(url, 'DELETE', **kwargs)
File "/usr/local/lib/python2.7/dist-packages/python_novaclient-2.6.8-py2.7.egg/novaclient/client.py", line 121, in _cs_request
**kwargs)
File "/usr/local/lib/python2.7/dist-packages/python_novaclient-2.6.8-py2.7.egg/novaclient/client.py", line 104, in request
raise exceptions.from_response(resp, body)
novaclient.exceptions.ClientException: The server has either erred or is incapable of performing the requested operation. (HTTP 500)
rajalakshmi_ganesan@pshys0183~tests:-( >
It would be helpful to include the nova server-side log as well with all of these tempest bugs where a 500 is received.