neutron

policy check always use rule admin_or_owner for update_port operation

Bug #1044218 reported by Jiajun Liu
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Fix Released
Medium
Salvatore Orlando
neutron 2012.2 "folsom"

Bug Description

policy check do not work properly for update_port operation in quantum v2 API.
For example, I want to change the fixed_ip of a port and I typed the following cmd:
$ quantum update-port 89b8d2aa-9d2a-4d79-a7d2-08362a435c73 --fixed_ip {"subnet_id": "3e3142c6-cc0f-49c2-bedb-9f6c1b23c801", "ip_address": "10.0.1.2"}

then policy.enforce got called with:
action = 'update_port'
target = {'status': u'ACTIVE', 'network_id': u'c46727f3-8b02-4dd9-8295-171e2a91c4fa', u'port': {u'fixed_ip': [u'{subnet_id:', u'3e3142c6-cc0f-49c2-bedb-9f6c1b23c801,', u'ip_address:', u'10.0.1.2}']}, 'id': u'89b8d2aa-9d2a-4d79-a7d2-08362a435c73', 'tenant_id': u'251bd6bb546a4bd2a08b7e2b2907e18c'}

However, _is_attribute_explicitly_set will try to get 'fixed_ip' field on building match list which will always fail. This issue exists for all update_port operation because all the field need to be updated was packed in the 'port' field of target.

See original description
Jiajun Liu (ljjjustin)
description: updated
description: updated
description: updated
Revision history for this message
dan wendlandt (danwent) wrote :

Salvatore, can you look at this?

Changed in quantum:
assignee: nobody → Salvatore Orlando (salvatore-orlando)
milestone: none → folsom-rc1
status: New → Confirmed
Revision history for this message
Jiajun Liu (ljjjustin) wrote :

hi salvatore,

I was fixing another bug(https://bugs.launchpad.net/quantum/+bug/1031473)
related to policy check. So, could you assign this bug to me ?

dan wendlandt (danwent)
Changed in quantum:
assignee: Salvatore Orlando (salvatore-orlando) → ljjjustin (ljjjustin)
Revision history for this message
Salvatore Orlando (salvatore-orlando) wrote :

It would be helpful for me some more detail on desidered vs actual behavior.

Revision history for this message
Salvatore Orlando (salvatore-orlando) wrote :

Please do not untarget this bug. I will look at it as soon as possible.

ljjjjustin, do you have any update?

Revision history for this message
Jiajun Liu (ljjjustin) wrote :

OK

Revision history for this message
Salvatore Orlando (salvatore-orlando) wrote :

I can confirm we have a problem, but this is in the base controller class. the item fetched from the db is not correctly updated with the data in the request body.

fix is a one liner.

Changed in quantum:
importance: Undecided → Medium
assignee: ljjjustin (ljjjustin) → Salvatore Orlando (salvatore-orlando)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to quantum (master)

Fix proposed to branch: master
Review: https://review.openstack.org/12617

Changed in quantum:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to quantum (master)

Reviewed: https://review.openstack.org/12617
Committed: http://github.com/openstack/quantum/commit/650d676765f5927cd073bb8ff95c0085c71d50e2
Submitter: Jenkins
Branch: master

commit 650d676765f5927cd073bb8ff95c0085c71d50e2
Author: Salvatore Orlando <email address hidden>
Date: Fri Sep 7 16:45:48 2012 -0700

    Fix data passed to policy engine on update

    fix bug 1044218

    The original resource status fetched to the db was not being
    properly updated with the request body before feeding it to the
    policy engine

    Change-Id: I9f71e40edf44136a40fad1ef272696d6b3ea352d

Changed in quantum:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in quantum:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in quantum:
milestone: folsom-rc1 → 2012.2
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.