Failed to create a firewall rule with "ANY" protocol on Horizon UI

Bug #1229543 reported by Kaiwei Fan
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Dashboard (Horizon)
Fix Released
Medium
Akihiro Motoki

Bug Description

The Horizon UI failed to create a firewall with Protocol "ANY". The error is:

Error: Unable to add Rule "all".Firewall Rule protocol None is not supported. Only protocol values [None, 'tcp', 'udp', 'icmp'] and their integer representation (0 to 255) are supported.

Tags: neutron fwaas
tags: added: fwaas
Revision history for this message
Akihiro Motoki (amotoki) wrote :

This looks a Horizon bug. A string "None" is sent as a protocol value instead of null.

My apache2 log says:

[Tue Sep 24 06:27:48 2013] [error] REQ: curl -i http://10.56.51.210:9696//v2.0/fw/firewall_rules.json -X POST -H "X-Auth-Token: 0db10587cf2f41ff879e3ba51df98619" -H "Content-Type: application
/json" -H "Accept: application/json" -H "User-Agent: python-neutronclient" -d '{"firewall_rule": {"protocol": "None", "name": "from-mysubnet", "enabled": true, "source_ip_address": "133.56.10
.0/24", "destination_ip_address": null, "source_port": null, "shared": false, "destination_port": null, "action": "allow", "description": ""}}'
[Tue Sep 24 06:27:48 2013] [error]
[Tue Sep 24 06:27:48 2013] [error] DEBUG:neutronclient.client:RESP:{'date': 'Tue, 24 Sep 2013 06:27:48 GMT', 'status': '400', 'content-length': '174', 'content-type': 'application/json; chars
et=UTF-8'} {"NeutronError": "Firewall Rule protocol None is not supported. Only protocol values [None, 'tcp', 'udp', 'icmp'] and their integer representation (0 to 255) are supported."}
[Tue Sep 24 06:27:48 2013] [error]

Changed in horizon:
importance: Undecided → Medium
milestone: none → havana-rc1
status: New → Confirmed
Revision history for this message
Sumit Naiksatam (snaiksat) wrote :

Akihiro, that is correct. This is not a Neutron bug. Horizon should be sending "any" protocol value.

Changed in neutron:
status: New → Invalid
no longer affects: neutron
Revision history for this message
Akihiro Motoki (amotoki) wrote :

In Django form, all variables are interpreted as a string, thus None is set in the choice field, but a string "None" is actually sent back from a browser.

In Neutron FWaaS API, we need to pass None for "protocol" or omit "protocol" attribute when POST /firewall_rules.
In this fix, I will drop "protocol" attribute if the post value means "ANY" protocol.

In addition, since None is handled as a string, there is no need to use `None' in the code.
A string value "any" is more meaningful and easy to understand.

Changed in horizon:
assignee: nobody → Akihiro Motoki (amotoki)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to horizon (master)

Fix proposed to branch: master
Review: https://review.openstack.org/48050

Changed in horizon:
status: Confirmed → In Progress
Akihiro Motoki (amotoki)
tags: added: neutron
Changed in horizon:
assignee: Akihiro Motoki (amotoki) → Kuang-Ching Wang (kc-wang)
assignee: Kuang-Ching Wang (kc-wang) → nobody
Revision history for this message
Kuang-Ching Wang (kc-wang) wrote :

Akihiro, sorry I overlooked that you already proposed a fix for this. I am trying to reassign this back to you now, but somehow I was not able to retrieve your name in the assign box.

My apology again. I tried a simple fix and it worked and hence I just assigned it to myself without reading the full discussion first.

Revision history for this message
Sumit Naiksatam (snaiksat) wrote :

Thanks Akihiro and KC for looking into this.

Akihiro, I agree with your approach. This was the reason for keeping the protocol attribute optional in the FWaaS API.

Changed in horizon:
assignee: nobody → Akihiro Motoki (amotoki)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to horizon (master)

Reviewed: https://review.openstack.org/48050
Committed: http://github.com/openstack/horizon/commit/98162a9359347c0d4360e57fea49035592c80d53
Submitter: Jenkins
Branch: master

commit 98162a9359347c0d4360e57fea49035592c80d53
Author: Akihiro MOTOKI <email address hidden>
Date: Tue Sep 24 22:46:58 2013 +0900

    Fix a bug firewall rule creation fails with ANY protocol

    Change-Id: I9dc92becd748008e3981126d90feaec7b7c8882f
    Closes-Bug: #1229543

Changed in horizon:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in horizon:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in horizon:
milestone: havana-rc1 → 2013.2
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.