Only one firewall is allowed per tenant. This works as expected for non-admin tenants.
When a new firewall is added in the context of admin, this fails if some other tenant already has a firewall. This is because 'get_firewall_count' returns sum of all firewalls in the system. Addition of a new firewall for admin fails with the following error message.
500-{u'NeutronError': {u'message': u'Exceeded allowed count of firewalls for tenant tenant-2. Only one firewall is supported per tenant.', u'type': u'FirewallCountExceeded', u'detail': u''}}
fwaas_plugin.py
----------------
def create_firewall(self, context, firewall):
LOG.debug(_("create_firewall() called"))
tenant_id = self._get_tenant_id_for_create(context,
firewall['firewall'])
fw_count = self.get_firewalls_count(context)
if fw_count:
raise FirewallCountExceeded(tenant_id=tenant_id)
----------------
=> fw_count = self.get_firewalls_count(context)
In the context of admin, the function counts other tenant's firewall.
Tomoko,
I tested this on a fresh setup. I could create firewalls on multiple tenants. I used latest code from the trunk.
Can you update the bug with more information to recreate? It seems to work on the current code. Did you try it on specific branch?
Thanks,
-Rajesh Mohan