fwaas:shrared attribute of tenant's firewall should not have the option to update
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
High
|
Eugene Nikanorov |
Bug Description
DESCRIPTION:
Shared attribute is not shown when creating firewall.
I understand that, admin can only create shared firewall since it will affect other tenants also
In that case, creating shared firewall is prohibited correctly however I am able to update the firewall from tenant by shared = true
This should not be allowed
Steps to Reproduce:
root@IGA-OSC:~# fwc 7436f673-
Invalid values_specs true
root@IGA-OSC:~# fwc 7436f673-
Invalid values_specs false
root@IGA-OSC:~# fwc 7436f673-
{"NeutronError": {"message": "Policy doesn't allow create_firewall to be performed.", "type": "PolicyNotAutho
root@IGA-OSC:~# fwc 7436f673-
Created a new firewall:
+------
| Field | Value |
+------
| admin_state_up | True |
| description | |
| firewall_policy_id | 7436f673-
| id | 476dfe06-
| name | f2 |
| status | PENDING_CREATE |
| tenant_id | bf4fbb928d57482
+------
root@IGA-OSC:~# fwu f2 --shared true -------
Updated firewall: f2
root@IGA-OSC:~# fws f2
+------
| Field | Value |
+------
| admin_state_up | True |
| description | |
| firewall_policy_id | 7436f673-
| id | 476dfe06-
| name | f2 |
| status | ACTIVE |
| tenant_id | bf4fbb928d57482
+------
Actual Results:
Able to update the shared attribute of tenant's firewall
Expected Results:
tenant's firewall should not be able to update the shared attribute
Changed in neutron: | |
importance: | Undecided → Medium |
tags: | added: fwaas |
Changed in neutron: | |
status: | New → Confirmed |
importance: | Medium → High |
assignee: | nobody → Eugene Nikanorov (enikanorov) |
tags: | added: api |
Changed in neutron: | |
milestone: | none → juno-1 |
Changed in neutron: | |
status: | Fix Committed → Fix Released |
Changed in neutron: | |
milestone: | juno-1 → 2014.2 |
Fix proposed to branch: master /review. openstack. org/95953
Review: https:/