python-neutronclient

neutron firewall-rule-show is not displaying protocol field when set to any

Bug #1336800 reported by Koteswara Rao Kelam on 2014-07-02

6

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	python-neutronclient	Expired	Undecided	Unassigned

Bug Description

DESCRIPTION:
neutron firewall-rule-show is not displaying protocol field when set to any

Steps to Reproduce:
create a firewall rule with protocol option as any
check the protocol field in neutron firewall-rule-show <rule-id>

Actual Results:
root@IGA-OSC:~# fwrc --name r4 --protocol any --action allow
Created a new firewall_rule:
+------------------------+--------------------------------------+
| Field | Value |
+------------------------+--------------------------------------+
| action | allow |
| description | |
| destination_ip_address | |
| destination_port | |
| enabled | True |
| firewall_policy_id | |
| id | efa447cd-f411-48b2-a9dc-804b42fd371b |
| ip_version | 4 |
| name | r4 |
| position | |
| protocol | |
| shared | False |
| source_ip_address | |
| source_port | |
| tenant_id | d9481c57a11c46eea62886938b5378a7 |
+------------------------+--------------------------------------+
root@IGA-OSC:~# fwrs r4
+------------------------+--------------------------------------+
| Field | Value |
+------------------------+--------------------------------------+
| action | allow |
| description | |
| destination_ip_address | |
| destination_port | |
| enabled | True |
| firewall_policy_id | |
| id | efa447cd-f411-48b2-a9dc-804b42fd371b |
| ip_version | 4 |
| name | r4 |
| position | |
| protocol | |
| shared | False |
| source_ip_address | |
| source_port | |
| tenant_id | d9481c57a11c46eea62886938b5378a7 |
+------------------------+--------------------------------------+

Tags:

Koteswara Rao Kelam (koti-kelam) on 2014-07-02

Changed in neutron:
assignee:	nobody → Koteswara Rao Kelam (koti-kelam)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-07-03: Fix proposed to neutron (master)

#1

Fix proposed to branch: master
Review: https://review.openstack.org/104541

Changed in neutron:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-07-25: Change abandoned on neutron (master)

#2

Change abandoned by Koteswara Rao Kelam (<email address hidden>) on branch: master
Review: https://review.openstack.org/104541
Reason: this change should be in neutronclient code. abandon here and submit patch in neutronclient

Koteswara Rao Kelam (koti-kelam) on 2014-07-25

affects:

neutron → python-neutronclient

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-07-25: Fix proposed to python-neutronclient (master)

#3

Fix proposed to branch: master
Review: https://review.openstack.org/109521

Revision history for this message

Armando Migliaccio (armando-migliaccio) wrote on 2014-08-09:

#4

In my opinion this bug is invalid. ANY is not accepted by the client nor the server. When passing --protocol this is ignored and null is sent over. Hence null is received in the reply.

Changed in python-neutronclient:
status:	In Progress → Incomplete

Revision history for this message

Akihiro Motoki (amotoki) wrote on 2014-08-10:

#5

As Armando commented, nothing is displayed for "null" attribute in outputs of neutron client. It is done commonly in neutronclient outputs. It is technically correct and consistent how None (null) attributes are displayed.

On the other hand, CLI is a presentation layer for users and CLI should not be confusing as possible as we can.
In this case, even though a user specifies ANY for protocol, he/she will gets an empty string (Null) for protocol.
It is confusing from the point of end users.

P.S.
neutronclient has a lot of confusing points from enduser perspective. e.g., No help for update command, Free format option for create. No help for filters in List command... It is not the only case......

Revision history for this message

Koteswara Rao Kelam (koti-kelam) wrote on 2014-08-12:

#6

hi.. I feel it is a VALID defect from customer point of view. As a developer we may know that null is stored for "any" but as Akihiro said end user may confuse that he configured "--protocol any" but show command displays null. He may even misunderstand that null means "no protocol" instead of "all protocols".

Please check firewall list command. It also modifies the output before displaying. It is displaying "no-protocol" instead of null. I modified this also to "any" in my patch.

Revision history for this message

Armando Migliaccio (armando-migliaccio) wrote on 2014-08-12:

#7

Agreed. So change what's get passed on the wire, don't hack through the presentation layer. If one goes directly to the API he/she will still get null and that's inconsistent with the CLI. This is what I am saying. The bug is 'invalid' as you described. It's not a matter of presentation, but rather as API definition.

Revision history for this message

Sumit Naiksatam (snaiksat) wrote on 2014-08-16:

#8

So if I recall correctly from the reviews (when this feature was implemented), I believe we decided that the default value for the the protocol attribute is None (implying matching all protocols) based on the precedent in Security Groups [1]. We should probably follow whatever is being done there in CLI (in terms what value is displayed when protocol is set to None).

[1] https://github.com/openstack/neutron/blob/master/neutron/extensions/securitygroup.py#L180

Revision history for this message

Koteswara Rao Kelam (koti-kelam) wrote on 2014-08-17:

#9

OK. But firewall-rule-list displays "no-protocol" instead of None. Do we need to change this?
I feel changing in the presentation layer is better way and displaying whatever user configured is always good instead of displaying nothing. This will avoid confusion also :)

Revision history for this message

Koteswara Rao Kelam (koti-kelam) wrote on 2014-08-17:

#10

I feel even in case of sec-groups also, we can change this in presentation layer keeping the attribute value as None.

Koteswara Rao Kelam (koti-kelam) on 2014-08-19

Changed in python-neutronclient:
status:	Incomplete → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-12-08: Change abandoned on python-neutronclient (master)

#11

Change abandoned by Kyle Mestery (<email address hidden>) on branch: master
Review: https://review.openstack.org/109521
Reason: This change is old enough and hasn't seen any updates since August 5, 2014. Abandoning it, please revive it if you plan to work on it again.

Revision history for this message

Armando Migliaccio (armando-migliaccio) wrote on 2016-03-12:

#12

This bug is > 172 days without activity. We are unsetting assignee and milestone and setting status to Incomplete in order to allow its expiry in 60 days.

If the bug is still valid, then update the bug status.

Changed in python-neutronclient:
assignee:	Koteswara Rao Kelam (koti-kelam) → nobody
status:	In Progress → Incomplete

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-05-11:

#13

[Expired for python-neutronclient because there has been no activity for 60 days.]

Changed in python-neutronclient:
status:	Incomplete → Expired

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.