Juniper Openstack

rbac: rbacutil need to handle creation of global-acl

Bug #1606667 reported by shajuvk on 2016-07-26

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Juniper Openstack	Status tracked in Trunk
R3.1	Fix Committed	Medium	Deepinder Setia	Juniper Openstack r3.1.0.0-fcs
R3.2	Fix Committed	Medium	Deepinder Setia	Juniper Openstack r3.2.0.0-fcs "r3.2.0.0"
Trunk	Fix Committed	Medium	Deepinder Setia	Juniper Openstack r4.0.0.0-fcs "r4.0.0.0"

Bug Description

creation of global ACL failing, since the ACL entries already present.

root@a5s7:/opt/contrail/utils# python rbacutil.py --name "default-global-system-config:default-api-access-list" --rule "virtual-network _member_:R" --op create
Rbac is enabled

Oper = create
Name = ['default-global-system-config', 'default-api-access-list']
UUID = None
API Server = 127.0.0.1:8082

Traceback (most recent call last):
  File "rbacutil.py", line 302, in <module>
    pobj = vnc.domain_read(fq_name = fq_name[0:1])
  File "/usr/lib/python2.7/dist-packages/vnc_api/vnc_api.py", line 39, in wrapper
    return func(self, *args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/vnc_api/vnc_api.py", line 399, in _object_read
    res_type, fq_name, fq_name_str, id, ifmap_id)
  File "/usr/lib/python2.7/dist-packages/vnc_api/vnc_api.py", line 692, in _read_args_to_id
    return (True, self.fq_name_to_id(res_type, fq_name))
  File "/usr/lib/python2.7/dist-packages/vnc_api/vnc_api.py", line 39, in wrapper
    return func(self, *args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/vnc_api/vnc_api.py", line 902, in fq_name_to_id
    content = self._request_server(rest.OP_POST, uri, data=json_body)
  File "/usr/lib/python2.7/dist-packages/vnc_api/vnc_api.py", line 706, in _request_server
    retry_count=retry_count)
  File "/usr/lib/python2.7/dist-packages/vnc_api/vnc_api.py", line 747, in _request
    % (op, url, data, content))
cfgm_common.exceptions.NoIdError: Unknown id: Error: oper 1 url /fqname-to-id body {"fq_name": ["default-global-system-config"], "type": "domain"} response Name ['default-global-system-config'] not found
root@a5s7:/opt/contrail/utils# python rbacutil.py --name "default-global-system-config:default-api-access-list" --rule "virtual-network _member_:R" --op read
Rbac is enabled

Oper = read
Name = ['default-global-system-config', 'default-api-access-list']
UUID = None
API Server = 127.0.0.1:8082

Rules (3):
----------
1 fqname-to-id *:CRUD,
2 id-to-fqname *:CRUD,
3 documentation *:R,

root@a5s7:/opt/contrail/utils#

Tags:

shajuvk (shajuvk) on 2016-07-26

information type:

Proprietary → Public

Revision history for this message

Deepinder Setia (dsetia) wrote on 2016-08-05:

Fixed by https://review.opencontrail.org/#/c/22683/

shajuvk (shajuvk) on 2016-09-06

summary:

- rbac: rbacutil need to handling creation of global-acl
+ rbac: rbacutil need to handle creation of global-acl

Jeba Paulaiyan (jebap) on 2016-11-29

tags:

added: config

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.