OpenStack Dashboard (Horizon)

The policy of allowed address pair is wrong

Bug #1702804 reported by qiaomin032 on 2017-07-07

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Dashboard (Horizon)	Fix Released	Medium	qiaomin032	OpenStack Dashboard (Horizon) pike-3

Bug Description

Reproduce the bug:
1 log in as a normal user, the user switch to "Project"/"Network"/"Networks" page,
2 Click a shared network which is not created by the current user into the detail page,
3 Click into the port tab and click a port into the detail page,
4 Click into the "Allowed Address Pairs" tab and click the button "Add Allowed Address Pair" and open the form, input a ip and submit the form, there will display the error in the console: "disallowed by policy rule (rule:update_port and rule:update_port:allowed_address_pairs)"
5 Delete Allowed Address Pair also cast the same error.

Detail error as below:
Recoverable error: {'status': u'ACTIVE', u'allowed_address_pairs': [{u'ip_address': u'172.16.50.55', u'mac_address': u'fa:16:3e:1e:07:20'}, {u'ip_address': u'182.3.4.2'}], 'tags': [], 'network_id': u'80f4f8b3-75a7-4fe1-8a8b-403aa7971a75', 'tenant_id': u'0bec32ca31924d2c9ac5acd69d80f2b2', 'attributes_to_update': [u'allowed_address_pairs'], u'network:tenant_id': u'68de5ab28c114a1699cbd98b8ab1d37c', 'project_id': u'0bec32ca31924d2c9ac5acd69d80f2b2', 'id': u'18dddbeb-31ce-422b-b46f-492bfa7cd036'} is disallowed by policy rule (rule:update_port and rule:update_port:allowed_address_pairs) with {'project_id': u'0bec32ca31924d2c9ac5acd69d80f2b2', 'domain': None, 'project_name': u'\u65e0\u9521\u7814\u53d1', 'user_id': u'ebac3104465047bcb0110ecd3cc5d3fd', 'roles': [u'_member_'], 'user_domain_id': None, 'service_project_id': None, 'project_domain': None, 'tenant_id': u'0bec32ca31924d2c9ac5acd69d80f2b2', 'service_user_domain_id': None, 'service_project_domain_id': None, 'service_roles': [], 'is_admin_project': True, 'service_user_id': None, 'is_admin': False, 'user': u'ebac3104465047bcb0110ecd3cc5d3fd', 'tenant_name': u'\u65e0\u9521\u7814\u53d1', 'user_domain': None, 'user_name': u'chen.qiaomin', 'tenant': u'0bec32ca31924d2c9ac5acd69d80f2b2', 'project_domain_id': None}
Neutron server returns request_ids: ['req-17b10da8-c7e5-4bbe-a765-920a75ca8b4b']

See original description

Tags:

OpenStack Infra (hudson-openstack) on 2017-07-07

Changed in horizon:
assignee:	nobody → qiaomin032 (chen-qiaomin)
status:	New → In Progress

qiaomin032 (chen-qiaomin) on 2017-07-07

description:

updated

qiaomin032 (chen-qiaomin) on 2017-07-07

description:

updated

Revision history for this message

Raghav (hegderp) wrote on 2017-07-11:

this issue is not specific to horizon. can be reproduced even through CLI using neutron port-update or openstack port-set commands

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-07-17: Fix merged to horizon (master)

Reviewed: https://review.openstack.org/480840
Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=95c0109f2a2dc318c27c35f92f3f948cdab7709c
Submitter: Jenkins
Branch: master

commit 95c0109f2a2dc318c27c35f92f3f948cdab7709c
Author: qiaomin <chen.qiaomin@99cloud.net>
Date: Thu Jul 6 14:31:45 2017 +0800

Add correct policy for some actions

This patch correct the wrong policy for add allowed address pair
and add policy for delete allowed address pair.

Closes-Bug: #1702804
Change-Id: Idb47a924fbf659459c6537f32dc2ad378e436255

Changed in horizon:
status:	In Progress → Fix Released

Ying Zuo (yingzuo) on 2017-07-17

Changed in horizon:
importance:	Undecided → Medium
milestone:	none → pike-3

Revision history for this message

Raghav (hegderp) wrote on 2017-07-18:

is there any plan to back port this to newton or ocata?

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-07-19: Fix proposed to horizon (stable/ocata)

Fix proposed to branch: stable/ocata
Review: https://review.openstack.org/485008

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-07-19: Fix proposed to horizon (stable/newton)

Fix proposed to branch: stable/newton
Review: https://review.openstack.org/485009

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-07-19: Fix merged to horizon (stable/ocata)

Reviewed: https://review.openstack.org/485008
Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=088538914f0a2607f09f8a725b8673bb3fccd161
Submitter: Jenkins
Branch: stable/ocata

commit 088538914f0a2607f09f8a725b8673bb3fccd161
Author: qiaomin <chen.qiaomin@99cloud.net>
Date: Thu Jul 6 14:31:45 2017 +0800

Add correct policy for some actions

This patch correct the wrong policy for add allowed address pair
and add policy for delete allowed address pair.

    Closes-Bug: #1702804
    Change-Id: Idb47a924fbf659459c6537f32dc2ad378e436255
    (cherry picked from commit 95c0109f2a2dc318c27c35f92f3f948cdab7709c)

tags:

added: in-stable-ocata

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-07-27: Fix included in openstack/horizon 12.0.0.0b3

This issue was fixed in the openstack/horizon 12.0.0.0b3 development milestone.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-08-17: Change abandoned on horizon (stable/newton)

Change abandoned by Rob Cresswell (<email address hidden>) on branch: stable/newton
Review: https://review.openstack.org/485009

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-10-04: Fix included in openstack/horizon 11.0.4

This issue was fixed in the openstack/horizon 11.0.4 release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.