Need to allow specifying both service type and service group in a firewall rule
Bug #1762517 reported by
Senthilnathan Murugappan
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Juniper Openstack | Status tracked in Trunk | |||||
R5.0 |
Fix Committed
|
High
|
Suresh Akula | |||
Trunk |
Fix Committed
|
High
|
Suresh Akula |
Bug Description
If a user wants to update a FW-Rule with a service property specified to service-group refs he wont be able to, we should atleast allow user to specify both.
Believe in agent, it would be an AND operation of all services, hope that is fine.
tags: | added: ui |
To post a comment you must log in.
If using VncApi the recommended way is to use set_service_ group_list( ) rather than add_service_ group() .
Reason: group_list( ) would make a single api call with both ref update and service property removed so we dont need any change in the Contrail config rest api server side.
Add service group would split the firewall-rule update call to "PUT on FWRule Object" to remove the service property and a "POST on ref-update" to link Service-Group and Firewall-Rule rather a
set_service_
ToDo: group_list( ) so reassigning to UI team.
Contrail UI needs to adapt to set_service_