Cannot delete security group rules with unicode chars in their description
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack SDK |
New
|
Undecided
|
Unassigned | ||
neutron |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Some editing programs, like gdoc, will mutate double quotes to their unicode equivalent if you haven't disabled that feature. If someone accidentally creates a security group rule with a magic quote (due to an errant copy and paste) they could create a security group with a magic double quote in the description.
Subsequent attempts to delete that rule will fail with "Failed to delete rule with name or ID 'fc52f547-
To fix this I had to go into the DB and update the description line to remove the errant magic quote, at which point the delete succeeded.
I'm including the following in case anyone else hits this and wants a quick example of how to fix it:
mysql> use neutron;
mysql> select * from securitygrouprules where id='fc52f547-
*******
project_id: 335384b960d5391
id: fc52f547-
security_group_id: e595a97d-
remote_group_id: e595a97d-
direction: ingress
ethertype: IPv4
protocol: icmp
port_range_min: 11
port_range_max: NULL
remote_ip_prefix: 0.0.0.0/0
standard_attr_id: 977
1 row in set (0.00 sec)
mysql> select * from standardattributes where id=977;
+-----+
| id | resource_type | created_at | updated_at | description | revision_number |
+-----+
| 977 | securitygrouprules | 2018-08-08 22:37:56 | 2018-08-08 22:37:56 | ICMP Ping” | 0 |
+-----+
1 row in set (0.00 sec)
mysql> update standardattributes set description = "ICMP PING" where id=977;
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0
(openstack) security group rule delete fc52f547-
(openstack)
Hi @James,
If I reproduced this issue correct, this doesn't seem to be a neutron bug. In below, I tried to create a security group rule with unicode character. The trace indicated that the error was raised in client side:
$ RULE_ID=$(openstack security group rule create --protocol "icmp" --remote-ip "0.0.0.0/0" --description "ICMP Ping”" default -c id -f value)
$ openstack security group rule delete $RULE_ID c5db-47aa- bb16-873071ed3f 8a': 'ascii' codec can't encode
Failed to delete rule with name or ID '576a8d9b-
character u'\u201d' in position 136: ordinal not in range(128)
1 of 1 rules failed to delete.
$ openstack --debug security group rule delete $RULE_ID lib/python2. 7/dist- packages/ osc_lib/ shell.py" , line 134, in run Shell, self).run(argv) lib/python2. 7/dist- packages/ cliff/app. py", line 279, in run subcommand( remainder) lib/python2. 7/dist- packages/ osc_lib/ shell.py" , line 169, in run_subcommand Shell, self).run_ subcommand( argv) lib/python2. 7/dist- packages/ cliff/app. py", line 400, in run_subcommand parsed_ args) lib/python2. 7/dist- packages/ osc_lib/ command/ command. py", line 41, in run parsed_ args) lib/python2. 7/dist- packages/ cliff/command. py", line 184, in run action( parsed_ args) or 0 lib/python2. 7/dist- packages/ openstackclient /network/ common. py", line 120, in take_action CommandError( msg)
...
Traceback (most recent call last):
File "/usr/local/
ret_val = super(OpenStack
File "/usr/local/
result = self.run_
File "/usr/local/
ret_value = super(OpenStack
File "/usr/local/
result = cmd.run(
File "/usr/local/
return super(Command, self).run(
File "/usr/local/
return_code = self.take_
File "/usr/local/
raise exceptions.
CommandError: 1 of 1 rules failed to delete.
If I directly delete it through REST API, it worked:
$ curl -i -X DELETE -H "Accept: application/json" -H "X-Auth-Token: $TOKEN" 10.0.0. 15:9696/ v2.0/security- group-rules/ $RULE_ID" Request- Id: req-b042e293- 2b00-4a45- a19f-f50566e236 af
"http://
HTTP/1.1 204 No Content
X-Openstack-
Content-Length: 0
Date: Tue, 21 Aug 2018 19:16:58 GMT