[SRU] Fails to list security groups if one or more exists without rules
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Dashboard (Horizon) |
Fix Released
|
Medium
|
Akihiro Motoki | ||
Ubuntu Cloud Archive |
Fix Released
|
Medium
|
Unassigned | ||
Queens |
Fix Released
|
Medium
|
Unassigned | ||
Rocky |
Fix Released
|
Medium
|
Unassigned | ||
Stein |
Fix Released
|
Medium
|
Unassigned | ||
Train |
Fix Released
|
Medium
|
Unassigned | ||
horizon (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Bionic |
Fix Released
|
Medium
|
Unassigned | ||
Disco |
Fix Released
|
Medium
|
Unassigned | ||
Eoan |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Horizon 14.0.2 (rocky)
If a security group without any rules exists the listing of security groups fails with a KeyError.
Traceback (most recent call last):
File "/usr/share/
data = function(self, request, *args, **kw)
File "/usr/share/
security_groups = api.neutron.
File "/usr/lib/
value = cache[key] = func(*args, **kwargs)
File "/usr/share/
return SecurityGroupMa
File "/usr/share/
return self._list(
File "/usr/share/
return [SecurityGroup(sg) for sg in secgroups.
File "/usr/share/
for rule in sg['security_
KeyError: 'security_
=======
[Impact]
By default, new security groups created through horizon or CLI include 2 default security rules. Upon managing those rules and removing them (to perhaps add others or limit traffic completely), the security group page errors out and prevents listing of *all* security groups if the empty security group is within the list to be displayed. Therefore, not only is the empty security group affected, but all others as well, as they cannot be listed. The root cause of the bug is that the payload does not include the expected key "security_
A fix has been implemented for Train (from master), Stein, Rocky and Queens releases and should be backported so the issue is addressed on previous those releases. The fix prevents the crash by ensuring the key "security_
[Test Case]
1. Reproducing the issue
1a. Go to the Security Group section at Project > Network > Security Groups
1b. Create a security group
1c. Click the Manage Rules button for that security group you just created
1d. Delete the two default rules
1e. Go back to the Security Group section at Project > Network > Security Groups
1f. Security groups are no longer being listed and there will be an error popup: "Error: Unable to retrieve security groups.".
2. Install the package with the fixed code
3. Confirm bug has been fixed
3a. Repeat step 1a, you will notice that now security groups can be listed, including the empty one you had previously created
3b. Repeat steps 1b through 1e, the newly created and emptied security group can also be listed along the others.
[Regression Potential]
Given the following indicators:
a. Upstream CI passed, for all releases the fix is being backported.
b. The small scope of the problem: a key error prevents the page from being rendered. The fix is to make sure the key is always present, since it is always expected.
c. The fix is very simple, and during tests we can see that the other pages handle an empty list properly as the value for the "security_
We can safely state that the regression potential is negligible.
tags: | added: neutron |
Changed in horizon: | |
importance: | Undecided → Medium |
tags: | added: stein-backport-potential |
Changed in horizon: | |
assignee: | Tobias Urdin (tobias-urdin) → Akihiro Motoki (amotoki) |
summary: |
- Fails to list security groups if one or more exists without rules + [SRU] Fails to list security groups if one or more exists without rules |
Changed in horizon (Ubuntu Bionic): | |
status: | New → In Progress |
Changed in horizon (Ubuntu Disco): | |
status: | New → In Progress |
Changed in horizon (Ubuntu Eoan): | |
status: | New → In Progress |
tags: | added: sts-sru-needed |
Changed in horizon (Ubuntu Eoan): | |
status: | In Progress → Fix Released |
importance: | Undecided → Medium |
Changed in horizon (Ubuntu Disco): | |
importance: | Undecided → Medium |
Changed in horizon (Ubuntu Bionic): | |
importance: | Undecided → Medium |
Changed in horizon (Ubuntu): | |
importance: | Undecided → Medium |
status: | New → Fix Released |
tags: | removed: rocky-backport-potential stein-backport-potential |
tags: |
added: verification-done removed: verification-needed |
Fix proposed to branch: master /review. opendev. org/676950
Review: https:/