neutron

failed to create port with security group of other tenant

Bug #1890539 reported by zhanghao on 2020-08-06

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	Fix Released	Medium	zhanghao

Bug Description

How to reproduce this problem:
1.source demo-openrc
2.openstack security group create sg001
3.source admin-openrc
4.openstack port create port001 --network net10 --security-group sg001 Failed
  prompt the following error:
  Security group sg001_id does not exist
5.openstack port create port002 --network net10
  openstack port set port002 --security-group sg001 OK
  port002 security group ids include sg001_id

Tags:

zhanghao (zhanghao2) on 2020-08-06

Changed in neutron:
assignee:	nobody → zhanghao (zhanghao2)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-08-06: Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.opendev.org/745089

Changed in neutron:
status:	New → In Progress

Revision history for this message

Miguel Lavalle (minsel) wrote on 2020-08-10:

It seems we lost the capability of doing what submitter proposes in this change: https://review.opendev.org/#/c/635311/22/neutron/db/securitygroups_db.py

Changed in neutron:
importance:	Undecided → Medium

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-08-14: Fix merged to neutron (master)

Reviewed: https://review.opendev.org/745089
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=cc54a1c38e0b537883de43fecda781034c80daf3
Submitter: Zuul
Branch: master

commit cc54a1c38e0b537883de43fecda781034c80daf3
Author: zhanghao <email address hidden>
Date: Thu Aug 6 04:02:36 2020 -0400

Fix port can not be created with the sg of other project

This patch adds the verification of whether admin context when
verifying the valid security groups of port.

Change-Id: I2674bdc448d9a091b9fe8c68f0866fd19141c6be
Closes-Bug: #1890539

Changed in neutron:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-08-14: Fix proposed to neutron (stable/ussuri)

Fix proposed to branch: stable/ussuri
Review: https://review.opendev.org/746322

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-08-19: Fix merged to neutron (stable/ussuri)

Reviewed: https://review.opendev.org/746322
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=083748fadd8d739a99d1dacb747d2fec79b7cc27
Submitter: Zuul
Branch: stable/ussuri

commit 083748fadd8d739a99d1dacb747d2fec79b7cc27
Author: zhanghao <email address hidden>
Date: Thu Aug 6 04:02:36 2020 -0400

Fix port can not be created with the sg of other project

This patch adds the verification of whether admin context when
verifying the valid security groups of port.

    Change-Id: I2674bdc448d9a091b9fe8c68f0866fd19141c6be
    Closes-Bug: #1890539
    (cherry picked from commit cc54a1c38e0b537883de43fecda781034c80daf3)

tags:

added: in-stable-ussuri

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-08-20: Fix proposed to neutron (stable/train)

Fix proposed to branch: stable/train
Review: https://review.opendev.org/747065

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-08-20: Fix proposed to neutron (stable/stein)

Fix proposed to branch: stable/stein
Review: https://review.opendev.org/747066

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-08-28: Fix merged to neutron (stable/stein)

Reviewed: https://review.opendev.org/747066
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=494f9751d3b8d85c91494a290a64c175126b6b57
Submitter: Zuul
Branch: stable/stein

commit 494f9751d3b8d85c91494a290a64c175126b6b57
Author: zhanghao <email address hidden>
Date: Thu Aug 6 04:02:36 2020 -0400

Fix port can not be created with the sg of other project

This patch adds the verification of whether admin context when
verifying the valid security groups of port.

Conflicts:
neutron/tests/unit/extensions/test_securitygroup.py

    Change-Id: I2674bdc448d9a091b9fe8c68f0866fd19141c6be
    Closes-Bug: #1890539
    (cherry picked from commit cc54a1c38e0b537883de43fecda781034c80daf3)

tags:

added: in-stable-stein

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-08-29: Fix merged to neutron (stable/train)

Reviewed: https://review.opendev.org/747065
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=40a6b4b9e6f4fb06decc885f0419e79bbff731ec
Submitter: Zuul
Branch: stable/train

commit 40a6b4b9e6f4fb06decc885f0419e79bbff731ec
Author: zhanghao <email address hidden>
Date: Thu Aug 6 04:02:36 2020 -0400

Fix port can not be created with the sg of other project

This patch adds the verification of whether admin context when
verifying the valid security groups of port.

Conflicts:
neutron/tests/unit/extensions/test_securitygroup.py

    Change-Id: I2674bdc448d9a091b9fe8c68f0866fd19141c6be
    Closes-Bug: #1890539
    (cherry picked from commit cc54a1c38e0b537883de43fecda781034c80daf3)

tags:

added: in-stable-train

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.