self-referential security groups can not be deleted
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
High
|
Mark McLoughlin | ||
nova (Ubuntu) |
Fix Released
|
High
|
Unassigned |
Bug Description
Creating security groups that authorize themselves (and probably other groups) cannot be deleted from nova.
To reproduce:
(SIDE NOTE: I couldn't get euca2ools to create the test case because its using some deprecated authorize_
adam@amebix:~$ euca-add-group -d testing secgroup_test
GROUP secgroup_test testing
adam@amebix:~$ euca-authorize -p 25 -o secgroup_test secgroup_test
GROUP secgroup_test
PERMISSION secgroup_test ALLOWS tcp 25 25 GRPNAME secgroup_test FROM CIDR 0.0.0.0/0
adam@amebix:~$ euca-describe-
GROUP 687ccca5b93f497
PERMISSION 687ccca5b93f497
GROUP 687ccca5b93f497
PERMISSION 687ccca5b93f497
adam@amebix:~$ euca-delete-group secgroup_test
UnknownError: An unknown error has occurred. Please try your request again.
nova-api.log shows:
2012-03-15 12:46:32 ERROR nova.api.ec2 [req-7c56e5e0-
(nova.api.ec2): TRACE: Traceback (most recent call last):
(nova.api.ec2): TRACE: File "/usr/lib/
(nova.api.ec2): TRACE: result = api_request.
(nova.api.ec2): TRACE: File "/usr/lib/
(nova.api.ec2): TRACE: result = method(context, **args)
(nova.api.ec2): TRACE: File "/usr/lib/
(nova.api.ec2): TRACE: raise exception.
(nova.api.ec2): TRACE: InvalidGroup: Group not valid. Reason: In Use
(nova.api.ec2): TRACE:
2012-03-15 12:46:32 ERROR nova.api.ec2 [req-7c56e5e0-
...which is the exception that should be raised when attempting to delete a group with running instances associated, not when other security groups are associated. AFAICS from comparing to AWS, the expected behavior here is to delete all rules referencing this group as well as the original.
Changed in nova (Ubuntu): | |
importance: | Undecided → High |
Changed in nova: | |
importance: | Undecided → High |
status: | New → Triaged |
milestone: | none → essex-rc1 |
Changed in nova: | |
assignee: | Adam Gandelman (gandelman-a) → Vish Ishaya (vishvananda) |
Changed in nova: | |
assignee: | Vish Ishaya (vishvananda) → Adam Gandelman (gandelman-a) |
Changed in nova: | |
status: | Fix Committed → Fix Released |
Changed in nova (Ubuntu): | |
status: | New → Fix Released |
Changed in nova: | |
milestone: | essex-rc1 → essex-rc2 |
Changed in nova: | |
milestone: | essex-rc2 → 2012.1 |
Fix proposed to branch: master /review. openstack. org/5424
Review: https:/