euca-revoke removes the wrong group authorization
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Eucalyptus |
New
|
Undecided
|
chris grzegorczyk | ||
euca2ools (Ubuntu) |
Triaged
|
Medium
|
Mitch Garnaat |
Bug Description
Binary package hint: euca2ools
I have a security group and have authorized traffic from two other groups to it, "web" and "lds":
andreas@nsn2:~$ euca-describe-
GROUP admin ssh Allows 22/tcp from everywhere
PERMISSION admin ssh ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0
PERMISSION admin ssh ALLOWS tcp 0 65535 GRPNAME web
PERMISSION admin ssh ALLOWS udp 0 65535 GRPNAME web
PERMISSION admin ssh ALLOWS icmp -1 -1 GRPNAME web
PERMISSION admin ssh ALLOWS tcp 0 65535 GRPNAME lds
PERMISSION admin ssh ALLOWS udp 0 65535 GRPNAME lds
PERMISSION admin ssh ALLOWS icmp -1 -1 GRPNAME lds
Now I remove this authorization for the "lds" group:
andreas@nsn2:~$ euca-revoke -o lds -u admin ssh
GROUP ssh
PERMISSION ssh ALLOWS USER admin GRPNAME lds
Listing the "ssh" group now shows that the "lds" group is still there and the "web" one was removed instead:
andreas@nsn2:~$ euca-describe-
GROUP admin ssh Allows 22/tcp from everywhere
PERMISSION admin ssh ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0
PERMISSION admin ssh ALLOWS tcp 0 65535 GRPNAME lds
PERMISSION admin ssh ALLOWS udp 0 65535 GRPNAME lds
PERMISSION admin ssh ALLOWS icmp -1 -1 GRPNAME lds
This is against a cloud controller on lucid, running:
$ dpkg -l|grep eucalyptus
ii eucalyptus-cc 1.6.2-0ubuntu30.3 Elastic Utility Computing Architecture - Clu
ii eucalyptus-cloud 1.6.2-0ubuntu30.3 Elastic Utility Computing Architecture - Clo
ii eucalyptus-common 1.6.2-0ubuntu30.3 Elastic Utility Computing Architecture - Com
ii eucalyptus-gl 1.6.2-0ubuntu30.3 Elastic Utility Computing Architecture - Log
ii eucalyptus-
ii eucalyptus-sc 1.6.2-0ubuntu30.3 Elastic Utility Computing Architecture - Sto
ii eucalyptus-walrus 1.6.2-0ubuntu30.3 Elastic Utility Computing Architecture - Wal
ii libeucalyptus-
The client has this version os euca2ools installed and is also lucid:
ii euca2ools 1.2-0ubuntu10 managing cloud instances for Eucalyptus
Changed in euca2ools (Ubuntu): | |
importance: | Undecided → Medium |
Changed in eucalyptus: | |
assignee: | nobody → chris grzegorczyk (chris-grze) |
Changed in euca2ools (Ubuntu): | |
assignee: | nobody → Mitch Garnaat (mitch-garnaat) |
It also happens when using Landscape to manage the security groups of a UEC installation, so it looks like a server bug and not a client one.