Group Based Policy

inconsistent template ownership during chain creation

Bug #1432816 reported by Ivar Lazzaro
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Group Based Policy
Fix Released
High
Ivar Lazzaro

Bug Description

There is more than one way of forming a chain, including but not limited to:

- Providing a PRS;
- Consuming a PRS;
- Adding a REDIRECT rule to a PRS.

The above actions can be performed by multiple actors (tenants), especially when shared resources are involved.
The one who triggers the SC instantiation make becomes the owner of the chain instance (and its templates). This is not desirable, since this would mean that the same intent is generating 2 different final states.

The proposal is to always give the SC resource ownership to the Provider of the contract by refactoring the Heat client properly (A new member per tenant may be required).

Ivar Lazzaro (mmaleckk)
Changed in group-based-policy:
assignee: nobody → Ivar Lazzaro (mmaleckk)
Sumit Naiksatam (snaiksat)
Changed in group-based-policy:
status: New → Confirmed
importance: Undecided → High
milestone: none → kilo-gbp-3
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to group-based-policy (master)

Fix proposed to branch: master
Review: https://review.openstack.org/166424

Changed in group-based-policy:
status: Confirmed → In Progress
Sumit Naiksatam (snaiksat)
Changed in group-based-policy:
milestone: kilo-gbp-3 → next
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to group-based-policy (master)

Reviewed: https://review.openstack.org/166424
Committed: https://git.openstack.org/cgit/stackforge/group-based-policy/commit/?id=3becb34638a1ff52c29df6ddd721d9b945aa2200
Submitter: Jenkins
Branch: master

commit 3becb34638a1ff52c29df6ddd721d9b945aa2200
Author: Sumit Naiksatam <email address hidden>
Date: Fri Mar 20 16:53:11 2015 -0700

    Admin or Provider tenant to own implicit SCIs

    Whenever a Redirect action is provided/consumed GBP, the
    implicitly created SCI could be owned by different tenants
    depending on the actor triggering it.
    To make this consistent, this patch proposes to have a single
    configurable admin tenant that will own all the chain resources.
    When the said tenant is not configured, the provider PTG's
    tenant will be used instead.

    Change-Id: I4862b87c41b48344a53dbf72c004a8dc18c2aa99
    Closes-Bug: 1432816

Changed in group-based-policy:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to group-based-policy (stable/kilo)

Fix proposed to branch: stable/kilo
Review: https://review.openstack.org/230661

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to group-based-policy (stable/kilo)

Reviewed: https://review.openstack.org/230661
Committed: https://git.openstack.org/cgit/stackforge/group-based-policy/commit/?id=debadf861e794fb06a184e0798ead4825a86394a
Submitter: Jenkins
Branch: stable/kilo

commit debadf861e794fb06a184e0798ead4825a86394a
Author: Sumit Naiksatam <email address hidden>
Date: Fri Mar 20 16:53:11 2015 -0700

    Admin or Provider tenant to own implicit SCIs

    Whenever a Redirect action is provided/consumed GBP, the
    implicitly created SCI could be owned by different tenants
    depending on the actor triggering it.
    To make this consistent, this patch proposes to have a single
    configurable admin tenant that will own all the chain resources.
    When the said tenant is not configured, the provider PTG's
    tenant will be used instead.

    Closes-Bug: 1432816
    (cherry picked from commit 3becb34638a1ff52c29df6ddd721d9b945aa2200)

    Conflicts:
     gbpservice/network/neutronv2/local_api.py
     gbpservice/neutron/services/grouppolicy/drivers/resource_mapping.py

    Change-Id: I1344356d4192dbe25695993545dd156d893805cc

tags: added: in-stable-kilo
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to group-based-policy (stable/juno)

Fix proposed to branch: stable/juno
Review: https://review.openstack.org/230705

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to group-based-policy (stable/juno)

Reviewed: https://review.openstack.org/230705
Committed: https://git.openstack.org/cgit/stackforge/group-based-policy/commit/?id=62439a52d8d379ab7cb14eb241305ac1eece1847
Submitter: Jenkins
Branch: stable/juno

commit 62439a52d8d379ab7cb14eb241305ac1eece1847
Author: Sumit Naiksatam <email address hidden>
Date: Fri Mar 20 16:53:11 2015 -0700

    Admin or Provider tenant to own implicit SCIs

    Whenever a Redirect action is provided/consumed GBP, the
    implicitly created SCI could be owned by different tenants
    depending on the actor triggering it.
    To make this consistent, this patch proposes to have a single
    configurable admin tenant that will own all the chain resources.
    When the said tenant is not configured, the provider PTG's
    tenant will be used instead.

    Closes-Bug: 1432816
    (cherry picked from commit 3becb34638a1ff52c29df6ddd721d9b945aa2200)
    (cherry picked from commit debadf861e794fb06a184e0798ead4825a86394a)

    Conflicts:
     gbpservice/common/utils.py
     gbpservice/neutron/extensions/patch.py
     gbpservice/neutron/services/grouppolicy/drivers/resource_mapping.py
     gbpservice/neutron/services/servicechain/plugins/ncp/context.py
     gbpservice/neutron/tests/unit/db/grouppolicy/test_group_policy_db.py
     gbpservice/neutron/tests/unit/db/grouppolicy/test_servicechain_db.py
     gbpservice/neutron/tests/unit/services/grouppolicy/test_resource_mapping.py

    Change-Id: I117ade668d3ec01ed8b1b33b3c3a5b6060117082

tags: added: in-stable-juno
Sumit Naiksatam (snaiksat)
Changed in group-based-policy:
milestone: next → none
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.