Group Based Policy

GBP: Resource intergrity fails between policy-rule-set & external-policy

Bug #1489090 reported by puppet-py
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Group Based Policy
Fix Released
High
Magesh GV
Group Based Policy liberty-1 "l1"

Bug Description

If a policy-rule-set is created and in turn consumed/provided by an External-Policy, then we allow the deletion of the in-use Policy-Rule-Sets.
Expectation: The deletion of the in-use Policy-Rule-Set should fail

Please find the sequence of execution below:

[root@f3-controller ~(keystone_admin)]#
[root@f3-controller ~(keystone_admin)]# gbp external-policy-show ext-pol-1
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| consumed_policy_rule_sets | 576645f2-df8f-457b-9f22-66b9b7f95844 | <<<<<
| description | |
| external_segments | d1bc7d4b-664d-434c-9fc1-4b09edf3dcbe |
| id | 50f14746-3fb2-4ccd-b8cd-ae6f620fb5cf |
| name | ext-pol-1 |
| provided_policy_rule_sets | 576645f2-df8f-457b-9f22-66b9b7f95844 | <<<<
| shared | False |
| tenant_id | 4c4227827cce441481b041657d1a1595 |
+---------------------------+--------------------------------------+
[root@f3-controller ~(keystone_admin)]#
[root@f3-controller ~(keystone_admin)]# gbp policy-rule-set-delete 576645f2-df8f-457b-9f22-66b9b7f95844 <<<<<
Deleted policy_rule_set: 576645f2-df8f-457b-9f22-66b9b7f95844
[root@f3-controller ~(keystone_admin)]#
[root@f3-controller ~(keystone_admin)]#
[root@f3-controller ~(keystone_admin)]# vim /var/log/neutron/server.log
[root@f3-controller ~(keystone_admin)]# gbp external-policy-show ext-pol-1
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| consumed_policy_rule_sets | |
| description | |
| external_segments | d1bc7d4b-664d-434c-9fc1-4b09edf3dcbe |
| id | 50f14746-3fb2-4ccd-b8cd-ae6f620fb5cf |
| name | ext-pol-1 |
| provided_policy_rule_sets | |
| shared | False |
| tenant_id | 4c4227827cce441481b041657d1a1595 |
+---------------------------+--------------------------------------+
[root@f3-controller ~(keystone_admin)]#

Sumit Naiksatam (snaiksat)
Changed in group-based-policy:
status: New → Confirmed
importance: Undecided → High
milestone: none → liberty-1
Sumit Naiksatam (snaiksat)
Changed in group-based-policy:
assignee: nobody → Magesh GV (magesh-gv)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to group-based-policy (master)

Fix proposed to branch: master
Review: https://review.openstack.org/244668

Changed in group-based-policy:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to group-based-policy (master)

Reviewed: https://review.openstack.org/244668
Committed: https://git.openstack.org/cgit/openstack/group-based-policy/commit/?id=155a8271ca08c37c459cc5f3415e527c5a348440
Submitter: Jenkins
Branch: master

commit 155a8271ca08c37c459cc5f3415e527c5a348440
Author: mageshgv <email address hidden>
Date: Thu Nov 12 19:22:31 2015 +0530

    Reject deletion of PRS in use by External Policy

    Change-Id: I94f4e4ab824bac52a4a4e07390afd75349b995a5
    Closes-Bug: #1489090

Changed in group-based-policy:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to group-based-policy (stable/kilo)

Fix proposed to branch: stable/kilo
Review: https://review.openstack.org/246487

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to group-based-policy (stable/juno)

Fix proposed to branch: stable/juno
Review: https://review.openstack.org/246490

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to group-based-policy (stable/kilo)

Reviewed: https://review.openstack.org/246487
Committed: https://git.openstack.org/cgit/openstack/group-based-policy/commit/?id=e9ae958a998c01d1eb2b698d16bffb1625ab7287
Submitter: Jenkins
Branch: stable/kilo

commit e9ae958a998c01d1eb2b698d16bffb1625ab7287
Author: mageshgv <email address hidden>
Date: Thu Nov 12 19:22:31 2015 +0530

    Reject deletion of PRS in use by External Policy

    Change-Id: I94f4e4ab824bac52a4a4e07390afd75349b995a5
    Closes-Bug: #1489090
    (cherry picked from commit 155a8271ca08c37c459cc5f3415e527c5a348440)

tags: added: in-stable-kilo
tags: added: in-stable-juno
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to group-based-policy (stable/juno)

Reviewed: https://review.openstack.org/246490
Committed: https://git.openstack.org/cgit/openstack/group-based-policy/commit/?id=cbaa70a2eb3bed31e8ec780151cc6a3ffd876423
Submitter: Jenkins
Branch: stable/juno

commit cbaa70a2eb3bed31e8ec780151cc6a3ffd876423
Author: mageshgv <email address hidden>
Date: Thu Nov 12 19:22:31 2015 +0530

    Reject deletion of PRS in use by External Policy

    Change-Id: I94f4e4ab824bac52a4a4e07390afd75349b995a5
    Closes-Bug: #1489090
    (cherry picked from commit 155a8271ca08c37c459cc5f3415e527c5a348440)
    (cherry picked from commit e9ae958a998c01d1eb2b698d16bffb1625ab7287)

Sumit Naiksatam (snaiksat)
Changed in group-based-policy:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.