OpenStack Dashboard (Horizon)

Can't create Port as Admin on an unshared Network in another project

Bug #1645708 reported by Rob Cresswell
48
This bug affects 7 people
Affects Status Importance Assigned to Milestone
OpenStack Dashboard (Horizon)
Fix Released
High
Akihiro Motoki
OpenStack Dashboard (Horizon) pike-rc2

Bug Description

https://github.com/openstack/horizon/blob/master/openstack_dashboard/api/neutron.py#L675 alters the network[subnets] value to be a list of Subnet objects instead of a list of unicode strings. Since the calling code has no idea what it will get back (thanks Python), it breaks in strange ways.

Specifically, the Create Port form expects a list of Subnet objects, not a list of strings and so falls about laughing https://github.com/openstack/horizon/blob/master/openstack_dashboard/dashboards/admin/networks/ports/forms.py#L150

The easiest way to recreate this is a standard devstack, log in as Admin, try to create a Port on the default Private network.

See original description
Rob Cresswell (robcresswell-deactivatedaccount)
description: updated
description: updated
Changed in horizon:
assignee: nobody → Rob Cresswell (robcresswell)
tags: added: mitaka-backport-potential newton-backport-potential
Changed in horizon:
importance: Undecided → High
milestone: none → ocata-2
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to horizon (master)

Fix proposed to branch: master
Review: https://review.openstack.org/404202

Changed in horizon:
status: New → In Progress
Rob Cresswell (robcresswell-deactivatedaccount)
Changed in horizon:
milestone: ocata-2 → next
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on horizon (master)

Change abandoned by David Lyle (<email address hidden>) on branch: master
Review: https://review.openstack.org/404202
Reason: This review is > 4 weeks without comment, and failed Jenkins the last time it was checked. We are abandoning this for now. Feel free to reactivate the review by pressing the restore button and leaving a 'recheck' comment to get fresh test results.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to horizon (master)

Fix proposed to branch: master
Review: https://review.openstack.org/446505

Changed in horizon:
assignee: Rob Cresswell (robcresswell) → Akihiro Motoki (amotoki)
Rob Cresswell (robcresswell-deactivatedaccount)
Changed in horizon:
milestone: next → pike-rc1
Akihiro Motoki (amotoki)
tags: removed: mitaka-backport-potential
Akihiro Motoki (amotoki)
Changed in horizon:
milestone: pike-rc1 → pike-rc2
tags: added: pike-backport-potential
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on horizon (master)

Change abandoned by Akihiro Motoki (<email address hidden>) on branch: master
Review: https://review.openstack.org/446505
Reason: Abandon In favor of https://review.openstack.org/#/c/465778/

Revision history for this message
Akihiro Motoki (amotoki) wrote :

https://review.openstack.org/#/c/465778/

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to horizon (master)

Reviewed: https://review.openstack.org/465778
Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=15d996f7e421c7de9ab4e87333a3c9824b307e5e
Submitter: Jenkins
Branch: master

commit 15d996f7e421c7de9ab4e87333a3c9824b307e5e
Author: Akihiro Motoki <email address hidden>
Date: Wed May 17 20:14:12 2017 +0000

    Allow admin to create port on networks of different projects

    Due to the change in the neutron API wrapper [1],
    admin cannot create a port on networks owned by different project.
    This is because api.neutron.network_get returns subnet detail
    (Subnet object) only when project_id matches that of a target network.
    This commit changes the logic to try to retrieve subnet detail first.
    The condition is not simple and it looks wise to let neutron decide it.

    The error reported in the bug also happens in the Port Create form
    in the project dashboard if a user tries to create a port on an
    external network. To handle the situation, handle() in CreatePort form
    honors whether subnet detail is retrieved or not by checking a subnet
    information is an instance of api.neutron.Subnet class.
    This is a bit tricky but considering the current policy for create_port
    I believe it is a good compromise.

    Also fixes the wrong initial value of 'specify_ip' field of CreatePort
    form. The initial value should be one of choices or None. Otherwise,
    when 'specify_ip' field is hidden, an error message is returned
    (though the message is not visible in the form), a user cannot submit
    the form and the form is displayed continuously....

    [1] commit 803209e237ea2987cfa2fad5f0e07a8c30d6d901

    Closes-Bug: #1645708
    Change-Id: I6aae0a29eedebc920247912fec0729bf47cda002

Changed in horizon:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/horizon 13.0.0.0b1

This issue was fixed in the openstack/horizon 13.0.0.0b1 development milestone.

Akihiro Motoki (amotoki)
tags: removed: newton-backport-potential
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to horizon (stable/pike)

Fix proposed to branch: stable/pike
Review: https://review.openstack.org/534350

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to horizon (stable/pike)

Reviewed: https://review.openstack.org/534350
Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=ed7c108df98b3537a1b2256eff8369ba4db0e377
Submitter: Zuul
Branch: stable/pike

commit ed7c108df98b3537a1b2256eff8369ba4db0e377
Author: Akihiro Motoki <email address hidden>
Date: Wed May 17 20:14:12 2017 +0000

    Allow admin to create port on networks of different projects

    Due to the change in the neutron API wrapper [1],
    admin cannot create a port on networks owned by different project.
    This is because api.neutron.network_get returns subnet detail
    (Subnet object) only when project_id matches that of a target network.
    This commit changes the logic to try to retrieve subnet detail first.
    The condition is not simple and it looks wise to let neutron decide it.

    The error reported in the bug also happens in the Port Create form
    in the project dashboard if a user tries to create a port on an
    external network. To handle the situation, handle() in CreatePort form
    honors whether subnet detail is retrieved or not by checking a subnet
    information is an instance of api.neutron.Subnet class.
    This is a bit tricky but considering the current policy for create_port
    I believe it is a good compromise.

    Also fixes the wrong initial value of 'specify_ip' field of CreatePort
    form. The initial value should be one of choices or None. Otherwise,
    when 'specify_ip' field is hidden, an error message is returned
    (though the message is not visible in the form), a user cannot submit
    the form and the form is displayed continuously....

    [1] commit 803209e237ea2987cfa2fad5f0e07a8c30d6d901

    Closes-Bug: #1645708
    Change-Id: I6aae0a29eedebc920247912fec0729bf47cda002
    (cherry picked from commit 15d996f7e421c7de9ab4e87333a3c9824b307e5e)

tags: added: in-stable-pike
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/horizon 12.0.3

This issue was fixed in the openstack/horizon 12.0.3 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.