Juniper Openstack

tempest-RHOSP10:external network subnets shouldn't be visible to user , user should see only network

Bug #1686547 reported by shajuvk on 2017-04-26

12

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	Juniper Openstack	Status tracked in Trunk
	R3.2	Invalid	Medium	shajuvk	Juniper Openstack r3.2.4.0
	R4.0	Invalid	Medium	shajuvk	Juniper Openstack r4.0.1.0 "r4.0.1.0"
	Trunk	Invalid	Medium	shajuvk	Juniper Openstack r4.1.0.0-fcs "r4.1"

Bug Description

Tempest test case : def test_external_network_visibility : is failing due to subnets are visible to user.

github test case location: https://github.com/openstack/tempest/blob/master/tempest/api/network/test_networks.py

external network subnet shouldn't be visible to user, only network name should be visible to user.

Tags:

shajuvk (shajuvk) on 2017-04-26

information type:

Proprietary → Public

Jeba Paulaiyan (jebap) on 2017-06-13

tags:

added: blocker

Revision history for this message

Édouard Thuleau (ethuleau) wrote on 2017-06-22:

#1

https://github.com/openstack/tempest/blob/master/tempest/api/network/test_networks.py#L376

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-06-22: [Review update] master

#2

Review in progress for https://review.opencontrail.org/33105
Submitter: ?douard Thuleau (<email address hidden>)

Revision history for this message

Édouard Thuleau (ethuleau) wrote on 2017-06-30:

#6

I tested on 3.2, 4.0 and master, I cannot reproduce the issue.
I tried with tempest's master branch and the test tempest.api.network.test_networks.NetworksTest.test_external_network_visibility always succeed.

I also try manually. A non admin user can list/show public networks and obtains the subnet UUIDs associated to that networks but he cannot list/show that subnet UUIDs. I also check with an OpenStack classic deployment from the Ocata release (Neutron with ML2/OVS) and that confirm what I explained above.

Revision history for this message

shajuvk (shajuvk) wrote on 2017-07-12:

#7

Please find the testbed details.
Test needs to run from node : ssh stack@10.87.67.42 . source /home/stack/stackrc

   root@undercloud-new tempest]# pwd
   /tmp/tmpest_test_copy/tempest =========è go to this path
  [root@undercloud-new tempest]# sudo ./run_tempest.sh -d -N -C /etc/redhat-certification-openstack/tempest.conf --serial tempest.api.network.test_networks.NetworksTest.test_external_network_visibility.

To access contail api and neutron server first needs to login to ssh stack@10.87.67.42 then source stackrc.
Ssh heat-admin@10.87.67.20 === > api server . For root access use command sudo su
heat-admin@10.87.67.24 =====è neutron server

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-07-13:

#8

Review in progress for https://review.opencontrail.org/33589
Submitter: Sachin Bansal (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-07-13: [Review update] R4.0

#10

Review in progress for https://review.opencontrail.org/33602
Submitter: Sachin Bansal (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-07-13: [Review update] R3.2

#12

Review in progress for https://review.opencontrail.org/33603
Submitter: Sachin Bansal (<email address hidden>)

Revision history for this message

Édouard Thuleau (ethuleau) wrote on 2017-07-13:

#14

The contrail neutron plugin is not buggy.
The issue here is the tempest test is running on an external network which is also shared. And in neutron, subnets can be list/read by all project if its associated network is shared.

http://paste.openstack.org/show/615303/

The bug here is in tempest which should verify the network is not shared before running that test.

Revision history for this message

Sachin Bansal (sbansal) wrote on 2017-07-14:

#15

As per comment #14, requesting to test with setting shared=False for public network and if it works, we can close this bug as invalid.

Revision history for this message

shajuvk (shajuvk) wrote on 2017-07-17:

#16

This moving to invalid since the test infra has the public which was set True. setting tempest-public network with shared as 'False'.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.