Juniper Openstack

ContrailSecurity: Global scoped objects shouldnt be allowed to refer to local scoped objects

  1. Series r4.1
  2. Bug #1732801
Bug #1732801 reported by Senthilnathan Murugappan
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juniper Openstack
Status tracked in Trunk
R4.1
Fix Committed
High
Édouard Thuleau
Juniper Openstack r4.1.0.0-fcs "r4.1"
Trunk
Fix Committed
High
Édouard Thuleau
Juniper Openstack r5.0.0

Bug Description

A global scoped APS shouldnt be able to refer to local scoped firewall-policies or a
global scoped firewall-rule shouldnt be able to refer to local-scoped address-group or service-group or a virtual-network.

We need to add restrictions for the same.

See original description
Senthilnathan Murugappan (msenthil)
description: updated
Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] master

Review in progress for https://review.opencontrail.org/37681
Submitter: ?douard Thuleau (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R4.1

Review in progress for https://review.opencontrail.org/37693
Submitter: ?douard Thuleau (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/37693
Committed: http://github.com/Juniper/contrail-controller/commit/62392ceba825032003b8dbfceb97e0d47695676d
Submitter: Zuul (<email address hidden>)
Branch: R4.1

commit 62392ceba825032003b8dbfceb97e0d47695676d
Author: Édouard Thuleau <email address hidden>
Date: Mon Nov 20 16:03:50 2017 +0100

[config] Global firewall resource could not reference scoped resource

Don't allow global firewall resource to reference scoped one:
- global APS cannot reference scoped policy
- global policy cannot reference scoped rule
- global rule cannot reference scope virtual network
- global rule cannot reference scope address group
- global rule cannot reference scope service group

Change-Id: Ic62c55e9b4b7ba509fe7e10cd0fb4317deac4217
Closes-Bug: #1732801

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Reviewed: https://review.opencontrail.org/37681
Committed: http://github.com/Juniper/contrail-controller/commit/983080359cf1e01f9012cb180429040ad61ffb67
Submitter: Zuul (<email address hidden>)
Branch: master

commit 983080359cf1e01f9012cb180429040ad61ffb67
Author: Édouard Thuleau <email address hidden>
Date: Mon Nov 20 16:03:50 2017 +0100

[config] Global firewall resource could not reference scoped resource

Don't allow global firewall resource to reference scoped one:
- global APS cannot reference scoped policy
- global policy cannot reference scoped rule
- global rule cannot reference scope virtual network
- global rule cannot reference scope address group
- global rule cannot reference scope service group

Change-Id: Ic62c55e9b4b7ba509fe7e10cd0fb4317deac4217
Closes-Bug: #1732801

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.