Shared firewall from admin is not working in other tenant's network
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Confirmed
|
Medium
|
Xurong Yang |
Bug Description
Firewall created with shared = true from admin is not taking effect on tenant's network
Steps to Reproduce:
1) create two network n1,n2 (having subnet s1 and s2 respectively) and attach it to the router r1 from admin tenant
2) create vm1 and vm2 on each network n1 and n2 from admin tenant
3) create a firewall rule r1 with protocol = icmp and action = deny from admin tenant
4) create a firewall policy p1 with the above firewall rule r1 from admin tenant
5) create a firewall f1 with the polciy p1 and shared=true from admin tenant
6) create two network n3,n4 (having subnet s3 and s4 respectively) and attach it to the router r2 from member tenant
7) create vm3 and vm4 on each network n3 and n4 from admin tenant
8) ping from vm1 to vm2 fails since the firewall rule r1 takes effect
Actual Results:
ping from vm3 to vm4 succeeds
shared firewall f1 and its rules r1 are not visible from tenants
Expected Results:
ping from vm3 to vm4 should fail since the firewall is shared from admin
and also shared firewall f1 and it rules r1 should be visible from tenant
description: | updated |
tags: | added: fwaas |
Changed in neutron: | |
assignee: | nobody → Xurong Yang (idopra) |
I think 'shared' attribute is something that needs to be clarified for firewall resource.
Per existing code having shared firewall doesn't mean it is automatically applied for every tenant/every network, and this is exactly the case in bug description.