Unique check in allowed address pair's extension not work well

Bug #1373756 reported by Wei Wang
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Fix Released
Undecided
Wei Wang

Bug Description

Test this case:

Assume a port's mac_address is 12:34:56:78:aa:bb

Then put these to allowed address pair:
[{"ip_address": "10.0.0.1"},
 {"ip_address": "10.0.0.1",
   "mac_address": "12:34:56:78:aa:bb"}]

This can pass in extension's validator, but will cause error in db, for mac_address is None in extension, but conver to
port's real mac_address in db.

Unit test code:

    def test_update_add_none_and_own_mac_address_pairs(self):
        with self.network() as net:
            res = self._create_port(self.fmt, net['network']['id'])
            port = self.deserialize(self.fmt, res)
            mac_address = port['port']['mac_address']
            address_pairs = [{'ip_address': '10.0.0.1'},
                             {'mac_address': mac_address,
                              'ip_address': '10.0.0.1'}]
            update_port = {'port': {addr_pair.ADDRESS_PAIRS:
                                    address_pairs}}
            req = self.new_update_request('ports', update_port,
                                          port['port']['id'])
            res = req.get_response(self.api)
            self.assertEqual(res.status_int, 400)
            self._delete('ports', port['port']['id'])

Wei Wang (damon-devops)
description: updated
Changed in neutron:
assignee: nobody → Wei Wang (damon-devops)
Changed in neutron:
status: New → In Progress
description: updated
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.openstack.org/172875

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on neutron (master)

Change abandoned by Kyle Mestery (<email address hidden>) on branch: master
Review: https://review.openstack.org/124004
Reason: This review is > 4 weeks without comment, and failed Jenkins the last time it was checked. We are abandoning this for now. Feel free to reactivate the review by pressing the restore button and leaving a 'recheck' comment to get fresh test results.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.openstack.org/124004
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=1025baec55235bf4981872390f1bb65f4e3ae7e6
Submitter: Jenkins
Branch: master

commit 1025baec55235bf4981872390f1bb65f4e3ae7e6
Author: Wei Wang <email address hidden>
Date: Thu Sep 25 17:49:59 2014 +0800

    Fix duplicate entry catch for allowed address pairs

    If None is submitted as a MAC address in an allowed_address_pair,
    the port MAC will be used. So if two entries are submitted with the
    same IP and one's MAC is None while the others is the port's MAC,
    they will pass the API duplication check and fail to insert into the DB
    due to a unique constraint violation.

    This patch catches the db error and turns it into the same exception
    the API uses on duplicate entries.

    Closes-bug: #1373756
    Change-Id: Ide995810d6fe0481d3add206bf0674cbbde7f05f

Changed in neutron:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (feature/pecan)

Fix proposed to branch: feature/pecan
Review: https://review.openstack.org/201131

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (feature/pecan)
Download full text (8.8 KiB)

Reviewed: https://review.openstack.org/201131
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=3a9975cbc30d9253b96cec9e079b411add184ec1
Submitter: Jenkins
Branch: feature/pecan

commit c27e66cc7c3427dfbc1e390693c6b0a3e656c783
Author: YAMAMOTO Takashi <email address hidden>
Date: Fri Jun 19 16:28:23 2015 +0900

    Reject router-interface-add with a port which doesn't have any addresses

    Fix a regression in commit I7d4e8194815e626f1cfa267f77a3f2475fdfa3d1 .

    Closes-Bug: #1466750
    Related-Bug: #1439824
    Change-Id: Ic0c4c0adbffe14b1f08d4b2dee91e1dff41cc770

commit 83cac810f00933d8b22f17cdcc20094e1d27a018
Author: OpenStack Proposal Bot <email address hidden>
Date: Sat Jul 11 06:09:29 2015 +0000

    Imported Translations from Transifex

    For more information about this automatic import see:
    https://wiki.openstack.org/wiki/Translations/Infrastructure

    Change-Id: I33a9e5a28666a295dd24f6c482b9805b33d0ca69

commit 5b066a237ec0918d882ef2455aef4f2f9cb0606c
Author: Ihar Hrachyshka <email address hidden>
Date: Fri Jul 10 14:07:09 2015 +0200

    Enforce specific order for firewall.(un)filtered_ports and devices

    Lots of tests in the file rely on specific order of devices and ports
    with which they are iterated thru inside firewall implementation. This
    is needed to match a regexp against iptables output generated by the
    firewall driver.

    In production code, those .(un)filtered_ports dictionaries are
    unordered, and it would be not wise to enforce the order for them just
    for the sake of those unit tests.

    Instead, we 'patch' the agent firewall with ordered versions of dict for
    those attributes.

    Also enforce specific order for device_info dictionaries we pass into
    firewall.

    The failure was easily reproducible with PYTHONHASHSEED=111, and after
    the fix, it's gone.

    While at it, stop making assumptions about stable order of dict.values()
    between multiple dictionaries with the same keys. It may actually work
    for now, but it seems fragile. Overall simplified regex construction
    code a bit, f.e. killing some dead or redundant code.

    Closes-Bug: #1473413
    Change-Id: I170087426bc961592b4c4923c64a5fea30d51c21

commit dfbe804994a576994768c95720b4f0ba53e313d7
Author: Dan Prince <email address hidden>
Date: Thu Jul 9 15:31:13 2015 -0400

    get_vif_ports: ignore non-Interface ports

    This patch updates get_vif_ports so that it skips
    ports which aren't in the 'Interfaces' table.

    This fixes an issue where neutron-ovs-cleanup would
    fail if any sort of OVS bond was on the bridge getting
    cleaned up. This is because bonds don't have the same
    attributes as ports, and thus fail subsequent ovs-vsctl
    queries.

    Change-Id: Ic9d30e5916122ce23c5dc8631fbb71115ae8a960
    Closes-bug: #1473179

commit 1025baec55235bf4981872390f1bb65f4e3ae7e6
Author: Wei Wang <email address hidden>
Date: Thu Sep 25 17:49:59 2014 +0800

    Fix duplicate entry catch for allowed address pairs

    If None is submitted as a MAC address in an allowed_address_pair,
 ...

Read more...

tags: added: in-feature-pecan
Changed in neutron:
milestone: none → liberty-2
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in neutron:
milestone: liberty-2 → 7.0.0
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/kilo)

Fix proposed to branch: stable/kilo
Review: https://review.openstack.org/297042

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on neutron (stable/kilo)

Change abandoned by Dave Walker (<email address hidden>) on branch: stable/kilo
Review: https://review.openstack.org/297042
Reason:
stable/kilo closed for 2015.1.4

This release is now pending its final release and no freeze exception has
been seen for this changeset. Therefore, I am now abandoning this change.

If this is not correct, please urgently raise a thread on openstack-dev.

More details at: https://wiki.openstack.org/wiki/StableBranch

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.