neutron

tenants seem like they were able to detach admin enforced QoS policies from ports or networks

Bug #1486607 reported by Miguel Angel Ajo on 2015-08-19

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	neutron	Fix Released	Medium	Nate Johnston

Bug Description

NOTE: Even if the API responds with "ok" to the port update, it's not really changing the admin enforced policy, we should just provide a better
error / response code.

If the CSP is using manually tagging specific tenant networks to follow specific qos profiles, a tenant could use

neutron port-update <port-id> --no-qos-policy

neutron net-update <net-id> --no-qos-policy

It will seem like if the port or net was correctly updated, but it isn't. We can lower the importance of this bug to low/medium.

See original description

Tags:

Revision history for this message

changzhi (changzhi) wrote on 2015-08-19:

Even admin tenant can not update other tenant's resource?

yong sheng gong (gongysh) on 2015-08-20

Changed in neutron:
assignee:	nobody → yong sheng gong (gongysh)

Revision history for this message

Miguel Angel Ajo (mangelajo) wrote on 2015-08-21:

admin should be able to do it, but not tenants (when it's not their own policy).

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-08-26: Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.openstack.org/217092

Changed in neutron:
status:	New → In Progress

OpenStack Infra (hudson-openstack) on 2015-09-15

Changed in neutron:
assignee:	yong sheng gong (gongysh) → Tong Li (litong01)

OpenStack Infra (hudson-openstack) on 2015-09-16

Changed in neutron:
assignee:	Tong Li (litong01) → yong sheng gong (gongysh)

Kyle Mestery (mestery) on 2015-09-17

Changed in neutron:
milestone:	none → liberty-rc1
importance:	Undecided → High

Kyle Mestery (mestery) on 2015-09-21

Changed in neutron:
milestone:	liberty-rc1 → mitaka-1

Miguel Angel Ajo (mangelajo) on 2015-09-22

summary:	- tenants are able to detach admin enforced QoS policies from ports or - networks + tenants seem like they were able to detach admin enforced QoS policies + from ports or networks
description:	updated
description:	updated

Miguel Angel Ajo (mangelajo) on 2015-10-09

Changed in neutron:
importance:	High → Low

Armando Migliaccio (armando-migliaccio) on 2015-12-03

Changed in neutron:
milestone:	mitaka-1 → mitaka-2

Armando Migliaccio (armando-migliaccio) on 2016-01-20

Changed in neutron:
milestone:	mitaka-2 → mitaka-3

Armando Migliaccio (armando-migliaccio) on 2016-03-03

Changed in neutron:
milestone:	mitaka-3 → mitaka-rc1

Armando Migliaccio (armando-migliaccio) on 2016-03-03

Changed in neutron:
milestone:	mitaka-rc1 → none
assignee:	yong sheng gong (gongysh) → nobody
status:	In Progress → Incomplete
importance:	Low → Undecided

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-03-12: Change abandoned on neutron (master)

Change abandoned by Armando Migliaccio (<email address hidden>) on branch: master
Review: https://review.openstack.org/217092
Reason: This review is > 4 weeks without comment, and failed Jenkins the last time it was checked. We are abandoning this for now. Feel free to reactivate the review by pressing the restore button and leaving a 'recheck' comment to get fresh test results.

Revision history for this message

Armando Migliaccio (armando-migliaccio) wrote on 2016-03-12:

If you are still working on this please resume, or allow someone else to pick this up.

Miguel Angel Ajo (mangelajo) on 2016-03-18

Changed in neutron:
status:	Incomplete → Confirmed
importance:	Undecided → Low

Miguel Angel Ajo (mangelajo) on 2016-04-06

Changed in neutron:
importance:	Low → Medium
assignee:	nobody → Nate Johnston (nate-johnston)
tags:	added: mitaka-backport-potential
tags:	added: liberty-backport-potentiall

OpenStack Infra (hudson-openstack) on 2016-04-07

Changed in neutron:
status:	Confirmed → In Progress

OpenStack Infra (hudson-openstack) on 2016-04-15

Changed in neutron:
assignee:	Nate Johnston (nate-johnston) → Margaret Frances (margaret-frances)

OpenStack Infra (hudson-openstack) on 2016-04-18

Changed in neutron:
assignee:	Margaret Frances (margaret-frances) → Nate Johnston (nate-johnston)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-06-15: Fix merged to neutron (master)

Reviewed: https://review.openstack.org/217092
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=4ec6932c93764fd7731928f1faa24b6c88fa9493
Submitter: Jenkins
Branch: master

commit 4ec6932c93764fd7731928f1faa24b6c88fa9493
Author: Tong Li <email address hidden>
Date: Tue Sep 15 17:23:42 2015 -0400

Respond negatively to tenant detachment of enforced QoS policies

    Currently when the tenant attempts to detach an enforced QoS policy
    for a port or network set by admin, the attempt fails but the API
    feedback indicates that it was successful. This change will
    fix the API response so the failure is accurately signalled
    to the tenant.

    Co-Authored-By: litong01 <email address hidden>
    Co-Authored-By: gong yong sheng <gong.yongsheng@99cloud.net>
    Co-Authored-By: Nate Johnston <email address hidden>
    Co-Authored-By: Margaret Frances <email address hidden>

Change-Id: I977feecc6cce378abc1e6092afbaf9f2681b2ec6
Closes-bug: #1486607

Changed in neutron:
status:	In Progress → Fix Released

Revision history for this message

Doug Hellmann (doug-hellmann) wrote on 2016-07-13: Fix included in openstack/neutron 9.0.0.0b2

This issue was fixed in the openstack/neutron 9.0.0.0b2 development milestone.

Revision history for this message

Ihar Hrachyshka (ihar-hrachyshka) wrote on 2016-10-07:

Mitaka is now critical/CVE only.

tags:	removed: liberty-backport-potentiall
tags:	removed: mitaka-backport-potential

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.