neutron

backward-incompat change in security group API: icmpv6 is not supported for protocol in Mitaka

Bug #1558774 reported by Akihiro Motoki
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Fix Released
High
Armando Migliaccio
neutron newton-1 "n1"

Bug Description

The patch https://review.openstack.org/#/c/252155/ adds various protocol names,
but the change itself is backward incompatible.

Previously we supported 'ipv6' for protocol to allow ICMPv6 specific type/code.
In the new code, we no longer use 'ipv6' and we need to use a newly added protocol name.

IMO it is better to keep the backward compatiblity.
If we keep the new behavior, at least we MUST mention this backward-incompatible change in the release note.

Hirofumi Ichihara (ichihara-hirofumi)
tags: added: mitaka-rc-potential
Changed in neutron:
milestone: mitaka-rc1 → newton-1
tags: added: ipv6
Revision history for this message
Armando Migliaccio (armando-migliaccio) wrote :

Akihiro: are you talking about the API that other plugin implementers use? Is this a user facing issue? Can you elaborate more on what you mean?

Revision history for this message
Armando Migliaccio (armando-migliaccio) wrote :

Are you saying we lost the ability to specify ICMP_v6? That's the only one I could see missing.

https://review.openstack.org/#/c/252155/14/neutron/common/constants.py

Revision history for this message
Akihiro Motoki (amotoki) wrote :

Armando,

I am talking about the API behavior. 'icmpv6' is no longer allowed.
'icmpv6' (ICMP_v6 constant) is the only one I see.
A user need to know what version of neutron is running in a cloud for IPv6 ICMP.
(In neutronclient, the client patch is not merged yet.)

Possible solutions are:

(1) Keep the new behavior
(2) Revert the new behavior
(3) Allow "icmpv6" to the new behavior

I think (3) is reasonable.

Revision history for this message
Armando Migliaccio (armando-migliaccio) wrote :

Yes, let see what the fix looks like, can you take care of that?

Revision history for this message
Akihiro Motoki (amotoki) wrote :

I confirmed the fix would be simple. I will post a fix soon.
IP_PROTOCOL_MAP now comes from neutron-lib, and it took time a bit.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.openstack.org/294460

Changed in neutron:
status: New → In Progress
OpenStack Infra (hudson-openstack)
Changed in neutron:
assignee: Akihiro Motoki (amotoki) → Armando Migliaccio (armando-migliaccio)
Hirofumi Ichihara (ichihara-hirofumi)
tags: added: mitaka-backport-potential
removed: mitaka-rc-potential
Revision history for this message
Armando Migliaccio (armando-migliaccio) wrote :

@Hirofumi: can I ask you why you replaced the rc-potential tag? I think we want to cut RC2 with a fix to this bug.

tags: added: mitaka-rc-potential
removed: mitaka-backport-potential
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.openstack.org/294460
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=85d638af455ae881ca45d2d390606ef1df5904b1
Submitter: Jenkins
Branch: master

commit 85d638af455ae881ca45d2d390606ef1df5904b1
Author: Akihiro Motoki <email address hidden>
Date: Fri Mar 18 17:41:23 2016 +0900

    Accept icmpv6 as protocol of SG rule for backward compatibility

    The patch https://review.openstack.org/#/c/252155/ renamed
    'icmpv6' protocol to 'ipv6-icmp'.
    This leads to backward compatiblity of the security group API.
    This commit allows to specify 'icmpv6' as well.

    TODO(amotoki): The constant for 'icmpv6' will be moved to
    neutron-lib soon after Mitaka is shipped.

    Change-Id: I0d7e1cd9fc075902449c5eb5ef27069083ab95d4
    Closes-Bug: #1558774

Changed in neutron:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/294853

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/mitaka)

Reviewed: https://review.openstack.org/294853
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=165aa828b1cb63cb8be86ec081cea64aa8ada48c
Submitter: Jenkins
Branch: stable/mitaka

commit 165aa828b1cb63cb8be86ec081cea64aa8ada48c
Author: Akihiro Motoki <email address hidden>
Date: Fri Mar 18 17:41:23 2016 +0900

    Accept icmpv6 as protocol of SG rule for backward compatibility

    The patch https://review.openstack.org/#/c/252155/ renamed
    'icmpv6' protocol to 'ipv6-icmp'.
    This leads to backward compatiblity of the security group API.
    This commit allows to specify 'icmpv6' as well.

    TODO(amotoki): The constant for 'icmpv6' will be moved to
    neutron-lib soon after Mitaka is shipped.

    Change-Id: I0d7e1cd9fc075902449c5eb5ef27069083ab95d4
    Closes-Bug: #1558774
    (cherry picked from commit 85d638af455ae881ca45d2d390606ef1df5904b1)

tags: added: in-stable-mitaka
Revision history for this message
Thierry Carrez (ttx) wrote : Fix included in openstack/neutron 8.0.0.0rc2

This issue was fixed in the openstack/neutron 8.0.0.0rc2 release candidate.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.openstack.org/302570

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)
Download full text (11.4 KiB)

Reviewed: https://review.openstack.org/302570
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=03ccdd6a6d8e4cea9145e39dd7a1614656024aed
Submitter: Jenkins
Branch: master

commit 3213eb124e40b130e174ac3a91067e2b196788dd
Author: Cedric Brandily <email address hidden>
Date: Tue Mar 29 18:06:44 2016 +0200

    Support Routes==2.3

    SubMapper.connect allows in Routes<=2.2 to define routes with/without a
    name:

     map.connect(route_name, route_path)
     map.connect(route_path)

    Routes==2.3 SubMapper.connect now requires a route name (but not
    Mapper.connect). This change adds a route name when needed to support
    Routes<=2.2 and Routes==2.3.

    Closes-Bug: #1563028
    Change-Id: I655bfe7f047945896d63dd94c584acfe60d81b38
    (cherry picked from commit c6efa6292cac9267428366dc3cee00f6fc73e208)

commit 4283a7e36b74823f229400f0f049742f630db28b
Author: Ihar Hrachyshka <email address hidden>
Date: Wed Mar 30 11:48:37 2016 +0200

    Constraint requirements using mitaka upper-constraints.txt file

    Change-Id: I6a908470987ce05769c425c4623df404cef76a10

commit fc690974480611242d4fc6e1deaaf68171fcaed3
Author: OpenStack Proposal Bot <email address hidden>
Date: Wed Mar 30 06:21:15 2016 +0000

    Imported Translations from Zanata

    For more information about this automatic import see:
    https://wiki.openstack.org/wiki/Translations/Infrastructure

    Change-Id: I78c24969927224277f381532ad2604cfde8741fc

commit 41be555eddb0f9947fdaa4e73fa74a72677d4d11
Author: OpenStack Proposal Bot <email address hidden>
Date: Tue Mar 29 06:07:19 2016 +0000

    Imported Translations from Zanata

    For more information about this automatic import see:
    https://wiki.openstack.org/wiki/Translations/Infrastructure

    Change-Id: Iafa43bfcfca4d6af0d0866206c07fa817f567de6

commit b435ec56af98d2c04de37dd779ed3613ec4583ad
Author: OpenStack Proposal Bot <email address hidden>
Date: Mon Mar 28 06:07:02 2016 +0000

    Imported Translations from Zanata

    For more information about this automatic import see:
    https://wiki.openstack.org/wiki/Translations/Infrastructure

    Change-Id: I9e908579b4704c4294367113523b898839586426

commit bec65f6cdd159ec252c4aa0a63aabc9aea8fcfba
Author: YAMAMOTO Takashi <email address hidden>
Date: Fri Mar 25 15:25:39 2016 +0900

    api tests: Check correct extensions

    auto_allocate -> auto-allocated-topology
    rbac_policies -> rbac-policies

    Closes-Bug: #1561858

    (cherry picked from commit 9d3bab6b8d6b2122732faeb66f831927bee0ac7e)
    Change-Id: Ied13e52bf78afe571f7243e93005bf5c68fe44db

commit f0c3b19165a5ca73ea8f1dc0ddaad290eee35039
Author: OpenStack Proposal Bot <email address hidden>
Date: Fri Mar 25 06:06:36 2016 +0000

    Imported Translations from Zanata

    For more information about this automatic import see:
    https://wiki.openstack.org/wiki/Translations/Infrastructure

    Change-Id: Idb22eac32944a088d24f4d44e537d9bba09dbcc2

commit 99915fa76bd4ce13e0d36059616ba357f4f54ee2
Author: Hynek Mlnarik <email address hidden>
Date: Thu Mar...

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to neutron-lib (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/309669

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to neutron-lib (master)

Reviewed: https://review.openstack.org/309669
Committed: https://git.openstack.org/cgit/openstack/neutron-lib/commit/?id=55498ff6a25500bdfda2f88103ab1795e61d51f7
Submitter: Jenkins
Branch: master

commit 55498ff6a25500bdfda2f88103ab1795e61d51f7
Author: Akihiro Motoki <email address hidden>
Date: Sat Apr 23 17:30:27 2016 +0900

    Define legacy ICMPv6 protocol name 'icmpv6' for backward compaty

    Follow-up patch of https://review.openstack.org/#/c/294460/

    Change-Id: Iec9a48cef39c3e35de49ef3f62182e50eebbe3db
    Related-Bug: #1558774

Revision history for this message
Doug Hellmann (doug-hellmann) wrote : Fix included in openstack/neutron 9.0.0.0b1

This issue was fixed in the openstack/neutron 9.0.0.0b1 development milestone.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.