neutron

FWaaS V2 removing a port from the FW group set the FWG to INACTIVE

Bug #1817455 reported by Adit Sarfaty
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
neutron
Fix Released
Undecided
zhanghao

Bug Description

Creating a firewall group with policies and 2 interface ports.
Now removing 1 of the ports using:
openstack firewall group unset <fwg> --port <port-id>
the firewall group is updated, and now has only 1 interface port, but its status is changed to INACTIVE.

The reason seems to be in update_firewall_group_postcommit: https://github.com/openstack/neutron-fwaas/blob/master/neutron_fwaas/services/firewall/service_drivers/agents/agents.py#L329
last-port is set to True if no new ports are added, instead of setting it to True only if there are no ports left.

zhanghao (zhanghao2)
Changed in neutron:
assignee: nobody → zhanghao (zhanghao2)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron-fwaas (master)

Fix proposed to branch: master
Review: https://review.opendev.org/670496

Changed in neutron:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron-fwaas (master)

Reviewed: https://review.opendev.org/670496
Committed: https://git.openstack.org/cgit/openstack/neutron-fwaas/commit/?id=90a2707ccffd2175d76e0e2ac5a4cd87e5faa7ef
Submitter: Zuul
Branch: master

commit 90a2707ccffd2175d76e0e2ac5a4cd87e5faa7ef
Author: zhanghao2 <email address hidden>
Date: Fri Jul 12 07:08:28 2019 -0400

    Fix bug when removing a port from the firewall group

    When removing a port from the firewall group, the last port is detected as
    true or false based on the old port and the new port, but it ignores the
    specific number of ports, which causes the fwg status to be inactive regardless
    of whether there is a port after the firewall group is reset.

    Change-Id: I887e06893f3e11031548767272e95afee40462d8
    Closes-Bug: #1817455

Changed in neutron:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron-fwaas 15.0.0.0b1

This issue was fixed in the openstack/neutron-fwaas 15.0.0.0b1 development milestone.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.