Ubuntu Cloud Archive

FWaaS v2: removing 1 of few ports from a firewall group set it to INACTIVE

Bug #1832450 reported by Adit Sarfaty on 2019-06-12

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Ubuntu Cloud Archive	New	Undecided	Unassigned

Bug Description

When a firewall group has few router interface ports, and the user uses 'openstack firewall group unset <> --port <>' the firewall group is set to INACTIVE status.

The reason is here: https://opendev.org/openstack/neutron-fwaas/src/branch/master/neutron_fwaas/services/firewall/service_drivers/agents/agents.py#L329

To calculate last-port we need only to check if the new_firewall_group['ports'] is empty, and not the diff

This was tested with stable/stein

Revision history for this message

Adit Sarfaty (asarfaty) wrote on 2019-07-15:

Fixed on master branch with https://review.opendev.org/#/c/664825/
and on Stein with: https://review.opendev.org/#/c/667510/

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-09-19: Fix included in openstack/neutron-fwaas 15.0.0.0b1

This issue was fixed in the openstack/neutron-fwaas 15.0.0.0b1 development milestone.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-01-08: Fix included in openstack/neutron-fwaas 14.0.1

This issue was fixed in the openstack/neutron-fwaas 14.0.1 release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.