OpenStack Compute (nova)

os-attach-interface returns a 500 when neutron policy forbids port creation

Bug #1603592 reported by Matt Riedemann
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Fix Released
Medium
Liyingjun
Mitaka
Confirmed
Low
Unassigned

Bug Description

From a test on our internal CI against mitaka:

root@uat-dal09-compute-316:~# nova-manage version
13.0.0

The tempest test failure:

http://paste.openstack.org/show/533818/

The attach_interface operation is an RPC call from nova-api to nova-compute. In our case, neutron policy was such that port creation failed:

http://paste.openstack.org/show/533819/

The Forbidden from neutron isn't handled in nova-api so we get a 500 back instead of a 403.

This is somewhat related to bug 1571722 and patch https://review.openstack.org/#/c/312014/ but that's fixing a 401 and a misconfiguration issue.

Tags: api neutron
Matt Riedemann (mriedem)
Changed in nova:
status: New → Confirmed
importance: Undecided → Medium
Liyingjun (liyingjun)
Changed in nova:
assignee: nobody → Liyingjun (liyingjun)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/345223

Changed in nova:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (master)

Reviewed: https://review.openstack.org/345223
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=ead6597274c088712b3992222d27faa663c67647
Submitter: Jenkins
Branch: master

commit ead6597274c088712b3992222d27faa663c67647
Author: liyingjun <email address hidden>
Date: Thu Jul 21 15:49:37 2016 +0800

    network: handle forbidden exception from neutron

    Neutron will raise a forbidden exception when the neutron policy is not
    allowed to for some operation like create_port. The operation is an RPC
    call from nova-api to nova-compute. The Forbidden from neutron isn't
    handled in nova-api so we get a 500 back instead of a 403. It should be
    a 403 in this case.

    Change-Id: Iea4feaeb7ea6860e892ef57a4443e814a74b1d9e
    Closes-bug: #1603592

Changed in nova:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/nova 14.0.0.0b3

This issue was fixed in the openstack/nova 14.0.0.0b3 development milestone.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.