Admin apis for the provider firewall is broken

Bug #915403 reported by Deepak Garg
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Fix Released
Undecided
Vish Ishaya

Bug Description

Hi All,

I am implementing the blueprint: xenapi-provider-firewall ( https://blueprints.launchpad.net/nova/+spec/xenapi-provider-firewall ) and on my way to testing it I found the api calls fairly broken:

    a. remove_external_address_block returned 'OK' on removing blocks which didn't exist.
    b. block_external_addresses raised exception earlier on duplicate network blocks. It should be returning a 'failed' status message.
    c. On successful call, a dictionary is returned with msg=OK, so on an unsuccessful call, it should return a dictionary with a failed status message. This part needs to be implemented for the provider apis.
    d. say, I block ' 10.10.10.11/24'. In db the value will be '10.10.10.11/24' but in iptables it will be ' 10.10.10.0/24'. This behavior should be changed to keep the value in sync i.e. 10.10.10.0/24 both in db and iptables, otherwise it gets really confusing.

I am planning to post the fix for this along with the provider firewall blueprint implementation.

Please let know if anybody has any comments.

Changed in nova:
status: New → In Progress
Changed in nova:
assignee: nobody → Deepak Garg (deepak.garg)
Changed in nova:
assignee: Deepak Garg (deepak.garg) → Ewan Mellor (ewanmellor)
Changed in nova:
assignee: Ewan Mellor (ewanmellor) → Vish Ishaya (vishvananda)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (master)

Reviewed: https://review.openstack.org/3207
Committed: http://github.com/openstack/nova/commit/fe1c97ff4c36d1cc2642d9a485f82874e4b3bda2
Submitter: Jenkins
Branch: master

commit fe1c97ff4c36d1cc2642d9a485f82874e4b3bda2
Author: Deepak Garg <email address hidden>
Date: Fri Jan 13 16:03:45 2012 +0530

    Blueprint xenapi-provider-firewall and Bug #915403.

      1. Provides dom0 IPtables driver to implement the Provider firewall rules.
      2. Existing libvirt code has been refactored to reduce the amount of duplicated code to a minimum
      3. The three provider apis in ec2/admin.py file are now fixed the following way:
        a. remove_external_address_block returned 'OK' on removing blocks which didn't exist. This is now fixed.
        b. block_external_addresses raised exception earlier on duplicate network blocks. Now the exception is logged and failed status message is returned.
        c. all the three provider apis now logs for invalid and improper inputs and return uniform (a dictionary ) and proper status messages for all cases.
      4. appropriate unit tests added to cover the same

    Change-Id: I27d83186f850423a6268947aed0c9a349d8f8d65

Changed in nova:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in nova:
milestone: none → essex-4
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in nova:
milestone: essex-4 → 2012.1
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.