Openstack Omni

[GCE] Security Groups validation before creation

Bug #1709002 reported by Sanket Sudake
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Openstack Omni
Fix Released
Undecided
Sanket Sudake

Bug Description

Currently Security Group, are not validated while creation. We need to check if all security group rules are compatible with GCE firewall rule. If not we should raise appropriate error.

Sanket Sudake (ssudake21)
Changed in omni:
assignee: nobody → Sanket Sudake (ssudake21)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to omni (master)

Fix proposed to branch: master
Review: https://review.openstack.org/491356

Changed in omni:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to omni (master)

Reviewed: https://review.openstack.org/491356
Committed: https://git.openstack.org/cgit/openstack/omni/commit/?id=f7085c188320b55534f1a315d823c002ad75b653
Submitter: Jenkins
Branch: master

commit f7085c188320b55534f1a315d823c002ad75b653
Author: Sanket <email address hidden>
Date: Mon Aug 7 11:44:54 2017 +0530

    [GCE] Validate security group at the time of creation

    Openstack Security Group should be validated if they are compatible
    with GCE firewall rules. If not we should raise approriate error.
    This fix processes security group info in BEFORE_RESPONSE event
    of security group and rollbacks earlier created security group if
    not compatible.

    We can not use BEFORE_CREATE/PRECOMMIT_CREATE as they do not contain
    required security group rules info.

    Change-Id: I5f1fc67208085ef399f3dcfe5fdec63d4f2ffc51
    Closes-bug: #1709002

Changed in omni:
status: In Progress → Fix Released
Sanket Sudake (ssudake21)
Changed in omni:
status: Fix Released → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to omni (master)

Fix proposed to branch: master
Review: https://review.openstack.org/492468

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to omni (master)

Reviewed: https://review.openstack.org/492468
Committed: https://git.openstack.org/cgit/openstack/omni/commit/?id=60e596283c927f7492eace48a221305ca300df5e
Submitter: Jenkins
Branch: master

commit 60e596283c927f7492eace48a221305ca300df5e
Author: Sanket <email address hidden>
Date: Thu Aug 10 16:09:54 2017 +0530

    [GCE] Skip Security group rule verification for egress rules

    Neutron by default adds two egress rules to security group creation
    API calls. If we block egress rules, any type of security
    group creation fails. So we just log warning in case of neutron egress
    security group rules being not supported on GCE.
    Switched to gce beta APIs as firewall group creation calls are deprecated
    on v1 APIs. Firewall related call report error "feature not supported yet"

    Change-Id: I7baded2df5b34239e2cf99ca49c9d6c8eba46294
    Closes-bug: #1709002

Changed in omni:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.