Juniper Openstack

For SG, ICMP rule type and code is not respected

Bug #1364740 reported by Vedamurthy Joshi
This bug report is a duplicate of:  Edit Remove
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Juniper Openstack
Status tracked in Trunk
R1.1
Won't Fix
Medium
Hampapur Ajay
Trunk
New
Medium
Sahil Sabharwal

Bug Description

R1.10 28

Created a SG . Added rule with ingress-allow icmp type1 code1.
Started two VMs in a project with this SG .
Ping passed between these vms.

{
security-group: {
virtual_machine_interface_back_refs: [
{
to: [
"default-domain",
"project1",
"088c8741-3d5f-4bf5-9bd5-5ec222199933"
],
href: "http://nodea9:8082/virtual-machine-interface/088c8741-3d5f-4bf5-9bd5-5ec222199933",
attr: null,
uuid: "088c8741-3d5f-4bf5-9bd5-5ec222199933"
},
{
to: [
"default-domain",
"project1",
"58b0ac93-1749-484a-9476-e633e71069d8"
],
href: "http://nodea9:8082/virtual-machine-interface/58b0ac93-1749-484a-9476-e633e71069d8",
attr: null,
uuid: "58b0ac93-1749-484a-9476-e633e71069d8"
}
],
fq_name: [
"default-domain",
"project1",
"sg1"
],
uuid: "bfb96501-b0f0-436f-b7dd-c584d55115f3",
access_control_lists: [
{
to: [
"default-domain",
"project1",
"sg1",
"ingress-access-control-list"
],
href: "http://nodea9:8082/access-control-list/14067bad-6d95-44d5-b8c5-0da16f42844f",
uuid: "14067bad-6d95-44d5-b8c5-0da16f42844f"
},
{
to: [
"default-domain",
"project1",
"sg1",
"egress-access-control-list"
],
href: "http://nodea9:8082/access-control-list/ac0fc983-2a88-4193-a3f3-ebc4449a1365",
uuid: "ac0fc983-2a88-4193-a3f3-ebc4449a1365"
}
],
parent_uuid: "4c935d93-d292-469c-8fce-8c40639f8705",
parent_href: "http://nodea9:8082/project/4c935d93-d292-469c-8fce-8c40639f8705",
parent_type: "project",
security_group_id: 6,
display_name: "sg1",
href: "http://nodea9:8082/security-group/bfb96501-b0f0-436f-b7dd-c584d55115f3",
id_perms: {
enable: true,
uuid: {
uuid_mslong: 13815184389873615000,
uuid_lslong: 13248962853099084000
},
created: "2014-09-03T03:03:03.145244",
description: "sg1",
last_modified: "2014-09-03T04:13:41.129233",
permissions: {
owner: "cloud-admin",
owner_access: 7,
other_access: 7,
group: "cloud-admin-group",
group_access: 7
}
},
security_group_entries: {
policy_rule: [
{
direction: ">",
protocol: "any",
dst_addresses: [
{
security_group: null,
subnet: {
ip_prefix: "0.0.0.0",
ip_prefix_len: 0
},
virtual_network: null,
network_policy: null
}
],
action_list: null,
rule_uuid: "518dcf76-dd6b-4611-8842-57e7976f45cb",
dst_ports: [
{
end_port: 65535,
start_port: 0
}
],
application: [ ],
src_addresses: [
{
security_group: "local",
subnet: null,
virtual_network: null,
network_policy: null
}
],
rule_sequence: null,
src_ports: [
{
end_port: 65535,
start_port: 0
}
]
},
{
direction: ">",
protocol: "icmp",
dst_addresses: [
{
security_group: "local",
subnet: null,
virtual_network: null,
network_policy: null
}
],
action_list: null,
rule_uuid: "f9d4dd23-87f7-45d6-bc84-8dadcfde6cd3",
dst_ports: [
{
end_port: 1,
start_port: 1
}
],
application: [ ],
src_addresses: [
{
security_group: null,
subnet: {
ip_prefix: "0.0.0.0",
ip_prefix_len: 0
},
virtual_network: null,
network_policy: null
}
],
rule_sequence: null,
src_ports: [
{
end_port: 65535,
start_port: 0
}
]
}
]
},
name: "sg1"
}
}

Revision history for this message
Om Prakash Pandey (pandeyop) wrote :

The below tempest test is also failing due to this issue.

tempest.api.network.test_security_groups.SecGroupTest.test_create_security_group_rule_with_icmp_type_code
Traceback (most recent call last):
testtools.testresult.real._StringException: Empty attachments:
  pythonlogging:''
  stderr
  stdout

Traceback (most recent call last):
  File "/home/omp/tempest/tempest/api/network/test_security_groups.py", line 178, in test_create_security_group_rule_with_icmp_type_code
    icmp_type, icmp_code)
  File "/home/omp/tempest/tempest/api/network/test_security_groups.py", line 69, in _create_verify_security_group_rule
    (key, value))
  File "/usr/local/lib/python2.7/dist-packages/testtools/testcase.py", line 350, in assertEqual
    self.assertThat(observed, matcher, message)
  File "/usr/local/lib/python2.7/dist-packages/testtools/testcase.py", line 435, in assertThat
    raise mismatch_error
testtools.matchers._impl.MismatchError: None != 65535: Field port_range_max of the created security group rule does not match with None.

tags: added: security-group tempest
Nagabhushana R (bhushana)
Changed in opencontrail:
importance: Undecided → Medium
assignee: nobody → Hampapur Ajay (hajay)
Sachin Bansal (sbansal)
no longer affects: opencontrail
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
  • Duplicate of a private bug Remove
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.