Quantum Security Group driver doesn't accept none value for from_port & to _port

Bug #1176027 reported by Phil Day
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Fix Released
Medium
Aaron Rosen
Grizzly
Fix Released
Medium
Vish Ishaya

Bug Description

The following command works with the Nova Network security group driver but raise a KeyError with a on systems configured with the quantum Security group driver

curl -i https://compute.systest.xxx.net/v2/10112181934012/os-security-group-rules -X POST -H "X-Auth-Project-Id: storm_regression" -H "User-Agent: python-novaclient" -H "Content-Type: application/json" -H "Accept: application/json" -H "X-Auth-Token: xxxxxxxxxx" -d '{"security_group_rule": {"from_port": null, "ip_protocol": null, "to_port": null, "parent_group_id": "1bb709c9-b758-48a8-a28f-944a71c3a3ae", "cidr": null, "group_id": "1bb709c9-b758-48a8-a28f-944a71c3a3ae"}}'

In the Nova Network driver values are just inserted into the database, so "from_port":null works fine.

In the Quantum driver there is a specific check for a -1 value, which results in the key error

network/securtityy_group/quanum_driver.py:

def _make_quantum_security_group_rules_list(self, rules):

...

            if rule['from_port'] != -1:
                new_rule['port_range_min'] = rule['from_port']
            if rule['to_port'] != -1:
                new_rule['port_range_max'] = rule['to_port']

For compatibility with Nova-network systems the Quantum driver should also accept none values

Tags: api sg-fw
Aaron Rosen (arosen)
Changed in nova:
assignee: nobody → Aaron Rosen (arosen)
Changed in quantum:
assignee: nobody → Aaron Rosen (arosen)
tags: added: api sg-fw
Changed in quantum:
importance: Undecided → Medium
Aaron Rosen (arosen)
Changed in quantum:
status: New → Invalid
no longer affects: quantum
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/29038

Changed in nova:
status: New → In Progress
Aaron Rosen (arosen)
Changed in nova:
status: In Progress → Confirmed
Changed in nova:
status: Confirmed → In Progress
Changed in nova:
importance: Undecided → Medium
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (stable/grizzly)

Fix proposed to branch: stable/grizzly
Review: https://review.openstack.org/29266

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (master)

Reviewed: https://review.openstack.org/29038
Committed: http://github.com/openstack/nova/commit/78e2e2128992527407f99743340692ef3be75210
Submitter: Jenkins
Branch: master

commit 78e2e2128992527407f99743340692ef3be75210
Author: Aaron Rosen <email address hidden>
Date: Mon May 13 20:29:17 2013 -0700

    Fix quantum security group driver to accept none for from/to_port

    The quantum security group driver did not accept none values for
    from_port/to_port which the nova security group api supports. This
    patch allows None values to be passed in for those params and adds a unit test.

    In addition the from/to_port responses would be different if using quantum
    instead of nova. This patch fixes that and adds unit tests.

    Fixes bug 1176027

    Change-Id: Id57e253c9dd1787ee25fc5cbb562743692d7abe4

Changed in nova:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (stable/grizzly)

Reviewed: https://review.openstack.org/29266
Committed: http://github.com/openstack/nova/commit/fc5c6ec72ecbcebe0600ccd9551638fd68fa0950
Submitter: Jenkins
Branch: stable/grizzly

commit fc5c6ec72ecbcebe0600ccd9551638fd68fa0950
Author: Aaron Rosen <email address hidden>
Date: Mon May 13 20:29:17 2013 -0700

    Fix quantum security group driver to accept none for from/to_port

    The quantum security group driver did not accept none values for
    from_port/to_port which the nova security group api supports. This
    patch allows None values to be passed in for those params and adds a unit test.

    In addition the from/to_port responses would be different if using quantum
    instead of nova. This patch fixes that and adds unit tests.

    Fixes bug 1176027

    Change-Id: Id57e253c9dd1787ee25fc5cbb562743692d7abe4
    (cherry picked from commit 78e2e2128992527407f99743340692ef3be75210)

Thierry Carrez (ttx)
Changed in nova:
milestone: none → havana-1
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in nova:
milestone: havana-1 → 2013.2
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.