euca-revoke removes the wrong group authorization

Bug #608623 reported by Andreas Hasenack on 2010-07-22
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Eucalyptus
New
Undecided
chris grzegorczyk
euca2ools (Ubuntu)
Medium
Mitch Garnaat

Bug Description

Binary package hint: euca2ools

I have a security group and have authorized traffic from two other groups to it, "web" and "lds":

andreas@nsn2:~$ euca-describe-groups ssh
GROUP admin ssh Allows 22/tcp from everywhere
PERMISSION admin ssh ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0
PERMISSION admin ssh ALLOWS tcp 0 65535 GRPNAME web
PERMISSION admin ssh ALLOWS udp 0 65535 GRPNAME web
PERMISSION admin ssh ALLOWS icmp -1 -1 GRPNAME web
PERMISSION admin ssh ALLOWS tcp 0 65535 GRPNAME lds
PERMISSION admin ssh ALLOWS udp 0 65535 GRPNAME lds
PERMISSION admin ssh ALLOWS icmp -1 -1 GRPNAME lds

Now I remove this authorization for the "lds" group:

andreas@nsn2:~$ euca-revoke -o lds -u admin ssh
GROUP ssh
PERMISSION ssh ALLOWS USER admin GRPNAME lds

Listing the "ssh" group now shows that the "lds" group is still there and the "web" one was removed instead:

andreas@nsn2:~$ euca-describe-groups ssh
GROUP admin ssh Allows 22/tcp from everywhere
PERMISSION admin ssh ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0
PERMISSION admin ssh ALLOWS tcp 0 65535 GRPNAME lds
PERMISSION admin ssh ALLOWS udp 0 65535 GRPNAME lds
PERMISSION admin ssh ALLOWS icmp -1 -1 GRPNAME lds

This is against a cloud controller on lucid, running:

$ dpkg -l|grep eucalyptus
ii eucalyptus-cc 1.6.2-0ubuntu30.3 Elastic Utility Computing Architecture - Clu
ii eucalyptus-cloud 1.6.2-0ubuntu30.3 Elastic Utility Computing Architecture - Clo
ii eucalyptus-common 1.6.2-0ubuntu30.3 Elastic Utility Computing Architecture - Com
ii eucalyptus-gl 1.6.2-0ubuntu30.3 Elastic Utility Computing Architecture - Log
ii eucalyptus-java-common 1.6.2-0ubuntu30.3 Elastic Utility Computing Architecture - Com
ii eucalyptus-sc 1.6.2-0ubuntu30.3 Elastic Utility Computing Architecture - Sto
ii eucalyptus-walrus 1.6.2-0ubuntu30.3 Elastic Utility Computing Architecture - Wal
ii libeucalyptus-commons-ext-java 0.5.0-0ubuntu2 Eucalyptus commons external Java library

The client has this version os euca2ools installed and is also lucid:
ii euca2ools 1.2-0ubuntu10 managing cloud instances for Eucalyptus

Andreas Hasenack (ahasenack) wrote :

It also happens when using Landscape to manage the security groups of a UEC installation, so it looks like a server bug and not a client one.

Mathias Gug (mathiaz) on 2010-07-28
Changed in euca2ools (Ubuntu):
importance: Undecided → Medium
Changed in eucalyptus:
assignee: nobody → chris grzegorczyk (chris-grze)
Changed in euca2ools (Ubuntu):
assignee: nobody → Mitch Garnaat (mitch-garnaat)
Scott Moser (smoser) wrote :

@andreas,
   This bug is old.
    Could you please try to reproduce with current euca2ools?
   If you are unable to find a Eucalyptus, then just point at EC2. If it "does the right thing" against EC2, then this bug is fix-released for euca2ools at least.

Dave Walker (davewalker) wrote :

Marking euca2ools task incomplete pending an update.

Thanks.

Changed in euca2ools (Ubuntu):
status: New → Incomplete
Andy Grimm (agrimm) wrote :

This issue is now being tracked upstream at http://eucalyptus.atlassian.net/browse/EUCA-2719

Please watch that issue for further updates.

Clint Byrum (clint-fewbar) wrote :

Since it is in upstream's hands now, marking as Triaged

Changed in euca2ools (Ubuntu):
status: Incomplete → Triaged
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers