euca-authorize requires source-subnet to function
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
euca2ools |
Fix Released
|
Undecided
|
Mitch Garnaat | ||
euca2ools (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: euca2ools
using the ec2-api-tools, one can do something like:
$ ec2-add-group --description=bar foogroup
GROUP foogroup bar
$ ec2-authorize foogroup -p 22
GROUP foogroup
PERMISSION foogroup ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0
$ ec2-describe-group foogroup
GROUP 950047163771 foogroup bar
PERMISSION 950047163771 foogroup ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0
Using euca2ools, the same looks like this:
$ euca-add-group --description=bar foogroup
GROUP foogroup bar
$ euca-authorize foogroup -p 22
foogroup None None tcp 22 22 None
GROUP foogroup
PERMISSION foogroup ALLOWS tcp 22 22
$ echo $?
0
$ euca-describe-
GROUP 950047163771 foogroup bar
Note 2 things there, a.) the command returned success b.) it did not do anything. There is no PERMISSIOn rule now as there should be.
However, if we supply a -s/--source-subnet flag, then it works as expected:
$ euca-authorize foogroup -p 22 --source-subnet 0.0.0.0/0
foogroup None None tcp 22 22 0.0.0.0/0
GROUP foogroup
PERMISSION foogroup ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0
$ euca-describe-
GROUP 950047163771 foogroup bar
PERMISSION 950047163771 foogroup ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0
I think all that is really needed is to use '0.0.0.0/0' as the source-subnet if one is not supplied.
ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: euca2ools 1.3.1-0ubuntu5
ProcVersionSign
Uname: Linux 2.6.38-1-generic x86_64
Architecture: amd64
Date: Fri Feb 25 13:29:08 2011
InstallationMedia: Ubuntu 10.04 "Lucid Lynx" - Beta amd64 (20100318)
PackageArchitec
ProcEnviron:
LANGUAGE=en_US:en
PATH=(custom, user)
LANG=en_US.UTF-8
LC_MESSAGES=
SHELL=/bin/bash
SourcePackage: euca2ools
Changed in euca2ools: | |
status: | Fix Committed → Fix Released |
This bug was fixed in the package euca2ools - 1.3.1-0ubuntu6
---------------
euca2ools (1.3.1-0ubuntu6) natty; urgency=low
* use 0.0.0.0/0 as default source-subnet in euca-revoke and group to euca-authorize- groups
euca-authorize (LP: #725170)
* parse EC2_URL correctly if it does not contain a port (LP: #719547)
* provide symlink from euca-authorize-
for better drop-in replacement of ec2-api-tools. (LP: #720856)
-- Scott Moser <email address hidden> Fri, 25 Feb 2011 15:34:45 -0500