Add security group failed with NotFound error
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Zun |
Fix Released
|
High
|
hongbin |
Bug Description
Description
===========
On processing the request to add a security group to a container, it failed with a NotFound error on performing a neutron API call:
http://
This bug was introduced by: https:/
Reproduce
=========
#### create container in demo tenant ####
$ source /opt/stack/
$ openstack appcontainer run --name test nginx
$ CONTAINER_
#### populate neutron port in admin tenant ####
$ source /opt/stack/
$ openstack security group create adminsg
$ openstack port set --security-group adminsg $CONTAINER_PORT
#### add security group in demo tenant ####
$ source /opt/stack/
$ openstack security group create demosg
$ openstack appcontainer add security group test demosg
# check the log of devstack@
Changed in zun: | |
importance: | Undecided → High |
status: | New → Triaged |
Changed in zun: | |
assignee: | nobody → hongbin (hongbin034) |
status: | Triaged → In Progress |
description: | updated |
Reviewed: https:/ /review. openstack. org/532962 /git.openstack. org/cgit/ openstack/ zun/commit/ ?id=abd7e2b08f0 5383fb05c66f7bc 57ffb7f7a2ab9e
Committed: https:/
Submitter: Zuul
Branch: master
commit abd7e2b08f05383 fb05c66f7bc57ff b7f7a2ab9e
Author: Hongbin Lu <email address hidden>
Date: Thu Jan 11 20:09:29 2018 +0000
Fix an issue on context elevation
The issue was introduced by: /review. openstack. org/#/c/ 531561/
https:/
That patch above fixed an issue of creating volumes in a wrong
tenant, but it made the context elevation ineffective. As a result,
some neutron API calls (i.e. port update) was made by a non-admin
context thus failing due to insufficient permission.
This patch fixed it by using get_admin_context instead of elevated( ).
context.
Closes-Bug: #1742840 7d88a0091558245 3d38420ab24
Change-Id: Ia68729b90d059d