Add security group failed with NotFound error
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Zun |
Fix Released
|
High
|
hongbin | ||
Bug Description
Description
===========
On processing the request to add a security group to a container, it failed with a NotFound error on performing a neutron API call:
http://
This bug was introduced by: https:/
Reproduce
=========
#### create container in demo tenant ####
$ source /opt/stack/
$ openstack appcontainer run --name test nginx
$ CONTAINER_
#### populate neutron port in admin tenant ####
$ source /opt/stack/
$ openstack security group create adminsg
$ openstack port set --security-group adminsg $CONTAINER_PORT
#### add security group in demo tenant ####
$ source /opt/stack/
$ openstack security group create demosg
$ openstack appcontainer add security group test demosg
# check the log of devstack@
| Changed in zun: | |
| importance: | Undecided → High |
| status: | New → Triaged |
| Changed in zun: | |
| assignee: | nobody → hongbin (hongbin034) |
| status: | Triaged → In Progress |
| description: | updated |
| OpenStack Infra (hudson-openstack) wrote Fix merged to zun (master) | #1 |
| Changed in zun: | |
| status: | In Progress → Fix Released |
| OpenStack Infra (hudson-openstack) wrote Fix included in openstack/zun 1.0.0 | #2 |
Reviewed: https:/
Committed: https:/
Submitter: Zuul
Branch: master
commit abd7e2b08f05383
Author: Hongbin Lu <email address hidden>
Date: Thu Jan 11 20:09:29 2018 +0000
Fix an issue on context elevation
The issue was introduced by:
https:/
That patch above fixed an issue of creating volumes in a wrong
tenant, but it made the context elevation ineffective. As a result,
some neutron API calls (i.e. port update) was made by a non-admin
context thus failing due to insufficient permission.
This patch fixed it by using get_admin_context instead of
context.
Closes-Bug: #1742840
Change-Id: Ia68729b90d059d