Bug 1683385
| Summary: | [RHOSP13] Unable to create network port on a shared network via the Horizon dashboard. | ||
|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Alberto Rivera Laporte <ariveral> |
| Component: | python-django-horizon | Assignee: | Radomir Dopieralski <rdopiera> |
| Status: | CLOSED NOTABUG | QA Contact: | Beth White <beth.white> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 13.0 (Queens) | CC: | ariveral, athomas, denissa_pribec, dwojewod, jmelvin, jrist, rdopiera |
| Target Milestone: | --- | Keywords: | Triaged |
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-09-17 15:02:30 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
This seems like expected behavior. The port creation is forbidden by a policy. |
Description of problem: Using Horizon/OpenStack Dashboard to create a network port on a shared network fails with the following error: 'Error: You are not allowed to create a port for network <shared_network_id>' Version-Release number of selected component (if applicable): Red Hat Openstack 13 How reproducible: Always - Create a shared network under $project_a - Log into the OpenStack dashboard under $project_b - As a user in $project_b create a network port on network shared by $project_a with the following options: - Port name - Admin state is checked(checked by default) - Specify subnet - Port security is checked(checked by default) - VNIC type = normal (selected by default) - Port creation fails with the errors observed below on the dashboard[0], and the neutron api[1] error logs. Dashboard errors: Error: You are not allowed to create a port for network <shared_network_id> Additional notes: - Un-checking Admin State does not change this behavior - Un-checking Port Secuirty does not change this behavior - Creating the network port on the shared network is successful through the OpenStack command line client. [0] --------------- Horizon errors --------------- 2019-02-26 11:43:30,023 59 INFO openstack_dashboard.dashboards.project.networks.ports.forms Failed to create a port for network 69f0585e-6839-42b9-80a0-818c6c7e0987: (rule:create_port and rule:create_port:port_security_enabled) is disallowed by policy Neutron server returns request_ids: ['req-2f40ac6c-268c-42c4-a033-cf8102aa30b4'] 2019-02-26 11:43:30,023 59 WARNING horizon.exceptions Recoverable error: (rule:create_port and rule:create_port:port_security_enabled) is disallowed by policy Neutron server returns request_ids: ['req-2f40ac6c-268c-42c4-a033-cf8102aa30b4'] [1] --------------- Neutron API errors --------------- 2019-02-26 11:43:29.653 27 DEBUG neutron.api.v2.base [req-2f40ac6c-268c-42c4-a033-cf8102aa30b4 8909803e10bd4e97a31fee3b17e7a809 88e74a584c2b4d03b51a9ba079f3253a - default default] Request body: {u'port': {u'name': u'test-port-201', u'admin_state_up': True, u'network_id': u'69f0585e-6839-42b9-80a0-818c6c7e0987', u'tenant_id': u'88e74a584c2b4d03b51a9ba079f3253a', u'binding:vnic_type': u'normal', u'device_owner': u'', u'port_security_enabled': True, u'device_id': u''}} prepare_request_body /usr/lib/python2.7/site-packages/neutron/api/v2/base.py:690 2019-02-26 11:43:29.822 27 DEBUG neutron.db.quota.driver [req-2f40ac6c-268c-42c4-a033-cf8102aa30b4 8909803e10bd4e97a31fee3b17e7a809 88e74a584c2b4d03b51a9ba079f3253a - default default] Resources subnetpool,trunk have unlimited quota limit. It is not required to calculate headroom make_reservation /usr/lib/python2.7/site-packages/neutron/db/quota/driver.py:223 2019-02-26 11:43:29.834 27 DEBUG neutron.db.quota.driver [req-2f40ac6c-268c-42c4-a033-cf8102aa30b4 8909803e10bd4e97a31fee3b17e7a809 88e74a584c2b4d03b51a9ba079f3253a - default default] Attempting to reserve 1 items for resource port. Total usage: 0; quota limit: 500; headroom:500 make_reservation /usr/lib/python2.7/site-packages/neutron/db/quota/driver.py:255 2019-02-26 11:43:29.858 27 DEBUG neutron.pecan_wsgi.hooks.quota_enforcement [req-2f40ac6c-268c-42c4-a033-cf8102aa30b4 8909803e10bd4e97a31fee3b17e7a809 88e74a584c2b4d03b51a9ba079f3253a - default default] Made reservation on behalf of 88e74a584c2b4d03b51a9ba079f3253a for: {'port': 1} before /usr/lib/python2.7/site-packages/neutron/pecan_wsgi/hooks/quota_enforcement.py:55 2019-02-26 11:43:29.992 27 DEBUG neutron.policy [req-2f40ac6c-268c-42c4-a033-cf8102aa30b4 8909803e10bd4e97a31fee3b17e7a809 88e74a584c2b4d03b51a9ba079f3253a - default default] Enforcing rules: ['create_port', 'create_port:port_security_enabled'] log_rule_list /usr/lib/python2.7/site-packages/neutron/policy.py:334 2019-02-26 11:43:29.992 27 DEBUG neutron.policy [req-2f40ac6c-268c-42c4-a033-cf8102aa30b4 8909803e10bd4e97a31fee3b17e7a809 88e74a584c2b4d03b51a9ba079f3253a - default default] Failed policy check for 'create_port' enforce /usr/lib/python2.7/site-packages/neutron/policy.py:405 2019-02-26 11:43:29.994 27 INFO neutron.pecan_wsgi.hooks.translation [req-2f40ac6c-268c-42c4-a033-cf8102aa30b4 8909803e10bd4e97a31fee3b17e7a809 88e74a584c2b4d03b51a9ba079f3253a - default default] POST failed (client error): Access was denied to this resource. 2019-02-26 11:43:29.994 27 DEBUG neutron.pecan_wsgi.hooks.notifier [req-2f40ac6c-268c-42c4-a033-cf8102aa30b4 8909803e10bd4e97a31fee3b17e7a809 88e74a584c2b4d03b51a9ba079f3253a - default default] No notification will be sent due to unsuccessful status code: 403 after /usr/lib/python2.7/site-packages/neutron/pecan_wsgi/hooks/notifier.py:79 2019-02-26 11:43:30.021 27 INFO neutron.wsgi [req-2f40ac6c-268c-42c4-a033-cf8102aa30b4 8909803e10bd4e97a31fee3b17e7a809 88e74a584c2b4d03b51a9ba079f3253a - default default] 172.16.20.42 "POST /v2.0/ports HTTP/1.1" status: 403 len: 345 time: 0.3725500