Bug 1676785 - Improve error message when trying to create a security rule specifying ports on protocol 112 (VRRP)
Summary: Improve error message when trying to create a security rule specifying ports ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-neutron
Version: 13.0 (Queens)
Hardware: Unspecified
OS: Unspecified
medium
low
Target Milestone: ---
: ---
Assignee: Nate Johnston
QA Contact: Roee Agiman
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-02-13 08:40 UTC by Andre
Modified: 2020-11-03 13:30 UTC (History)
4 users (show)

Fixed In Version: openstack-neutron-12.0.5-12.el7ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-07-10 13:01:59 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
OpenStack gerrit 636174 0 None MERGED Improve invalid port ranges error message 2020-11-03 13:22:19 UTC
Red Hat Product Errata RHBA-2019:1744 0 None None None 2019-07-10 13:02:16 UTC

Description Andre 2019-02-13 08:40:38 UTC 
Description of problem:
Currently when trying to create a security rule specifying ports for the protocol 112 we have an error:
~~~
#openstack security group rule create 058b5d6c-3329-4c66-b7cd-0f85c73ec5fe  --protocol 112 --egress --dst-port 1:65535
Error while executing command: BadRequestException: Unknown error, {"NeutronError": {"message": "Invalid protocol 112 for port range, only supported for TCP, UDP, UDPLITE, SCTP and DCCP.", "type": "SecurityGroupInvalidProtocolForPortRange", "detail": ""}}
~~~

This error would be more understandable if make it explicit that the issue is that this protocol doesn't need to have a port specified to it, something like this:
~~~
Invalid port range specified for protocol 112. Port ranges are only supported for TCP, UDP, UDPLITE, SCTP and DCCP.
~~~


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Create a security group
2. Create a security group rule with protocol 112 and specifying a port range

Actual results:
~~~
Error while executing command: BadRequestException: Unknown error, {"NeutronError": {"message": "Invalid protocol 112 for port range, only supported for TCP, UDP, UDPLITE, SCTP and DCCP.", "type": "SecurityGroupInvalidProtocolForPortRange", "detail": ""}}
~~~

Expected results:
A more understandable error message:
~~~
Invalid port range specified for protocol 112. Port ranges are only supported for TCP, UDP, UDPLITE, SCTP and DCCP.
~~~

Additional info:
Comment 1 Andre 2019-02-14 08:16:55 UTC 
This bugzilla can be close due to these upstream patches:

https://review.openstack.org/#/c/636174/
https://bugs.launchpad.net/neutron/+bug/1815478
Comment 3 Nate Johnston 2019-03-26 20:59:23 UTC 
Change has been merged upstream in all stable branches.  Will create downstream cherry-picks.
Comment 4 Andre 2019-04-03 13:50:29 UTC 
Hello,

Do we have any estimation for the downstream release? I know we don't have exact dates for that, but at least some estimation?
Comment 13 errata-xmlrpc 2019-07-10 13:01:59 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:1744
Note You need to log in before you can comment on or make changes to this bug.