[Openstack-security] [Bug 1244025] Re: Remote security group criteria don't work in Midonet plugin

Tomoe Sugihara 1244025 at bugs.launchpad.net
Thu Mar 20 16:10:30 UTC 2014


Thank you Thierry and Motoki san for following this up. I appreciate it.

Thierry, 
I'll prepare a fix only patch for havana shortly. 

Motoki san,

Yes, the patch is indeed a feature proposed in time for FeatureProposalFreeze before I-3, which happens to include this fix. 
We need to change most part of our plugin in icehouse due to our backend change, but it's basically a feature parity with a couple of new extension supported. So despite the amount of code change, it doesn't include much feature, just a feature parity on havana.
 
As I described above, we submitted the original patch in mid Feb, but we were asked by reviewers to break it down into smaller patches right before the I-3 deadline, so we did it, but that took a couple of days and missed the I-3 deadline.

So, we could apply the fix only patch for havana to icehouse, but our
plugin in icehouse would still be broken because of the incompatibility
with our new backend.

-- 
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1244025

Title:
  Remote security group criteria don't work in Midonet plugin

Status in OpenStack Neutron (virtual network service):
  In Progress
Status in neutron havana series:
  New
Status in OpenStack Security Advisories:
  Confirmed

Bug description:
  When creating a security rule that specifies a remote security group
  (rather than a CIDR range), the Midonet plugin does not enforce this
  criterion. With an egress rule, for example, one of the criteria for a
  particular rule may be that only traffic to security group A will be
  allowed out. This criterion is ignored, and traffic will be allowed
  out regardless of the destination security group, provided that it
  conforms to the rule's other criteria.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1244025/+subscriptions




More information about the Openstack-security mailing list