Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Normal
Fix Version/s: None
Affects Version/s: None
Component/s: openstack-neutron
Labels:
None

Story Points:
0
Epic Link:
[BugEpic]: neutron-fwaas don't allow admin users to attach fw group to the port from diffent project
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Docs Approval:
?
Fixed in Build:
openstack-neutron-fwaas-18.0.1-18.0.20260305093048.5a16356.el9osttrunk
AssignedTeam:
rhos-connectivity-neutron-quark
Regression:
None
Intelligence Requested:
Market:
PX Impact Score:

Severity:
Moderate

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Even admin user who is by default allowed to see and modify fw groups from all projects can't attach fw group to the router's port which belongs to the other project then project owning fw group itself. It is like that because of the check https://github.com/openstack/neutron-fwaas/blob/master/neutron_fwaas/services/firewall/fwaas_plugin_v2.py#L167 which should probably be skipped if context.is_admin is True.

links to

Upstream bug report

Assignee:: Slawomir Kaplonski

Reporter:: Slawomir Kaplonski

Team:: rhos-dfg-networking-squad-neutron

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2026/02/23 1:38 PM

Updated:: 2026/03/09 3:39 PM