Bug #2852

Changing role to a red interface doesn't remove it from providers

Added by Filippo Carletti about 5 years ago. Updated about 5 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-firewall-base
Target version:v6.5
Security class: Resolution:
Affected version:v6.5-final NEEDINFO:No

Description

If you have, say, two red (providers) in a multi-wan setup and switch role of a red interface, say to a blue, the interface remains in the providers table.
The underlying shorewall configuration becomes broken.


Related issues

Related to Nethgui - Bug #2889: Empty Selector widget not validated CLOSED
Related to Nethgui - Enhancement #2890: Selector widget: support validation tooltip CLOSED

Associated revisions

Revision 0860d289
Added by Giacomo Sanchietti about 5 years ago

Firewall lib: disable providers associated to non-existing red interface. Refs #2852

Revision b21ba66a
Added by Giacomo Sanchietti about 5 years ago

Web UI: disable providers associated to non-existing red interface. Refs #2852

Revision ea6a4724
Added by Giacomo Sanchietti about 5 years ago

Web UI: avoid reuse of already associated red interfaces. Refs #2852

Revision c9af0479
Added by Davide Principi about 5 years ago

Merged into master. Refs #2852

Revision 4523852f
Added by Giacomo Sanchietti about 5 years ago

Firewall event: clean up dangling providers. Refs #2852

Revision 39ccafae
Added by Davide Principi about 5 years ago

Provider page: trigger validation error if no red interfaces are available. Refs #2852

History

#1 Updated by Filippo Carletti about 5 years ago

  • Target version set to v6.5

#2 Updated by Giacomo Sanchietti about 5 years ago

  • Status changed from NEW to TRIAGED
  • % Done changed from 0 to 20
  • Affected version set to v6.5-final

#3 Updated by Giacomo Sanchietti about 5 years ago

  • Category set to nethserver-base

#4 Updated by Giacomo Sanchietti about 5 years ago

Proposed solution:
  • avoid to generate rules for providers associated to non-existing interfaces
  • inside the UI, mark as disabled all providers associated to non-existing interfaces

The system will be always on a consistent state and the user can manually clean up the providers tables from web interface.

#5 Updated by Giacomo Sanchietti about 5 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 20 to 30

#6 Updated by Giacomo Sanchietti about 5 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 60

Implemented in branch b2852.

#7 Updated by Giacomo Sanchietti about 5 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 60 to 70
Package in nethserver-testing:
  • nethserver-firewall-base-2.0.0-2.5gitea6a472.ns6.noarch.rpm
    nethserver-firewall-base-2.0.0-2.10gitc9af047.ns6.noarch.rpm
Test case 1
  • Configure 2 red interfaces
  • Create two providers associated to both red interfaces
  • Delete one red interface
  • Shorewall configuration must work
  • In the web UI the provider associated to deleted interface must be disabled
  • The disabled provider can be delete from web UI
Test case 2
  • Configure 2 red interfaces
  • Create a provider associate to one red interface
  • Create a second provider, the interface should display only red interfaces not associated to any provider

#8 Updated by Davide Principi about 5 years ago

  • Assignee set to Davide Principi

#9 Updated by Davide Principi about 5 years ago

  • Assignee deleted (Davide Principi)
  • NEEDINFO changed from No to Yes

Test case 1 OK

Note:
If a provider without any interface is created, the update action has an empty, readonly "Interface" field: that is not consistent. The create should be disabled or at least validation should fail, if no red interface is available.

Test case 2 OK

Only the free interface is listed in create: OK.


Test cases pass, but as noted above the UI still have one issue: ignore or fix?

#10 Updated by Giacomo Sanchietti about 5 years ago

  • NEEDINFO changed from Yes to No

The module has a memberOf validator that should always fail if the array of interfaces is empty.

By the way, I'd like to implement an action inside nethserver-firewall-base-save event which cleans all dangling records inside the tc database.

#11 Updated by Giacomo Sanchietti about 5 years ago

  • Status changed from ON_QA to TRIAGED
  • % Done changed from 70 to 20

#12 Updated by Giacomo Sanchietti about 5 years ago

  • Status changed from TRIAGED to ON_DEV
  • % Done changed from 20 to 30

#13 Updated by Giacomo Sanchietti about 5 years ago

  • Category changed from nethserver-base to nethserver-firewall-base

#14 Updated by Giacomo Sanchietti about 5 years ago

  • Assignee set to Giacomo Sanchietti

#15 Updated by Giacomo Sanchietti about 5 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 60

#16 Updated by Giacomo Sanchietti about 5 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 60 to 70
Package in nethserver-testing:
  • nethserver-firewall-base-2.0.0-2.11git4523852.ns6.noarch.rpm
    nethserver-firewall-base-2.0.0-2.12git39ccafa.ns6.noarch.rpm
  • nethserver-httpd-admin-1.3.0-3.7git7d30271.ns6.noarch.rpm

Test case 1

Repeat test case 1, then reload the page after record creation. The record should be automatically deleted.

Test case 2

  • Configure a red interface
  • Create a provider associated to the red interface
  • Delete the red interface
  • The provider record should be automatically deleted.

#17 Updated by Davide Principi about 5 years ago

  • Related to Bug #2889: Empty Selector widget not validated added

#18 Updated by Davide Principi about 5 years ago

  • Assignee set to Davide Principi

#19 Updated by Davide Principi about 5 years ago

#20 Updated by Davide Principi about 5 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Davide Principi)
  • % Done changed from 70 to 90

VERIFIED

#21 Updated by Davide Principi about 5 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100

In nethserver-updates:
nethserver-firewall-base-2.1.0-1.ns6.noarch.rpm

Also available in: Atom PDF