neutron

Update a router with "enable_stat" parameter is throwing 404

Asked by Rajalakshmi Ganesan

When we try to update a router with "enable_snat" parameter as part of "external_gateway_info", we get 404 as error code stating {"NeutronError": "The resource could not be found."}.

Request someone to clarify on if this can be a Bug? ar is this an expected behavior.

But the updating happens successfully without the "enable_snat" parameter in request body. Following is the log:

RESPONSE WHEN "enable_stat" IS PRESENT IN REQUEST BODY OF UPDATE ACTION.

ubuntu@donotdelete-devstack2:~/raj/29/tempest/tempest/api/network$ curl -i http://10.4.107.88:9696/v2.0/routers/63091c02-37da-4607-b980-f1cb9e3ee0b4.json -X PUT -H "X-Auth-Token": "<Token omitted>" -H "Content-Type: application/json" -H "Accept: application/json" -H "User-Agent: python-neutronclient" -d '{"router": {"external_gateway_info": {"network_id": "512d3794-945d-431c-82dd-3ce78d6b59d6", "enable_snat": false}, "name": "raj7", "admin_state_up": false}}'
HTTP/1.1 404 Not Found
Content-Length: 52
Content-Type: application/json; charset=UTF-8
Date: Mon, 29 Jul 2013 12:16:13 GMT

{"NeutronError": "The resource could not be found."}ubuntu@donotdelete-devstack2:~/raj/29/tempest/tempest/api/network$

RESPONSE WHEN "enable_stat" IS NOT THERE IN REQUEST BODY OF UPDATE ACTION.

ubuntu@donotdelete-devstack2:~/raj/29/tempest/tempest/api/network$ curl -i http://10.4.107.88:9696/v2.0/routers/63091c02-37da-4607-b980-f1cb9e3ee0b4.json -X PUT -H "X-Auth-Token": "<Token omitted>" -H "Content-Type: application/json" -H "Accept: application/json" -H "User-Agent: python-neutronclient" -d '{"router": {"external_gateway_info": {"network_id": "512d3794-945d-431c-82dd-3ce78d6b59d6"}, "name": "raj7", "admin_state_up": false}}'
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Content-Length: 284
Date: Mon, 29 Jul 2013 12:24:01 GMT

{"router": {"status": "ACTIVE", "external_gateway_info": {"network_id": "512d3794-945d-431c-82dd-3ce78d6b59d6", "enable_snat": true}, "name": "raj7", "admin_state_up": false, "tenant_id": "446ef2f0672c49f89e0cf9c79286b453", "routes": [], "id": "63091c02-37da-4607-b980-f1cb9e3ee0b4"}}ubuntu@donotdelete-devstack2:~/raj/29/tempest/tempest/api/network$

Question information

Language:
English Edit question
Status:
Answered
For:
neutron Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Salvatore Orlando (salvatore-orlando) said : 		#1

Hi Rajalakshmi,

You should not get a 404 in this case. I will look at the code and see what's going on, and then if it is the case, convert this answer into a bug.

Revision history for this message
Salvatore Orlando (salvatore-orlando) said : 		#2

Are you executing this command with a tenant or admin context?
We recently merged a patch that by default restricts enabling/disabling snats to admins only.

You can override this setting by editing policy.json
Removing the following lines would default the criterion for enabe_snat to 'admin_or_owner', but you can change it to any valid rule you might have defined:

    "create_router:external_gateway_info:enable_snat": "rule:admin_only",
    "update_router:external_gateway_info:enable_snat": "rule:admin_only",

Revision history for this message
Salvatore Orlando (salvatore-orlando) said : 		#3

I have been looking at tempest tests and I realized the last answer was not really useful.
In order to be conservative we decided that by default, this feature (enabling or disabling snat) should be restricted to admins only.

I can raise the point for tempest to relax this constraint.
Otherwise we can switch tempest between client and admin_client as necessary.

Can you help with this problem?

Provide an answer of your own, or ask Rajalakshmi Ganesan for more information if necessary.

To post a message you must log in.