[NETVIRT-576] Exception in SG Acl while SFC acl is created/modified. Created: 31/Mar/17 Updated: 03/May/18 Resolved: 03/Apr/17 |
|
| Status: | Resolved |
| Project: | netvirt |
| Component/s: | General |
| Affects Version/s: | Carbon |
| Fix Version/s: | None |
| Type: | Bug | ||
| Reporter: | Aswin Suryanarayanan | Assignee: | Aswin Suryanarayanan |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Operating System: All |
||
| External issue ID: | 8121 |
| Description |
|
unhandled exception while testing SFC ACL. 2017-03-30 20:35:27,185 | ERROR | eChangeHandler-0 | AsyncDataTreeChangeListenerBase | 328 - org.opendaylight.genius.mdsalutil-api - 0.2.0.SNAPSHOT | Thread terminated due to uncaught exception: AsyncDataTreeChangeListenerBase-DataTreeChangeHandler-0 java.lang.IllegalArgumentException: Supplied value "ACL1" does not match required pattern "^[0-9a-fA-F] {8}-[0-9a-fA-F] {4}-[0-9a-fA-F]{4}-[0-9a-fA-F] {4}-[0-9a-fA-F] {12}$" at com.google.common.base.Preconditions.checkArgument(Preconditions.java:145)[65:com.google.guava:18.0.0] at org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid.<init>(Uuid.java:55)[105:org.opendaylight.mdsal.model.ietf-yang-types-20130715:2013.7.15.10-SNAPSHOT] at org.opendaylight.netvirt.aclservice.listeners.AclEventListener.update(AclEventListener.java:76)[379:org.opendaylight.netvirt.aclservice-impl:0.4.0.SNAPSHOT] at org.opendaylight.netvirt.aclservice.listeners.AclEventListener.update(AclEventListener.java:33)[379:org.opendaylight.netvirt.aclservice-impl:0.4.0.SNAPSHOT] at org.opendaylight.genius.datastoreutils.AsyncDataTreeChangeListenerBase$DataTreeChangeHandler.run(AsyncDataTreeChangeListenerBase.java:157)[328:org.opendaylight.genius.mdsalutil-api:0.2.0.SNAPSHOT] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)[:1.8.0_121] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)[:1.8.0_121] at java.lang.Thread.run(Thread.java:745)[:1.8.0_121] To reproduce it, I just sent this ACL twice in a row: curl -i -H "Content-Type: application/json" -H "Cache-Control: no-cache" --data '{ "access-lists": { "acl": [ { "acl-name": "ACL1", "acl-type": "ietf-access-control-list:ipv4-acl", "access-list-entries": { "ace": [ { "rule-name": "ACE1", "actions": { "netvirt-sfc-acl:rsp-name": "RSP1" }, "matches": { "network-uuid" : "177bef73-514e-4922-990f-d7aba0f3b0f4", "source-ipv4-network": "10.0.0.1/24", "protocol": "6", "source-port-range": { "lower-port": 0 }, "destination-port-range": { "lower-port": 80 }} } ] } }]}}' -X PUT --user admin:admin http://localhost:8181/restconf/config/ietf-access-control-list:access-lists/ |
| Comments |
| Comment by Sam Hague [ 31/Mar/17 ] |
|
Aswin, does the idea to use the security attribute augmentation work for aclservice to only process it's acls? Would there be other places beyond that exception below that would also need the check? |
| Comment by Aswin Suryanarayanan [ 31/Mar/17 ] |
|
The idea of using SecAttr should work as now , as the direction is as part of the augmentation and we need direction for the rest of the code to work so it is a kind of mandatory Augmentation. There could be potentially other flows as well that needs to be handled, but should be in the same listener. |
| Comment by Sam Hague [ 03/Apr/17 ] |