neutron

get_security_groups() return security group rules

Bug #1105399 reported by Aaron Rosen
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Fix Released
High
Aaron Rosen
neutron 2013.1 "grizzly"

Bug Description

In nova get_security_groups() returns the security groups and there security group rules. And the way that the nova python client works in order to delete a security group rule it works in the following way:

nova secgroup-remove-rule myserver tcp 22 22 192.168.1.1/24

On the client it first does a get security-groups, and returns the client the list of security groups and all of their rules. Then it searches through that list for the group that matches name='myservers'; next it finds the rule in that group that match, "tcp 22 22 192.168.1.1/24" then issues a delete on that id. In order to implement this nova security group quantum proxy when a nova security-group-list call is made I need to return all the security groups and their rules.

There are 4) options in which this can be solved (in my opinion):
1) Make the quantum proxy running on nova-api make multiple request to get the security group rules for each security group. (This can end up being a lot of requets...).
2) Add another method to quantum i.e: get_security_group_groups_and_rules() -- kinda clunky imo.
3) change the nova security group api so that it has a list-security-group-rules in order to delete the rule and update the client. (probably not ideal).

4) make quantums get_security_groups() also return the security group rules as well. In my opinion this is the approach we should take and that's what the patch i uploaded does.

If anyone feels strongly on this or has other ideas i'm very happy to hear them.

Aaron Rosen (arosen)
Changed in quantum:
assignee: nobody → Aaron Rosen (arosen)
milestone: none → grizzly-3
importance: Undecided → High
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to quantum (master)

Fix proposed to branch: master
Review: https://review.openstack.org/20519

Changed in quantum:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to quantum (master)

Reviewed: https://review.openstack.org/20519
Committed: http://github.com/openstack/quantum/commit/dc3e446aeccdd784c480b094b9285a5618e1b607
Submitter: Jenkins
Branch: master

commit dc3e446aeccdd784c480b094b9285a5618e1b607
Author: Aaron Rosen <email address hidden>
Date: Fri Jan 25 11:30:18 2013 -0800

    Make get_security_groups() return security group rules

    In nova, get_security_groups() returns the security groups and their
    security group rules. In order to implement the security group proxy
    it needs to return this data to nova. This can be done using multiple
    requests from nova-api to quantum i.e: get_security_groups(), then
    get_security_group() for each group to obtain the rules. If one has a lot
    of security groups this will generate a lot of requests. Adding this change
    allows all the security groups and their rules to be returned in one shot.

    Fix bug 1105399

    Change-Id: Ib685960311221ac4e5fe0913c7e00e15ab74accb

Changed in quantum:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in quantum:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in quantum:
milestone: grizzly-3 → 2013.1
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.