OpenStack Heat

Security groups with rules don't work

Bug #1134193 reported by Lukas Barton on 2013-02-27

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Heat	Fix Released	High	Angus Salkeld	OpenStack Heat 2013.1 "grizzly"

Bug Description

heat/engine/resources/security_group.py is not compatible with current open-stack client

Here is the error from log:

var/log/syslog.2:Feb 25 15:19:56 devstack-lukas 2013-02-25 15:19:56 ERROR [heat.engine.resource] create SecurityGroup "InstanceSecurityGroup"#012Traceback (most recent call last):#012 File "/opt/stack/heat/heat/engine/resource.py", line 290, in create#012 self.handle_create()#012 File "/opt/stack/heat/heat/engine/resources/security_group.py", line 41, in handle_create#012 if group['name'] == self.physical_resource_name():#012TypeError: 'SecurityGroup' object has no attribute '__getitem__'
/var/log/syslog.2:Feb 25 16:28:45 devstack-lukas 2013-02-25 16:28:45 ERROR [heat.engine.resource] create SecurityGroup "InstanceSecurityGroup"#012Traceback (most recent call last):#012 File "/opt/stack/heat/heat/engine/resource.py", line 290, in create#012 self.handle_create()#012 File "/opt/stack/heat/heat/engine/resources/security_group.py", line 50, in handle_create#012 self.resource_id_set(sec['id'])#012TypeError: 'SecurityGroup' object has no attribute '__getitem__'

Here is the template fragment:

    "InstanceSecurityGroup" : {
      "Type" : "AWS::EC2::SecurityGroup",
      "Properties" : {
        "GroupDescription" : "Enable HTTP access via port 80 plus SSH access",

        "SecurityGroupIngress" : [
          {"IpProtocol" : "icmp", "FromPort" : "-1", "ToPort" : "-1", "CidrIp" : "0.0.0.0/0"},
          {"IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "CidrIp" : "0.0.0.0/0"},
          {"IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : "0.0.0.0/0"}
        ]
      }
    },

Here is the fix:

diff --git a/heat/engine/resources/security_group.py b/heat/engine/resources/security_group.py
index 0c55e7a..c62dffa 100644
--- a/heat/engine/resources/security_group.py
+++ b/heat/engine/resources/security_group.py
@@ -38,7 +38,7 @@ class SecurityGroup(resource.Resource):

         groups = self.nova().security_groups.list()
         for group in groups:
- if group['name'] == self.physical_resource_name():
+ if group.name == self.physical_resource_name():
                 sec = group
                 break

@@ -47,12 +47,12 @@ class SecurityGroup(resource.Resource):
self.physical_resource_name(),
self.properties['GroupDescription'])

- self.resource_id_set(sec['id'])
+ self.resource_id_set(sec.id)
         if self.properties['SecurityGroupIngress']:
             rules_client = self.nova().security_group_rules
             for i in self.properties['SecurityGroupIngress']:
                 try:
- rule = rules_client.create(sec['id'],
+ rule = rules_client.create(sec.id,
                                                i['IpProtocol'],
                                                i['FromPort'],
                                                i['ToPort'],
@@ -75,7 +75,7 @@ class SecurityGroup(resource.Resource):
             except clients.novaclient.exceptions.NotFound:
                 pass
             else:
- for rule in sec['rules']:
+ for rule in sec.rules:
                     try:
                         self.nova().security_group_rules.delete(rule['id'])
                     except clients.novaclient.exceptions.NotFound:

Revision history for this message

Steven Dake (sdake) wrote on 2013-03-13:

patch inline - worth pulling into rc1

Changed in heat:
importance:	Undecided → High
status:	New → Triaged
milestone:	none → grizzly-rc1

Angus Salkeld (asalkeld) on 2013-03-13

Changed in heat:
assignee:	nobody → Angus Salkeld (asalkeld)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-03-13: Fix proposed to heat (master)

Fix proposed to branch: master
Review: https://review.openstack.org/24288

Changed in heat:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-03-13: Fix merged to heat (master)

Reviewed: https://review.openstack.org/24288
Committed: http://github.com/openstack/heat/commit/7149a817b023b5f731a79901af8de4ca671a0247
Submitter: Jenkins
Branch: master

commit 7149a817b023b5f731a79901af8de4ca671a0247
Author: Angus Salkeld <email address hidden>
Date: Wed Mar 13 17:16:20 2013 +1100

Fix security groups (need to be accessed as attributes)

bug 1134193
Thanks Lukas Barton for the patch in the bug.

Signed-off-by: Angus Salkeld <email address hidden>
Change-Id: I448ba76fcf47d4e02775ff8eca38897eb399a3cc

Changed in heat:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2013-03-19

Changed in heat:
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2013-04-04

Changed in heat:
milestone:	grizzly-rc1 → 2013.1

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.