neutron

Unable to apply a single security group to port

Bug #1161078 reported by Ben Nemec on 2013-03-27

12

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	neutron	Invalid	Undecided	Brant Knudson
	python-neutronclient	Fix Released	Undecided	Akihiro Motoki	python-neutronclient 2.2.1-2.2.6

Bug Description

When I try to apply a single security group to a port, Quantum returns an error from the request. This is because the client passes a single security group as a string instead of a list, and Quantum tries to treat the string as a list. I have a fix for this, which will be submitted soon.

Example:

ubuntu@quantum:/opt/stack/quantum$ quantum port-update efdffe3c-c64c-466e-9f51-b70f3c9e95e6 --security_groups 057337f8-ea28-4aa8-b5d0-c35f9007d66f
Namespace(id='efdffe3c-c64c-466e-9f51-b70f3c9e95e6', no_security_groups=False, request_format='json')
Invalid input for operation: '0' is not an integer or uuid.

Tags:

Ben Nemec (bnemec) on 2013-03-27

Changed in quantum:
assignee:	nobody → Ben Nemec (bnemec)

Revision history for this message

Nachi Ueno (nati-ueno) wrote on 2013-03-27:

#1

Could you try this one? list=true is needed
quantum port-update efdffe3c-c64c-466e-9f51-b70f3c9e95e6 --security_groups list=true 057337f8-ea28-4aa8-b5d0-c35f9007d66f

Changed in quantum:
status:	New → Invalid

Revision history for this message

dan wendlandt (danwent) wrote on 2013-03-27:

#2

from a usability perspective, having to specify list=true is pretty crappy.

I like the approach take by nova when you specify nics, which is that if you need multiple nics, you specify --nic multiple times.

Revision history for this message

Ben Nemec (bnemec) wrote on 2013-03-27:

#3

Yes, list=true does fix the problem. Passing the security group id twice (e.g. --security_groups 057337f8-ea28-4aa8-b5d0-c35f9007d66f 057337f8-ea28-4aa8-b5d0-c35f9007d66f) also works around the problem.

However, a simple change will allow Quantum to handle it without any fuss. I'm just not cleared to submit it by our legal department so I have to find someone else here to do it for me. :-)

Revision history for this message

Nachi Ueno (nati-ueno) wrote on 2013-03-27:

#4

+1 for that usability change

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-03-28: Fix proposed to quantum (master)

#5

Fix proposed to branch: master
Review: https://review.openstack.org/25644

Changed in quantum:
assignee:	Ben Nemec (bnemec) → Brant Knudson (blk-u)
status:	Invalid → In Progress

Revision history for this message

Mark McClain (markmcclain) wrote on 2013-03-29:

#6

This is a bug in the client and not in the server. Adding the client project and dropping the server from the bug.

tags:	added: sg-fw
Changed in quantum:
status:	In Progress → Invalid

Revision history for this message

Akihiro Motoki (amotoki) wrote on 2013-03-29:

#7

I think it is better to add an "--security-group" option to the client.
This option can be specified multiple times if you want to associate multiple security groups with the port.

$ quantum port-update --security-group sg1 $port_id
$ quantum port-update --security-group sg1 --security-group sg2 $port_id

Changed in python-quantumclient:
assignee:	nobody → Akihiro Motoki (amotoki)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-03-29: Fix proposed to python-quantumclient (master)

#8

Fix proposed to branch: master
Review: https://review.openstack.org/25716

Changed in python-quantumclient:
status:	New → In Progress

Revision history for this message

Ben Nemec (bnemec) wrote on 2013-05-08:

#9

Hi Akihiro,

Would you be willing to restore this change? Hopefully it will get more love from the core reviewers now that the summit is over. :-)

Thanks.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-07-31: Fix merged to python-neutronclient (master)

#10

Reviewed: https://review.openstack.org/25716
Committed: http://github.com/openstack/python-neutronclient/commit/bc99eca8cd30e9224d98df2b47a89941fd959aae
Submitter: Jenkins
Branch: master

commit bc99eca8cd30e9224d98df2b47a89941fd959aae
Author: Akihiro MOTOKI <email address hidden>
Date: Fri Mar 29 23:33:38 2013 +0900

Add --security-group option to port-update

port-update --security_groups list=true ... is not user-friendly.

    This commit also changes the followings:
    - Add --no-security-groups options to port-create for consistency.
    - Make --security-group and --no-security-groups mutual-exclusive
      to prevent both options specified at the same time.

Change-Id: Ibfe165a0cbdfb0eb582784c80a3371de33108fdb

Changed in python-neutronclient:
status:	In Progress → Fix Committed

Akihiro Motoki (amotoki) on 2014-08-30

Changed in python-neutronclient:
milestone:	none → 2.2.1-2.2.6
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.