Security Group extension reads all Neutron ports for anything other that a single server
Bug #1228384 reported by
Phil Day
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
High
|
Phil Day | ||
Havana |
Fix Released
|
High
|
Yaguang Tang | ||
tempest |
Invalid
|
Medium
|
Unassigned |
Bug Description
Although https:/
SecurityGroupsO
list only contains one server, but in all other cases the current
code calls the Neutron driver in a way that makes it retrieve
all ports and security groups visible to the user.
For users with a Neutron admin role this retrieves all ports
and SecGroups in the system, which on a large system is a
major performance issue and often leads to client timeouts.
Normally these users have further qualified their query to a
specific tenant or host, or maybe just trying to get their own
list of servers.
Changed in nova: | |
assignee: | nobody → Phil Day (philip-day) |
description: | updated |
tags: | added: havana-rc-potential |
tags: | added: grizzly-backport-potential |
tags: |
added: havana-backport-potential removed: havana-rc-potential |
Changed in nova: | |
milestone: | none → icehouse-1 |
Changed in nova: | |
status: | Fix Committed → Fix Released |
Changed in tempest: | |
importance: | Undecided → Medium |
status: | New → Confirmed |
Changed in nova: | |
importance: | Undecided → High |
tags: | removed: havana-backport-potential |
tags: | removed: grizzly-backport-potential |
Changed in nova: | |
milestone: | icehouse-1 → 2014.1 |
To post a comment you must log in.
Fix proposed to branch: master /review. openstack. org/47651
Review: https:/