OpenStack Dashboard (Horizon)

Confusing interpretation of default security group in dashboard

Bug #1378878 reported by Miroslav Suchý
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Dashboard (Horizon)
Fix Released
Low
Kanchan Gupta
OpenStack Dashboard (Horizon) 2015.1.0 "kilo"

Bug Description

Description of problem:
Default security group in OpenStack are shown in Compute > Access & Security:

Direction / Ether Type / IP Protocol / Port Range / Remote
 Egress IPv4 Any - 0.0.0.0/0 (CIDR)
 Ingress IPv4 Any - default

I thought that it means that all traffic is enabled by default. Later I find the hard way that it actually means that inbound traffic is allowed on all ports from other instances that are using the 'default' security group.

I asked two other randomly chosen colleagues in my office, how they would interpret this entries. Both state that they think that all traffic is enabled by default.

I would suggest to display "None" (or "only from same security group)" instead of "-" when port_range_max and port_range_min are Null in database.
Or you may even consult that with UX designer (who I am not).

Version-Release number of selected component (if applicable):
python-django-horizon-2014.1.2-2.el7.centos.noarch

How reproducible:
deterministic

Steps to Reproduce:
1. ask some user who does not work with Horizon everyday.

Actual results:
users are confused

Expected results:
user are not confused

See original description
Tags: neutron nova ux
Gary W. Smith (gary-w-smith)
tags: added: nova
Gary W. Smith (gary-w-smith)
description: updated
Revision history for this message
Gary W. Smith (gary-w-smith) wrote :

Agreed that it is not immediately obvious that Remote value of default refers to a security group rather than some kind of default setting. The underlying 'nova secgroup-list-rules' command is actually clearer about this, with separate columns for 'IP Range' and 'Source Group'. Another option may be to more clearly indicate when the value refers to a security group, such as "default (group)".

Changed in horizon:
status: New → Confirmed
importance: Undecided → Low
Kanchan Gupta (kanchan-gupta1)
Changed in horizon:
assignee: nobody → Kanchan Gupta (kanchan-gupta1)
Kanchan Gupta (kanchan-gupta1)
Changed in horizon:
assignee: Kanchan Gupta (kanchan-gupta1) → tcs_openstack_group (tcs-openstack-group)
assignee: tcs_openstack_group (tcs-openstack-group) → Kanchan Gupta (kanchan-gupta1)
Revision history for this message
Akihiro Motoki (amotoki) wrote :

What we can do in Horizon side is to distinguish remote IP prefix and remote group more clearly.

My preference is to split "remote" column in the secgroup table into two columns (remote IP prefix and remote group). It would nice that unused cells are filled with '-' (or similar clear string).

tags: added: neutron
Revision history for this message
Liz Blanchard (lblanchard) wrote :

I agree with Gary and Akihiro. It would be great in my opinion to have two columns for this information. Remote IP Prefix and Remote Security Group. If there isn't a security group assigned, it could say "None" for the value. I think this would be most clear.

Kanchan Gupta (kanchan-gupta1)
Changed in horizon:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to horizon (master)

Fix proposed to branch: master
Review: https://review.openstack.org/161607

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to horizon (master)

Reviewed: https://review.openstack.org/161607
Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=7951d32f3f9e0af634ee867608aa95b87aad04f9
Submitter: Jenkins
Branch: master

commit 7951d32f3f9e0af634ee867608aa95b87aad04f9
Author: Kanchan Gupta <email address hidden>
Date: Thu Mar 5 11:29:41 2015 +0530

    Modified "remote" column in the secgroup table

    Replaced Remote column in the security group rule table with two
    columns "Remote IP Prefix" and "Remote Security Group" to provide
    clear details to the user.

    Closes-Bug: #1378878

    Change-Id: Id62c89c071db2d43b1186016d8c17337ecf5fb13

Changed in horizon:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in horizon:
milestone: none → kilo-3
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in horizon:
milestone: kilo-3 → 2015.1.0
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.