Confusing interpretation of default security group in dashboard
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Dashboard (Horizon) |
Fix Released
|
Low
|
Kanchan Gupta |
Bug Description
Description of problem:
Default security group in OpenStack are shown in Compute > Access & Security:
Direction / Ether Type / IP Protocol / Port Range / Remote
Egress IPv4 Any - 0.0.0.0/0 (CIDR)
Ingress IPv4 Any - default
I thought that it means that all traffic is enabled by default. Later I find the hard way that it actually means that inbound traffic is allowed on all ports from other instances that are using the 'default' security group.
I asked two other randomly chosen colleagues in my office, how they would interpret this entries. Both state that they think that all traffic is enabled by default.
I would suggest to display "None" (or "only from same security group)" instead of "-" when port_range_max and port_range_min are Null in database.
Or you may even consult that with UX designer (who I am not).
Version-Release number of selected component (if applicable):
python-
How reproducible:
deterministic
Steps to Reproduce:
1. ask some user who does not work with Horizon everyday.
Actual results:
users are confused
Expected results:
user are not confused
tags: | added: nova |
description: | updated |
Changed in horizon: | |
assignee: | nobody → Kanchan Gupta (kanchan-gupta1) |
Changed in horizon: | |
assignee: | Kanchan Gupta (kanchan-gupta1) → tcs_openstack_group (tcs-openstack-group) |
assignee: | tcs_openstack_group (tcs-openstack-group) → Kanchan Gupta (kanchan-gupta1) |
Changed in horizon: | |
status: | Confirmed → In Progress |
Changed in horizon: | |
milestone: | none → kilo-3 |
status: | Fix Committed → Fix Released |
Changed in horizon: | |
milestone: | kilo-3 → 2015.1.0 |
Agreed that it is not immediately obvious that Remote value of default refers to a security group rather than some kind of default setting. The underlying 'nova secgroup- list-rules' command is actually clearer about this, with separate columns for 'IP Range' and 'Source Group'. Another option may be to more clearly indicate when the value refers to a security group, such as "default (group)".