authorize source security group fails with euca2ools 1.2
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
using euca2ools 1.2 & boto 1.9b:
euca-authorize -P tcp -p 22 -o default default
GROUP default
PERMISSION default ALLOWS GRPNAME default
2011-08-15 20:44:15,509 AUDIT nova.api [dc8368c1-
2011-08-15 20:44:15,509 DEBUG nova.api [-] action: AuthorizeSecuri
2011-08-15 20:44:15,509 DEBUG nova.api [-] arg: GroupName val: default from (pid=14412) __call__ /tmp/remove-
2011-08-15 20:44:15,509 DEBUG nova.api [-] arg: SourceSecurityG
2011-08-15 20:44:15,543 AUDIT nova.api.cloud [dc8368c1-
Using euca2ools 1.3 & boto 1.9b:
euca-authorize -P tcp -p 22 -o default default
default default None tcp 22 22 None
GROUP default
PERMISSION default ALLOWS tcp 22 22 GRPNAME default
2011-08-15 20:55:46,005 AUDIT nova.api [ea02e233-
2011-08-15 20:55:46,005 DEBUG nova.api [-] action: AuthorizeSecuri
2011-08-15 20:55:46,005 DEBUG nova.api [-] arg: GroupName val: default from (pid=14412) __call__ /tmp/remove-
2011-08-15 20:55:46,005 DEBUG nova.api [-] arg: ToPort val: 22 from (pid=14412) __call__ /tmp/remove-
2011-08-15 20:55:46,006 DEBUG nova.api [-] arg: FromPort val: 22 from (pid=14412) __call__ /tmp/remove-
2011-08-15 20:55:46,006 DEBUG nova.api [-] arg: SourceSecurityG
2011-08-15 20:55:46,006 DEBUG nova.api [-] arg: IpProtocol val: tcp from (pid=14412) __call__ /tmp/remove-
Euca2ools 1.2 doesn't pass in other data when source group is specified. Not sure if this is because this is how ec2 actually used to work or if it is just a bug.
For now we should probably put Euca2ools 1.3 into the ppa so people don't run into it. We should also either:
a) return an error message if no other information is provided other than source group
or
b) make no other information create an allow all from gorup rule
Anyone know how aws works in this regard?
euca-authorize in euca2ools 1.2 has these offending lines in it that cause this problem ------- ------- ------- ------- ------- ------- - ------- ------- ------- ------- ------- ------- -
-------
if source_group_name:
from_port = None
to_port = None
protocol = None
-------