OpenStack Compute (nova)

Limitation in security group rules

Bug #900031 reported by Andrea Frittoli
18
This bug affects 3 people
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Fix Released
Wishlist
MotoKen
OpenStack Compute (nova) 2012.1 "essex"

Bug Description

When creating security group rules using groups as source, only one rule per combination source group / destination groups is allowed.
Example:

$ nova secgroup-add-group-rule --ip_proto tcp --from_port 80 --to_port 80 webservers default
$ nova secgroup-list-rules webservers
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp | 22 | 22 | 0.0.0.0/0 | |
| tcp | 80 | 80 | | default |
+-------------+-----------+---------+-----------+--------------+

$ nova secgroup-add-group-rule --ip_proto tcp --from_port 81 --to_port 81 webservers default
This rule already exists in group 695 (HTTP 400)

Thierry Carrez (ttx)
Changed in nova:
importance: Undecided → Wishlist
status: New → Confirmed
tags: added: security-groups
Revision history for this message
Rupak Ganguly (rupakg) wrote :

Can't you just specify the range as 80 to 81 like so:

nova secgroup-add-group-rule --ip_proto tcp --from_port 80 --to_port 81 webservers default

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/3569

Changed in nova:
assignee: nobody → MotoKen (motokentsai)
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (master)

Reviewed: https://review.openstack.org/3569
Committed: http://github.com/openstack/nova/commit/ba21072a43183388e53f47bcdac074cb6246ed83
Submitter: Jenkins
Branch: master

commit ba21072a43183388e53f47bcdac074cb6246ed83
Author: MotoKen <email address hidden>
Date: Tue Jan 31 15:35:02 2012 +0800

    Correct checking existence of security group rule

    Fixes bug #900031

    Change-Id: I4194610ce53d1c74bd99b6878339da6e0b6a3a73

Changed in nova:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in nova:
milestone: none → essex-4
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in nova:
milestone: essex-4 → 2012.1
John Tran (jtran)
tags: added: diablo-backport
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (stable/diablo)

Fix proposed to branch: stable/diablo
Review: https://review.openstack.org/9065

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (stable/diablo)

Reviewed: https://review.openstack.org/9065
Committed: http://github.com/openstack/nova/commit/ba5d146a3e338e107abbce7a31fd0b365f70c444
Submitter: Jenkins
Branch: stable/diablo

commit ba5d146a3e338e107abbce7a31fd0b365f70c444
Author: MotoKen <email address hidden>
Date: Tue Jan 31 15:35:02 2012 +0800

    Correct checking existence of security group rule

    Fixes bug #900031

    Change-Id: I4194610ce53d1c74bd99b6878339da6e0b6a3a73

tags: added: in-stable-diablo
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.