Security Group Rules can only be specified in one direction

Bug #1325736 reported by Matt on 2014-06-02
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Wishlist
Unassigned
OpenStack Dashboard (Horizon)
Wishlist
Vivek

Bug Description

It might save users potentially a lot of time if instead of only offering an INGRESS and an EGRESS direction, if they could specify a BOTH direction. Whenever someone needs to enter both an ingress and egress rule for the same port they have to enter it twice, remembering all of the information they need (since it can't be cloned). If they forget to flip the direction the second time from the default value, it'll error out as a duplicate and they'll have to try a third time. If they messed up the second rule, there's no edit, so they would have to delete it if they got a value wrong and do it all over again.

It would be awesome if the UI allowed for specifying both an ingress and egress rule at the same time, even if all it did was create the ingress and egress rows and put them in the table, at least they'd be guaranteed to have the same configuration.

Matt (mreid) wrote :

Adding in neutron and nova since this seems like a similar issue to https://bugs.launchpad.net/horizon/+bug/1326124 and that's how my other bug was labelled.

tags: removed: low-hanging-fruit
tags: added: api
Changed in neutron:
importance: Undecided → Wishlist
status: New → Confirmed
tags: added: sg-fw
Changed in nova:
status: New → Confirmed
importance: Undecided → Wishlist
Changed in horizon:
importance: Undecided → Wishlist
Changed in horizon:
assignee: nobody → Nikunj Aggarwal (nikunj2512)
Changed in horizon:
assignee: Nikunj Aggarwal (nikunj2512) → nobody
Elena Ezhova (eezhova) on 2014-12-09
Changed in neutron:
assignee: nobody → Elena Ezhova (eezhova)

Fix proposed to branch: master
Review: https://review.openstack.org/140676

Changed in neutron:
status: Confirmed → In Progress

Fix proposed to branch: master
Review: https://review.openstack.org/141039

Changed in python-neutronclient:
assignee: nobody → Elena Ezhova (eezhova)
status: New → In Progress
Elena Ezhova (eezhova) wrote :

Hi Matt, could you please provide an example of a probable use case when a user might need to specify a BOTH direction when creating a security group rule?

Matt (mreid) wrote :

Elena: Back when I filed this, that was how the documentation was written for setting up CloudForms on OpenStack, if you wanted to ensure the proper ports were opened. Looking at the documentation now, it doesn't mention direction anymore, but at the time, there were many that were specified as BOTH, and I had to create two rules for each one, as I could only do INGRESS and EGRESS through the Horzion UI, and I couldn't find a way to specify direction through the nova network CLI command.

https://access.redhat.com/documentation/en-US/CloudForms/3.1/html/Installing_CloudForms_on_Red_Hat_OpenStack_Platform/sect-Security.html

Vivek (viveks-singh) on 2015-01-12
Changed in horizon:
assignee: nobody → Vivek (viveks-singh)

Change abandoned by Elena Ezhova (<email address hidden>) on branch: master
Review: https://review.openstack.org/140676
Reason: There is no really important usecase for this change.

Change abandoned by Elena Ezhova (<email address hidden>) on branch: master
Review: https://review.openstack.org/141039
Reason: There is no really important usecase for this change.

Elena Ezhova (eezhova) on 2015-01-13
Changed in python-neutronclient:
status: In Progress → Opinion
Changed in neutron:
status: In Progress → Opinion
no longer affects: neutron
no longer affects: python-neutronclient
Sean Dague (sdague) wrote :

Closing an a possible, though unlikely future feature

Changed in nova:
status: Confirmed → Opinion
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers