Security groups not set when port instead of network selected

This is the intentional behavior of nova API.

When you see the list of request parameters of create-server API [1], the description of "networks.port" field says "Requested security groups are not applied to pre-existing ports."

[1] https://developer.openstack.org/api-ref/compute/#create-server

Please reopen.

If the nova API does not support it, it means that horizon should not allow you to select security groups if instead of a network, the user selects a pre-created port.

Horizon is created to give a user friendly interface to users, therefore guiding the user to create a properly working VM without knowing the API.

Not prompting any kind of error, it is very hard to understand what is going on on the VM, that once is created is un-accessible because of undefined security groups.

I reopened it.

Actually we can specify both a network and a port when launching a server.
I would like to see your more concrete suggestion on this.
- Do you want an error message when a user tries to create a server only with a port?
- What do you expect when "default" security group is selected (which is selected by default)? Do you expect a user to delete "default" security group explicitly? (If so, it means a user is forced to do an extra step.)

Many thanks,

The behaviour I would suggest is that once a port (and not a network) is selected, the possibility of setting up security group is disabled. If not possible, it would be nice having a message that warns the user while selecting the security groups, something such as "A network port has been selected. Security groups selection will be effective only after the VM is running and not at this point.

What do you think?

> The behaviour I would suggest is that once a port (and not a network) is selected, the possibility of setting up security group is disabled.

I think this prevents from specifying security groups when both networks and ports are specified as instance NICs.
Don't you see any usecases where both network and port are used?

> If not possible, it would be nice having a message that warns the user while selecting the security groups,

I think showing an error message makes sense. For example, you can see an error message in the network port tab when you select some port in the tab. you can see an error message in the security group tab when you have selected some network port(s).

> something such as "A network port has been selected. Security groups selection will be effective only after the VM is running and not at this point.

Regarding the error message, the above idea is a bit confusing. Security group selection is still effective for networks you select. perhaps the more precise description would be "Selected security groups will not applied to network ports selected and security groups associated with those ports will be kept. Selected security groups are still applied when you also select networks for vNIC.".