It may be worth updating setUpGlobalGroup so that it *checks* the existing global group, rather than just ensureGroup. I hadn't used the openstack provider for a long time (it seems since before this was fixed), so when I just bootstrapped and deployed a service, I found all ports were already exposed.
Turns out it was because the juju-openstack secgroup already existed. Destroying the environment, manually deleting the secgroups and retrying gave the correct secgroup with the groupid set as per the fix.
It may be worth updating setUpGlobalGroup so that it *checks* the existing global group, rather than just ensureGroup. I hadn't used the openstack provider for a long time (it seems since before this was fixed), so when I just bootstrapped and deployed a service, I found all ports were already exposed.
Turns out it was because the juju-openstack secgroup already existed. Destroying the environment, manually deleting the secgroups and retrying gave the correct secgroup with the groupid set as per the fix.