when I successfully define a security group with multiple CIDRs via api, I can only see the 1st CIDR shown in GUI (Horizon or Contrail).
To replicate:
Step1: at the config node, to find out the “fq_name”
curl -u admin:secret123 http://127.0.0.1:8095/projects | python -m json.tool
Step2: at the config node, to create a security group in contrail with multiple CIDRs:
root@neteng-lab-contrail1:~# curl -X POST -H "Content-Type: application/json; charset=UTF-8" -d '{"security-group": {"parent_type": "project", "fq_name": ["default-domain", "test123", "test2"], "security_group_entries": {"policy_rule": [{"protocol": "tcp", "dst_addresses": [{"subnet": {"ip_prefix": "208.22.56.74", "ip_prefix_len": 32}}, {"subnet": {"ip_prefix": "69.191.192.0", "ip_prefix_len": 24}}, {"subnet": {"ip_prefix": "206.156.53.143", "ip_prefix_len": 32}}], "dst_ports": [{"start_port": 8194, "end_port": 8198}], "src_ports": [{"start_port": 8194, "end_port": 8198}], "src_addresses": [{"security_group": "local"}], "ethertype":"IPv4"}, {"protocol": "udp", "src_addresses": [{"subnet": {"ip_prefix": "1.1.1.0", "ip_prefix_len": 24}}, {"subnet": {"ip_prefix": "2.2.2.0", "ip_prefix_len": 24}}], "src_ports": [{"start_port": 8194, "end_port": 8198}], "dst_ports": [{"start_port": 8194, "end_port": 8198}], "dst_addresses": [{"security_group": "local"}], "ethertype":"IPv4"}]}}}' -u admin:secret123 http://127.0.0.1:8095/security-groups
The system should automatically generate the response below:
{"security-group": {"fq_name": ["default-domain", "test123", "test2"], "parent_uuid": "49b09243-1706-44fa-af6c-f9e83b56ac7c", "parent_href": "http://127.0.0.1:8095/project/49b09243-1706-44fa-af6c-f9e83b56ac7c", "uuid": "e80ec9f4-c550-4355-8fd0-8dc7d02f1fd4", "href": "http://127.0.0.1:8095/security-group/e80ec9f4-c550-4355-8fd0-8dc7d02f1fd4", "name": "test2"}
Step 3: to verify this in terminal:
curl -u admin:secret123 http://127.0.0.1:8095/security-group/e80ec9f4-c550-4355-8fd0-8dc7d02f1fd4 | python -mjson.tool
The multiple CIDRs cannot be shown in Horizon or Contrail GUI.
Multiple CIDRs aren't openstack feature so aren't seen through Horizon.
Multiple CIDR's, VNs in rules for policy and SG in Contrail UI are being tracked separately