cannot list "default" security group with Neutron API
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Won't Fix
|
Undecided
|
yanpuqing |
Bug Description
Copying from mailing list so it doesn't get lost: http://
Hello,
I'm trying to add some rules to the "default" security group of a
newly-created project, using the Neutron API 2.0.
However, it seems that the "default" security group is automatically
created but it is not returned by Neutron client's
`list_security_
security group name other than "default".
This is an example interaction, which shows that there is no security
group returned for the project::
>>> project.id
u'b26ed1aa2
>>> response = self.neutron.
>>> secgroups = response[
>>> all_sg_ids = [(sg['id'], sg['tenant_id']) for sg in secgroups]
>>> all_sg_ids
[(u'
>>> len(all_sg_ids)
17
>>> project_sg_ids = [(sg['id'], sg['tenant_id']) for sg in secgroups if sg['tenant_id'] == project.id]
>>> project_sg_ids
[]
Shouldn't the "default" security group be listed there?
In more details, this is the code I'm using (which, again, works as
expected if I use any security group name other than "default")::
class Projects(object):
def __init__(self):
# ...
# ...
def create(self, form):
domain = self.keystone.
project = self.keystone.
# ...
)
try:
})
except Conflict:
# security group already exists, fetch it
# `find_security_
# for `list_security_
# ... do something with the sec group ...
What am I doing wrong?
Thanks,
Riccardo
Changed in neutron: | |
assignee: | nobody → yanpuqing (ycx) |
tags: | added: api sg-fw |
My initial triage:
This sounds like it may be a bug. My guess is that when we switched to project ID a hook was not updated to create the default security group when a project ID is passed instead of a tenant ID (this logic [1] in particular).
1. https:/ /github. com/openstack/ neutron/ blob/71d9aab87e 37b5162ef09b8cb e3b72709fc88a8b /neutron/ db/securitygrou ps_db.py# L146-L153