[Security Groups] When using neutron CLI, if non-existing project is given when listing the SGs, a default SG is created

Bug #1896588 reported by Rodolfo Alonso
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Rodolfo Alonso

Bug Description

When using the Neutron CLI, if the SGs are listed and a project is passed (as filter), even if the project does not exist, a default SG is created for this project.

This is happening when the user has admin permissions.

Example: http://paste.openstack.org/show/798194/

This is not happening with the OSC because the filter parameters are tested. Example:
  stack@dev18:/opt/stack$ openstack security group list --project wrong_project_2
  No project with a name or ID of 'wrong_project_2' exists.

Checking if the project exists, when this argument is passed, is expensive (a call to keystone must be done). This is also happening only when using the deprecated Neutron CLI. Instead of making this check inline, I would propose an api-paste method to check, in any API call, the existence of the project if the argument is passed. This check can be disabled only removing this filter from the api-paste config.

Changed in neutron:
importance: Undecided → Low
Changed in neutron:
assignee: nobody → Rodolfo Alonso (rodolfo-alonso-hernandez)
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to neutron-tempest-plugin (master)

Related fix proposed to branch: master
Review: https://review.opendev.org/754390

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron

This issue was fixed in the openstack/neutron release candidate.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on neutron-tempest-plugin (master)

Change abandoned by "Slawek Kaplonski <email address hidden>" on branch: master
Review: https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/754390
Reason: This review is > 4 weeks without comment, and failed Zuul jobs the last time it was checked. We are abandoning this for now. Feel free to reactivate the review by pressing the restore button and leaving a 'recheck' comment to get fresh test results.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers