neutron

GET security group rule is missing description attribute

Bug #1945747 reported by Salvatore Orlando on 2021-10-01

This bug report is a duplicate of: Bug #1904188: Include standard attributes ID in OVO dictionaries to improve the OVN revision numbers operation. Edit Remove

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	New	Low	Unassigned

Bug Description

The description attribute is missed attribute in _make_security_group_rule_dict

Create sec group rule with desc

stack@bionic----------------------template:~/devstack$ openstack security group rule create --description "test rule" --remote-ip 0.0.0.0/0 --ingress ff57f76f-93a0-4bf3-b538-c88df40fdc40
/>------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
/>------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| 2021-10-01T06:35:50Z |
|
|
|
| 389eb45e-58ac-471c-b966-a3c8784009f7 |
| cloud='', project.domain_id='default', project.domain_name=, project.id='f2527eb734c745eca32b1dfbd9107563', project.name='admin', region_name='RegionOne', zone= |
|
|
|
| f2527eb734c745eca32b1dfbd9107563 |
|
|
|
|
| ff57f76f-93a0-4bf3-b538-c88df40fdc40 |
|
| 2021-10-01T06:35:50Z |
/>------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+

Example get (no description)

RESP BODY: {"security_group_rule": {"id": "389eb45e-58ac-471c-b966-a3c8784009f7", "tenant_id": "f2527eb734c745eca32b1dfbd9107563", "security_group_id": "ff57f76f-93a0-4bf3-b538-c88df40fdc40", "ethertype": "IPv4", "direction": "ingress", "protocol": null, "port_range_min": null, "port_range_max": null, "remote_ip_prefix": "0.0.0.0/0", "remote_group_id": null, "local_ip_prefix": null, "created_at": "2021-10-01T06:35:50Z", "updated_at": "2021-10-01T06:35:50Z", "revision_number": 0, "project_id": "f2527eb734c745eca32b1dfbd9107563"}}

Potential fix (patch applies to stable/ussuri, not master)

diff --git a/neutron/db/securitygroups_db.py b/neutron/db/securitygroups_db.py
index 28238358ae..0c848bbe38 100644
--- a/neutron/db/securitygroups_db.py
+++ b/neutron/db/securitygroups_db.py
@@ -655,6 +655,7 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase,

     def _make_security_group_rule_dict(self, security_group_rule, fields=None):
         res = {'id': security_group_rule['id'],
+ 'description': security_group_rule['description'],
                'tenant_id': security_group_rule['tenant_id'],
                'security_group_id': security_group_rule['security_group_id'],
                'ethertype': security_group_rule['ethertype'],

After patch description attribute is present

RESP BODY: {"security_group_rule": {"id": "389eb45e-58ac-471c-b966-a3c8784009f7", "description": "test rule", "tenant_id": "f2527eb734c745eca32b1dfbd9107563", "security_group_id": "ff57f76f-93a0-4bf3-b538-c88df40fdc40", "ethertype": "IPv4", "direction": "ingress", "protocol": null, "port_range_min": null, "port_range_max": null, "remote_ip_prefix": "0.0.0.0/0", "remote_group_id": null, "local_ip_prefix": null, "created_at": "2021-10-01T06:35:50Z", "updated_at": "2021-10-01T06:35:50Z", "revision_number": 0, "project_id": "f2527eb734c745eca32b1dfbd9107563"}}

Revision history for this message

Bence Romsics (bence-romsics) wrote on 2021-10-01:

Download full text (3.7 KiB)

Thank you for the bug report!

I believe on master this is fixed already:

Thank you for the bug report!

I believe on master this is fixed already:

$ project_id="$( openstack project show "$OS_PROJECT_NAME" | awk '/ id / { print $4 }' )"                                                                                                        
$ default_sg_id="$( neutron security-group-list --tenant-id "$project_id" | awk '/ default / { print $2 }' )"                                                                                     
neutron CLI is deprecated and will be removed in the Z cycle. Use openstack CLI instead.
$ openstack security group rule create --description "test rule" --remote-ip 0.0.0.0/0 --ingress $default_sg_id                                                                                  +-------------------------+--------------------------------------+
| Field                   | Value                                |
+-------------------------+--------------------------------------+
| created_at              | 2021-10-01T12:44:31Z                 |
| description             | test rule                            |
| direction               | ingress                              |
| ether_type              | IPv4                                 |
| id                      | 2025c3ff-7e5c-45df-9570-79c6a975d2fc |
| name                    | None                                 |
| port_range_max          | None                                 |
| port_range_min          | None                                 |
| project_id              | 60ff14d073834c05b8f02d1d219977a0     |
| protocol                | None                                 |
| remote_address_group_id | None                                 |
| remote_group_id         | None                                 |
| remote_ip_prefix        | 0.0.0.0/0                            |
| revision_number         | 0                                    |
| security_group_id       | 1dc8dd93-9809-411d-882b-3577f68a52a1 |
| tags                    | []                                   |
| updated_at              | 2021-10-01T12:44:31Z                 |
+-------------------------+--------------------------------------+
$ openstack security group rule show 2025c3ff-7e5c-45df-9570-79c6a975d2fc
+-------------------------+--------------------------------------+
| Field                   | Value                                |
+-------------------------+--------------------------------------+
| created_at              | 2021-10-01T12:44:31Z                 |
| description             | test rule                            |
| direction               | ingress                              |
| ether_type              | IPv4                                 |
| id                      | 2025c3ff-7e5c-45df-9570-79c6a975d2fc |
| name                    | None                                 |
| port_range_max          | None                                 |
| port_range_min          | None                                 |
| project_id              | 60ff14d073834c05b8f02d1d219977a0     |
| protocol                | None                                 |
| remote_address_group_id | None                                 |
| remote_group_id         | None                                 |
| remote_ip_prefix        | 0.0.0.0/0                            |
| revision_number         | 0                                    |
| security_group_id       | 1dc8dd93-9809-411d-882b-3577f68a52a1 |
| tags                    | []                                   |
| updated_at              | 2021-10-01T12:44:31Z                 |
+-------------------------+--------------------------------------+

Thid bug may easily be a duplicate of this:
https://bugs.launchpad.net/neutron/+bug/1904188

fixed here:
https://review.opendev.org/c/openstack/neutron/+/762692

Revision history for this message

Bence Romsics (bence-romsics) wrote on 2021-10-04:

I am marking this as duplicate. Let me know if you think differently. Also don't hesitate to propose a backport to stable/ussuri.

Revision history for this message

Salvatore Orlando (salvatore-orlando) wrote on 2021-10-07:

Many thanks for promptly looking at my bug report. This may be indeed a duplicate of https://bugs.launchpad.net/bugs/1904188.

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #1904188 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.