Hello: doesn't the security group object already contain a "is_default" field? I see in neutron/objects/securitygroup.py
class SecurityGroup(rbac_db.NeutronRbacObject):
# Version 1.0: Initial version
# Version 1.1: Add RBAC support
# Version 1.2: Added stateful support
# Version 1.3: Added support for remote_address_group_id in rules
# Version 1.4: Added support for normalized_cidr in rules
# Version 1.5: Make the shared field nullable
VERSION = '1.5'
# required by RbacNeutronMetaclass
rbac_db_cls = SecurityGroupRBAC
db_model = sg_models.SecurityGroup
fields = {
'id': common_types.UUIDField(),
'name': obj_fields.StringField(nullable=True), 'project_id': obj_fields.StringField(nullable=True),
'shared': obj_fields.BooleanField(nullable=True),
'stateful': obj_fields.BooleanField(default=True), 'is_default': obj_fields.BooleanField(default=False),
'rules': obj_fields.ListOfObjectsField( 'SecurityGroupRule', nullable=True
),
# NOTE(ihrachys): we don't include source_rules that is present in the
# model until we realize it's actually needed
As far as I understand this prevents the default SG from being deleted (even by the cloud admin). I think that what is missing here is a SG owner because now every user can delete other user created SGs too.
Hello: doesn't the security group object already contain a "is_default" field? I see in neutron/ objects/ securitygroup. py
class SecurityGroup( rbac_db. NeutronRbacObje ct): address_ group_id in rules
# Version 1.0: Initial version
# Version 1.1: Add RBAC support
# Version 1.2: Added stateful support
# Version 1.3: Added support for remote_
# Version 1.4: Added support for normalized_cidr in rules
# Version 1.5: Make the shared field nullable
VERSION = '1.5'
# required by RbacNeutronMeta class SecurityGroup
rbac_db_cls = SecurityGroupRBAC
db_model = sg_models.
fields = { types.UUIDField (), StringField( nullable= True),
'project_ id': obj_fields. StringField( nullable= True), BooleanField( nullable= True), BooleanField( default= True),
'is_default' : obj_fields. BooleanField( default= False), ListOfObjectsFi eld(
'SecurityG roupRule' , nullable=True
'id': common_
'name': obj_fields.
'shared': obj_fields.
'stateful': obj_fields.
'rules': obj_fields.
),
# NOTE(ihrachys): we don't include source_rules that is present in the
# model until we realize it's actually needed
As far as I understand this prevents the default SG from being deleted (even by the cloud admin). I think that what is missing here is a SG owner because now every user can delete other user created SGs too.