removeSecurityGroup action returns 500 when there are multiple security groups with the same name
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
Undecided
|
Pavlo Shchelokovskyy |
Bug Description
according to OpenStack Compute api ref a security group name can be supplied in the request to remove a security group from the server.
Nova correctly handles a case of adding security group to a server when there are multiple security groups with the requested name and returns HTTP409 Conflict.
However it fails in the same scenario when removing security group from the server (for example when a security group with a duplicate name was added after server was created), returning HTTP500.
reproduce script for current DevStack/master
#!/usr/bin/env bash
set -ex
# repro on DevStack
export OS_CLOUD=devstack
TOKEN=$(openstack token issue -f value -c id)
# openstackclient catalog list/show are not very bash-friendly, only with jq :-/
computeapi=
# adjust image, flavor and network to your liking
serverid=
openstack security group create dummy
openstack server add security group dummy dummy
openstack security group create dummy
# smart clients (openstackclient, openstacksdk) use some sort of pre-validation
# or name-to-id resolving first, so using raw curl to demonstrate.
curl -g -i --cacert "/opt/stack/
-X POST $computeapi/
-d '{"removeSecuri
-H "Content-Type: application/json" \
-H "X-Auth-Token: $TOKEN"
the last command returns
{"computeFault": {"code": 500, "message": "Unexpected API Error. Please report this at http://
The reason is that the logic handling such conflict was added to the security group adding code - but not to the removal one, see `nova/network/
methods `add_to_instance`
https:/
vs `remove_
https:/
the latter does not handle NeutronClientNo
Changed in nova: | |
assignee: | nobody → Pavlo Shchelokovskyy (pshchelo) |
status: | New → In Progress |
Changed in nova: | |
status: | In Progress → Fix Released |
This issue was fixed in the openstack/nova 23.0.0.0rc1 release candidate.