Attaching a pre-existing port with port security_disabled on a network with port_security enabled fails
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
In Progress
|
Undecided
|
Unassigned |
Bug Description
Description
===========
Attaching a pre-existing port with port security_disabled on a network with port_security enabled which does not have any subnets fails. The port_security setting on the network should not be relevant in this case. It's only a default value for newly created port. For pre-existing ports the port_security setting on the port should be considered instead.
This fails because there is code to prohibit attaching to a network with port_security enabled which does not have a subnet. Because then it's not possible to attach security groups to the port. This is correct in case a port is actually created by Nova and the port_security set on the network is applied for the created port, but it's wrong for already existing ports. The port_security setting on the port should be considered instead.
Steps to reproduce
==================
* Create an instance
* Create a network with port security enabled
* Create a port on this network with port security disabled
* Try to attach the port to the instance
Note: No subnet was created on the network.
Expected result
===============
The port is attached to the instance.
Actual result
=============
The port fails to attach to the instance with this message:
Network requires port_security_
Fix proposed to branch: master /review. opendev. org/c/openstack /nova/+ /912478
Review: https:/