openstack security group rule create --protocol None test fails

Bug #1712540 reported by Valery Tschopp on 2017-08-23
14
This bug affects 3 people
Affects Status Importance Assigned to Milestone
python-openstackclient
In Progress
High
jython

Bug Description

It is not possible to create a security group rule for any protocol.

The command 'openstack security group rule create --protocol None test' fails:

  $ openstack security group rule create --protocol None test
  Error while executing command: Bad Request (HTTP 400) (Request-ID: req-02d41256-c224-4e0b-9ed2-be35c3c3054a)

openstack --version: 3.11.0

Debug output is attached.

Simon Leinen (simon-leinen) wrote :

Yes, this seems to be a regression. In the old client you could say "neutron security-group-rule-create" without a "--protocol" option, and you'd get a protocol-agnostic rule. But in the new client ("openstack security group rule create"), "--protocol" defaults to "TCP".

It is important to be able to easily restore a protocol-agnostic security group rule, for example when users remove rules from their instance of the "default" Security Group and later want to restore them (or have the operator restore them).

Akihiro Motoki (amotoki) wrote :

"openstack security group rule create" is provided by not python-neutronclient but python-openstackclient, so I changed the affected project.

affects: python-neutronclient → python-openstackclient
Akihiro Motoki (amotoki) wrote :

Yeah, this is completely a regression and misimpletation of neutron security group.

--no-protocol option looks like the way to follow OSC command option convention to allow users to leave *protocol* unspecified.

Changed in python-openstackclient:
status: New → Confirmed
importance: Undecided → High
assignee: nobody → Akihiro Motoki (amotoki)
jython (jython) on 2017-11-21
Changed in python-openstackclient:
assignee: Akihiro Motoki (amotoki) → jython (jython)
status: Confirmed → In Progress
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers