Bug 1281907

Summary: should not add default security group to quantum unless api-request had it
Product: Red Hat OpenStack Reporter: Stephen Gordon <sgordon>
Component: openstack-novaAssignee: Eoghan Glynn <eglynn>
Status: CLOSED CURRENTRELEASE QA Contact: nlevinki <nlevinki>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.0 (Kilo)CC: akarlsso, berrange, dasmith, eglynn, jdonohue, kchamart, sbauza, sbezverk, sferdjao, sgordon, srevivo, vromanso
Target Milestone: ---Keywords: ZStream
Target Release: 8.0 (Liberty)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-01-04 16:11:43 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1281573, 1191185, 1396157    

Description Stephen Gordon 2015-11-13 18:57:38 UTC 
Cloned from launchpad bug 1175464.

Description:

when booting an instance nova-api automatically adds a default security group if one is not specified, though we shouldn't be doing this and instead quantum should handle be handing this. This actually causes an issue for plugins that implement the port_security_api and have port_security_enabled=False on a network. 

https://github.com/openstack/nova/blob/master/nova/api/openstack/compute/contrib/security_groups.py#L498
https://github.com/openstack/nova/blob/master/nova/api/openstack/compute/contrib/security_groups.py#L511

Specification URL (additional information):

https://bugs.launchpad.net/nova/+bug/1175464
Comment 2 Eoghan Glynn 2015-11-24 16:53:37 UTC 
*** Bug 1284123 has been marked as a duplicate of this bug. ***
Comment 3 Sirius Rayner-Karlsson 2017-01-04 16:11:43 UTC 
As per e-mail discussion, closing currentrelease as this is in Newton/ROSP10. Double-checked with Joe Donohue as well and he's good.