Bug 1395504

Summary: Horizon is adding wrong security groups to ports
Product: Red Hat OpenStack Reporter: Chen <cchen>
Component: python-django-horizonAssignee: Beth White <beth.white>
Status: CLOSED ERRATA QA Contact: Radomir Dopieralski <rdopiera>
Severity: medium Docs Contact:
Priority: medium    
Version: 8.0 (Liberty)CC: apannu, athomas, beth.white, ikedajnk, jschluet, kawamurayus, mrunge, rdopiera, srevivo
Target Milestone: Upstream M1Keywords: Triaged
Target Release: 13.0 (Queens)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: python-django-horizon-13.0.0-0.20180123104755.5ccfe81.el7ost Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-06-27 13:26:39 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Chen 2016-11-16 04:00:34 UTC
Description of problem:

Horizon is adding wrong security groups to ports

Version-Release number of selected component (if applicable):

OSP 8

How reproducible:

100%

Steps to Reproduce:


1 Create security group

$ neutron security-group-create sg-1
$ neutron security-group-create sg-2
$ neutron security-group-create sg-3

2 Create port with the security group 

$ neutron port-create --name port-1 --security-group sg-1 test-network
$ neutron port-create --name port-2 --security-group sg-2 test-network
$ neutron port-create --name port-3 --security-group sg-3 test-network

$ neutron port-show port-1 -c security_groups -c id
+-----------------+--------------------------------------+
| Field           | Value                                |
+-----------------+--------------------------------------+
| id              | 008e98cc-ebbf-4549-9ed0-a362d35f7fcb |
| security_groups | af8190fc-ad20-4b59-8dad-fc05bf84d9cd |
+-----------------+--------------------------------------+

$ neutron port-show port-2 -c security_groups -c id
+-----------------+--------------------------------------+
| Field           | Value                                |
+-----------------+--------------------------------------+
| id              | 9c07ec26-ba92-4a81-8030-8eaff23bbd7a |
| security_groups | 42a939a4-0b54-4f93-911d-4f95b62a75ba |
+-----------------+--------------------------------------+

$ neutron port-show port-3 -c security_groups -c id
+-----------------+--------------------------------------+
| Field           | Value                                |
+-----------------+--------------------------------------+
| id              | 9bc0fd19-3ec7-40a3-9347-146a3fe21398 |
| security_groups | 7eac294c-aa22-4396-a8c0-4b219ab8a006 |
+-----------------+--------------------------------------+

3 Create instance

$ nova boot \
    --image cirros \
    --flavor 2 \
    --nic port-id=008e98cc-ebbf-4549-9ed0-a362d35f7fcb \
    --nic port-id=9c07ec26-ba92-4a81-8030-8eaff23bbd7a \
    --nic port-id=9bc0fd19-3ec7-40a3-9347-146a3fe21398 \
    test-instance-1

4 Add security group "default" to "test-instance-1" with Horizon.

5 Show port details. Each port has sg-1, sg-2, sg-3 and default here.

$ neutron port-show port-1 -c security_groups -c id
+-----------------+--------------------------------------+
| Field           | Value                                |
+-----------------+--------------------------------------+
| id              | 008e98cc-ebbf-4549-9ed0-a362d35f7fcb |
| security_groups | 42a939a4-0b54-4f93-911d-4f95b62a75ba |
|                 | 7eac294c-aa22-4396-a8c0-4b219ab8a006 |
|                 | af8190fc-ad20-4b59-8dad-fc05bf84d9cd |
|                 | cefc8530-b658-4090-989e-f7f5c217c0e8 |
+-----------------+--------------------------------------+

$ neutron port-show port-2 -c security_groups -c id
+-----------------+--------------------------------------+
| Field           | Value                                |
+-----------------+--------------------------------------+
| id              | 9c07ec26-ba92-4a81-8030-8eaff23bbd7a |
| security_groups | 42a939a4-0b54-4f93-911d-4f95b62a75ba |
|                 | 7eac294c-aa22-4396-a8c0-4b219ab8a006 |
|                 | af8190fc-ad20-4b59-8dad-fc05bf84d9cd |
|                 | cefc8530-b658-4090-989e-f7f5c217c0e8 |
+-----------------+--------------------------------------+

$ neutron port-show port-3 -c security_groups -c id
+-----------------+--------------------------------------+
| Field           | Value                                |
+-----------------+--------------------------------------+
| id              | 9bc0fd19-3ec7-40a3-9347-146a3fe21398 |
| security_groups | 42a939a4-0b54-4f93-911d-4f95b62a75ba |
|                 | 7eac294c-aa22-4396-a8c0-4b219ab8a006 |
|                 | af8190fc-ad20-4b59-8dad-fc05bf84d9cd |
|                 | cefc8530-b658-4090-989e-f7f5c217c0e8 |
+-----------------+--------------------------------------+

Actual results:

All the ports are added "default","sg-[1-3]" security groups

Expected results:

Only "default" security group should be added to the ports but sg-[1-3] should be added to the ports.

Additional info:

Comment 1 Junko IKEDA 2016-11-16 04:15:55 UTC
Each port should have "default" and "sg-1/2/3" which assigned when port-create.
Expected "neutron port-show":

$ neutron port-show port-1 -c security_groups -c id
+-----------------+--------------------------------------+
| Field           | Value                                |
+-----------------+--------------------------------------+
| id              | 008e98cc-ebbf-4549-9ed0-a362d35f7fcb |
| security_groups | af8190fc-ad20-4b59-8dad-fc05bf84d9cd |
|                 | cefc8530-b658-4090-989e-f7f5c217c0e8 |<-default
+-----------------+--------------------------------------+

$ neutron port-show port-2 -c security_groups -c id
+-----------------+--------------------------------------+
| Field           | Value                                |
+-----------------+--------------------------------------+
| id              | 9c07ec26-ba92-4a81-8030-8eaff23bbd7a |
| security_groups | 42a939a4-0b54-4f93-911d-4f95b62a75ba |
|                 | cefc8530-b658-4090-989e-f7f5c217c0e8 |<-default
+-----------------+--------------------------------------+

$ neutron port-show port-3 -c security_groups -c id
+-----------------+--------------------------------------+
| Field           | Value                                |
+-----------------+--------------------------------------+
| id              | 9bc0fd19-3ec7-40a3-9347-146a3fe21398 |
| security_groups | 7eac294c-aa22-4396-a8c0-4b219ab8a006 |
|                 | cefc8530-b658-4090-989e-f7f5c217c0e8 |<-default
+-----------------+--------------------------------------+

Comment 2 Chen 2016-12-08 09:17:26 UTC
Hi Radomir,

Do we have any progress on this bugzilla ?

Best Regards,
Chen

Comment 3 Radomir Dopieralski 2016-12-08 09:29:32 UTC
The bug has been triaged and is at the top of the queue, waiting for its turn.

Comment 7 Chen 2016-12-12 15:45:37 UTC
Hi Radomir,

Thank you for your great information.

I understand that OSP8 backport might be impossible at this stage. Is there any chance that OSP10 will include this feature ?

Best Regards,
Chen

Comment 8 Radomir Dopieralski 2016-12-13 09:47:08 UTC
We are not sure yet -- since the patch is still in review and can change before it is merged. Right now I don't see much technical problems backporting it to osp10 (since we are still relatively close to the release of osp10 and so the development has not diverged much), but I cannot promise anything.

Comment 9 Chen 2017-01-09 07:24:30 UTC
Hi Radomir,

It would appreciated if you got any news about this bugzilla.

Best Regards,
Chen

Comment 10 Radomir Dopieralski 2017-01-09 08:24:37 UTC
The patch upstream is still being reviewed. https://review.openstack.org/#/c/404178/

Comment 11 Chen 2017-03-15 14:34:48 UTC
Hi,

Do we have any news about this feature ?

Best Regards,
Chen

Comment 12 Radomir Dopieralski 2017-03-15 15:10:46 UTC
There are no particularly exciting news. The patch I linked to is being reviewed and improved upstream, being worked on by the original author. I'm unable to estimate when it would be finished.

Comment 13 Beth White 2017-11-16 11:55:44 UTC
Fixes for this bug have been merged to upstream master and so will make it into the OSP13 release.

Comment 19 errata-xmlrpc 2018-06-27 13:26:39 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:2086