Bug 1777933

Summary: [RFE] Bulk security group rules creation
Product: Red Hat OpenStack Reporter: Luis Tomas Bolivar <ltomasbo>
Component: openstack-neutronAssignee: OSP Team <rhos-maint>
Status: CLOSED MIGRATED QA Contact: Eran Kuris <ekuris>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 16.0 (Train)CC: amoralej, chrisw, mtomaska, scohen, skaplons
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-10-20 19:12:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Luis Tomas Bolivar 2019-11-28 17:48:12 UTC 
Kubernetes allows to fine-tune the access to the pods/containers by using Network Policies. When using Kuryr and running OpenShift on top of OpenStack, Network Policies are implemented through Neutron security groups and security group rules. Each Network Policy creates one security group. And depending on the Network Policy spec, as well as the existing pods, namespaces and their labels, more or less security group rules will be added to that security group.

It imposes extra load on Neutron (as well as time waste) to have to call the Neutron API to create each of the SG rules one by one. It would be great to have a 'bulk rule create' type where you can request many at once, similar to what is already there for ports or attaching ports to a trunk.