Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1142536

Summary: Dashboard doesn't adequately list the security groups.
Product: Red Hat OpenStack Reporter: Summer Long <slong>
Component: python-django-horizonAssignee: Matthias Runge <mrunge>
Status: CLOSED CURRENTRELEASE QA Contact: Ido Ovadia <iovadia>
Severity: low Docs Contact:
Priority: low    
Version: 5.0 (RHEL 7)CC: aortega, athomas, mrunge, nbarcet, slong, srevivo
Target Milestone: ---Keywords: Triaged
Target Release: 7.0 (Kilo)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: python-django-horizon-2015.1.2-4.el7ost Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-05-12 13:40:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Security group - id in header none

Description Summer Long 2014-09-17 01:26:39 UTC 
Description of problem:
With a default all-in-one installation, 2 security groups named 'default' are created.

However, there is no way to see which 'default' is the project's (demo or admin), because no ID is displayed on the dashboard. I had to add rules to both groups, to see which one would pop up on the display.

Version-Release number of selected component (if applicable):
python-django-horizon.noarch 2014.1.2-1.el7ost

Steps to Reproduce:
1.Use 'packstack --allinone' to install OpenStack.
2.Run: neutron security-group-list. Two 'default' groups are displayed.
3.Look at the admin project dashboard (Compute > Access & Security -> Security Groups).

Actual results:
Can't see the ID of the project's group.

Expected results:
There should be some way to differentiate between security groups besides the name. Either put the ID on the project's group listing, or list all security groups/tenants on the admin tab?

Additional info:
Comment 2 Julie Pichon 2014-09-17 06:18:48 UTC 
The security groups should only be displayed for the current project, you shouldn't see more than one. It sounds like a bug where either 2 security groups are created when there should only be one, or when logging in as an admin the 'security group list' call is not properly scoped to the project (there's been other bugs like this with Neutron before, where by default the admin would see all resources even without specifying an "all tenants" flag of some sort, e.g. https://bugs.launchpad.net/horizon/+bug/1226224 ).

A workaround to get the id would be to click on "Manage rules" for the group and look at the URL.

Could you clarify what goal you were trying to achieve?

Is the problem that 2 'default' groups are displayed in the CLI and only one in the dashboard? Or that there were 2 security groups displayed in the dashboard when logged in as admin, too? Or that there are 2 default groups on the CLI and some didn't belong to the current tenant/project, but in Horizon it's scoped correctly to show only one group? If the latter it sounds to me like this would be more of a neutron bug, whereby it should restrict to the current tenant by default or provide an option to do so.
Comment 3 Summer Long 2014-09-17 22:24:10 UTC 
Hi Julie, The original task was to do some networking on the command line as admin, and I couldn't see which group belonged to which project (have raised a neutron-client bug as well). So then I opened up the dashboard, and couldn't see it there either. When logged in as admin, it only shows the group assigned to the admin project, I can't see that of the demo project, nor can I see the ID of the group to sort out the difference. Does that make sense?
Comment 4 Julie Pichon 2014-09-18 00:50:41 UTC 
Thank you for the reply Summer! From the dashboard perspective, only showing the security groups for the current project is the expected behaviour. Could you provide a link to the neutron client bug for reference?

It seems to me that it should be down to the Neutron Client to show some project context when the user is an admin and showing resources across projects, and that explicitly adding that information to the dashboard is more of a workaround.

I'm a bit concerned about adding the id to the listing because this is not something we do for any of the panels in the project dashboard and it gives a bit of a cluttered feel. If the workaround of looking at the URL isn't appropriate, maybe we could add it to the "Manage Security Groups Rules" header, after the group name between parenthesis? (See screenshot for an example)
Comment 5 Julie Pichon 2014-09-18 00:51:28 UTC 
Created attachment 938699 [details]
Security group - id in header
Comment 6 Summer Long 2014-09-18 02:22:45 UTC 
I understand why you wouldn't want to add clutter to the listed view, adding it to the header when you're managing one would be great! And I guess I just thought it would also be good for the admin to have a view of all groups in the same way they can see all instances. (Sorry, am in the middle of re-doing installs so can't provide a screenshot.)
Comment 7 Julie Pichon 2014-09-18 05:00:46 UTC 
I filed a bug upstream about adding the id to the page title.

For now I'm not convinced of the use of adding a panel to list all the security groups in Horizon (or keypairs, etc...). There's no particular operation that an admin can perform on them and they're unlikely to give visibility into a problem affecting the system (e.g. instances might get stuck, volumes might take too much space, etc), that would require admin intervention. If the RFE comes back again I'll happily consider myself corrected of course, but for now I don't think there's a strong use case or a good enough justification to add yet another panel of data to the admin dashboard.
Comment 9 Matthias Runge 2015-04-20 09:11:20 UTC 
This is implemented in Kilo, marked this as post
Comment 10 Matthias Runge 2015-12-08 10:54:11 UTC 
It's a general kilo fix; there was not patch included compared to last RHOS-7 build. I simply missed this bug for the GA.