Bug 1395504 - Horizon is adding wrong security groups to ports
Summary: Horizon is adding wrong security groups to ports
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: python-django-horizon
Version: 8.0 (Liberty)
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: Upstream M1
: 13.0 (Queens)
Assignee: Beth White
QA Contact: Radomir Dopieralski
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-11-16 04:00 UTC by Chen
Modified: 2020-01-17 16:11 UTC (History)
9 users (show)

Fixed In Version: python-django-horizon-13.0.0-0.20180123104755.5ccfe81.el7ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-06-27 13:26:39 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Launchpad 1637444 None None None 2016-12-12 15:34:48 UTC
OpenStack gerrit 404178 None MERGED Support security groups association per port 2020-05-27 02:25:35 UTC
OpenStack gerrit 451620 None MERGED Refactor the current UpdatePort form to workflow version 2020-05-27 02:25:35 UTC
Red Hat Product Errata RHEA-2018:2086 None None None 2018-06-27 13:28:35 UTC

Description Chen 2016-11-16 04:00:34 UTC
Description of problem:

Horizon is adding wrong security groups to ports

Version-Release number of selected component (if applicable):

OSP 8

How reproducible:

100%

Steps to Reproduce:


1 Create security group

$ neutron security-group-create sg-1
$ neutron security-group-create sg-2
$ neutron security-group-create sg-3

2 Create port with the security group 

$ neutron port-create --name port-1 --security-group sg-1 test-network
$ neutron port-create --name port-2 --security-group sg-2 test-network
$ neutron port-create --name port-3 --security-group sg-3 test-network

$ neutron port-show port-1 -c security_groups -c id
+-----------------+--------------------------------------+
| Field           | Value                                |
+-----------------+--------------------------------------+
| id              | 008e98cc-ebbf-4549-9ed0-a362d35f7fcb |
| security_groups | af8190fc-ad20-4b59-8dad-fc05bf84d9cd |
+-----------------+--------------------------------------+

$ neutron port-show port-2 -c security_groups -c id
+-----------------+--------------------------------------+
| Field           | Value                                |
+-----------------+--------------------------------------+
| id              | 9c07ec26-ba92-4a81-8030-8eaff23bbd7a |
| security_groups | 42a939a4-0b54-4f93-911d-4f95b62a75ba |
+-----------------+--------------------------------------+

$ neutron port-show port-3 -c security_groups -c id
+-----------------+--------------------------------------+
| Field           | Value                                |
+-----------------+--------------------------------------+
| id              | 9bc0fd19-3ec7-40a3-9347-146a3fe21398 |
| security_groups | 7eac294c-aa22-4396-a8c0-4b219ab8a006 |
+-----------------+--------------------------------------+

3 Create instance

$ nova boot \
    --image cirros \
    --flavor 2 \
    --nic port-id=008e98cc-ebbf-4549-9ed0-a362d35f7fcb \
    --nic port-id=9c07ec26-ba92-4a81-8030-8eaff23bbd7a \
    --nic port-id=9bc0fd19-3ec7-40a3-9347-146a3fe21398 \
    test-instance-1

4 Add security group "default" to "test-instance-1" with Horizon.

5 Show port details. Each port has sg-1, sg-2, sg-3 and default here.

$ neutron port-show port-1 -c security_groups -c id
+-----------------+--------------------------------------+
| Field           | Value                                |
+-----------------+--------------------------------------+
| id              | 008e98cc-ebbf-4549-9ed0-a362d35f7fcb |
| security_groups | 42a939a4-0b54-4f93-911d-4f95b62a75ba |
|                 | 7eac294c-aa22-4396-a8c0-4b219ab8a006 |
|                 | af8190fc-ad20-4b59-8dad-fc05bf84d9cd |
|                 | cefc8530-b658-4090-989e-f7f5c217c0e8 |
+-----------------+--------------------------------------+

$ neutron port-show port-2 -c security_groups -c id
+-----------------+--------------------------------------+
| Field           | Value                                |
+-----------------+--------------------------------------+
| id              | 9c07ec26-ba92-4a81-8030-8eaff23bbd7a |
| security_groups | 42a939a4-0b54-4f93-911d-4f95b62a75ba |
|                 | 7eac294c-aa22-4396-a8c0-4b219ab8a006 |
|                 | af8190fc-ad20-4b59-8dad-fc05bf84d9cd |
|                 | cefc8530-b658-4090-989e-f7f5c217c0e8 |
+-----------------+--------------------------------------+

$ neutron port-show port-3 -c security_groups -c id
+-----------------+--------------------------------------+
| Field           | Value                                |
+-----------------+--------------------------------------+
| id              | 9bc0fd19-3ec7-40a3-9347-146a3fe21398 |
| security_groups | 42a939a4-0b54-4f93-911d-4f95b62a75ba |
|                 | 7eac294c-aa22-4396-a8c0-4b219ab8a006 |
|                 | af8190fc-ad20-4b59-8dad-fc05bf84d9cd |
|                 | cefc8530-b658-4090-989e-f7f5c217c0e8 |
+-----------------+--------------------------------------+

Actual results:

All the ports are added "default","sg-[1-3]" security groups

Expected results:

Only "default" security group should be added to the ports but sg-[1-3] should be added to the ports.

Additional info:

Comment 1 Junko IKEDA 2016-11-16 04:15:55 UTC
Each port should have "default" and "sg-1/2/3" which assigned when port-create.
Expected "neutron port-show":

$ neutron port-show port-1 -c security_groups -c id
+-----------------+--------------------------------------+
| Field           | Value                                |
+-----------------+--------------------------------------+
| id              | 008e98cc-ebbf-4549-9ed0-a362d35f7fcb |
| security_groups | af8190fc-ad20-4b59-8dad-fc05bf84d9cd |
|                 | cefc8530-b658-4090-989e-f7f5c217c0e8 |<-default
+-----------------+--------------------------------------+

$ neutron port-show port-2 -c security_groups -c id
+-----------------+--------------------------------------+
| Field           | Value                                |
+-----------------+--------------------------------------+
| id              | 9c07ec26-ba92-4a81-8030-8eaff23bbd7a |
| security_groups | 42a939a4-0b54-4f93-911d-4f95b62a75ba |
|                 | cefc8530-b658-4090-989e-f7f5c217c0e8 |<-default
+-----------------+--------------------------------------+

$ neutron port-show port-3 -c security_groups -c id
+-----------------+--------------------------------------+
| Field           | Value                                |
+-----------------+--------------------------------------+
| id              | 9bc0fd19-3ec7-40a3-9347-146a3fe21398 |
| security_groups | 7eac294c-aa22-4396-a8c0-4b219ab8a006 |
|                 | cefc8530-b658-4090-989e-f7f5c217c0e8 |<-default
+-----------------+--------------------------------------+

Comment 2 Chen 2016-12-08 09:17:26 UTC
Hi Radomir,

Do we have any progress on this bugzilla ?

Best Regards,
Chen

Comment 3 Radomir Dopieralski 2016-12-08 09:29:32 UTC
The bug has been triaged and is at the top of the queue, waiting for its turn.

Comment 7 Chen 2016-12-12 15:45:37 UTC
Hi Radomir,

Thank you for your great information.

I understand that OSP8 backport might be impossible at this stage. Is there any chance that OSP10 will include this feature ?

Best Regards,
Chen

Comment 8 Radomir Dopieralski 2016-12-13 09:47:08 UTC
We are not sure yet -- since the patch is still in review and can change before it is merged. Right now I don't see much technical problems backporting it to osp10 (since we are still relatively close to the release of osp10 and so the development has not diverged much), but I cannot promise anything.

Comment 9 Chen 2017-01-09 07:24:30 UTC
Hi Radomir,

It would appreciated if you got any news about this bugzilla.

Best Regards,
Chen

Comment 10 Radomir Dopieralski 2017-01-09 08:24:37 UTC
The patch upstream is still being reviewed. https://review.openstack.org/#/c/404178/

Comment 11 Chen 2017-03-15 14:34:48 UTC
Hi,

Do we have any news about this feature ?

Best Regards,
Chen

Comment 12 Radomir Dopieralski 2017-03-15 15:10:46 UTC
There are no particularly exciting news. The patch I linked to is being reviewed and improved upstream, being worked on by the original author. I'm unable to estimate when it would be finished.

Comment 13 Beth White 2017-11-16 11:55:44 UTC
Fixes for this bug have been merged to upstream master and so will make it into the OSP13 release.

Comment 19 errata-xmlrpc 2018-06-27 13:26:39 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:2086


Note You need to log in before you can comment on or make changes to this bug.