Bug 1395504 – Horizon is adding wrong security groups to ports

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1395504 - Horizon is adding wrong security groups to ports

Summary:	Horizon is adding wrong security groups to ports

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	python-django-horizon (Show other bugs)
Sub Component:
Version:	8.0 (Liberty)
Hardware:	Unspecified Unspecified

Priority	medium Severity medium
Target Milestone:	Upstream M1
Target Release:	13.0 (Queens)
Assigned To:	Beth Elwell
QA Contact:	Radomir Dopieralski
Docs Contact:

URL:
Whiteboard:
Keywords:	Triaged

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2016-11-15 23:00 EST by Chen
Modified:	2018-06-27 09:28 EDT (History)
CC List:	9 users (show)

See Also:
Fixed In Version:	python-django-horizon-13.0.0-0.20180123104755.5ccfe81.el7ost
Doc Type:	If docs needed, set a value
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2018-06-27 09:26:39 EDT
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Launchpad	1637444	None	None	None	2016-12-12 10:34 EST
OpenStack gerrit	404178	None	master: MERGED	horizon: Support security groups association per port (I96e0fafdffbf05b8167ec1b85f7430176fdaab90)	2018-02-07 09:17 EST
OpenStack gerrit	451620	None	master: MERGED	horizon: Refactor the current UpdatePort form to workflow version (Id42b311242b66ee25e8870ed86e45b5464e19c01)	2018-02-07 09:17 EST
Red Hat Product Errata	RHEA-2018:2086	None	None	None	2018-06-27 09:28 EDT

Groups: None (edit)

Description Chen 2016-11-15 23:00:34 EST

Description of problem:

Horizon is adding wrong security groups to ports

Version-Release number of selected component (if applicable):

OSP 8

How reproducible:

100%

Steps to Reproduce:


1 Create security group

$ neutron security-group-create sg-1
$ neutron security-group-create sg-2
$ neutron security-group-create sg-3

2 Create port with the security group 

$ neutron port-create --name port-1 --security-group sg-1 test-network
$ neutron port-create --name port-2 --security-group sg-2 test-network
$ neutron port-create --name port-3 --security-group sg-3 test-network

$ neutron port-show port-1 -c security_groups -c id
+-----------------+--------------------------------------+
| Field           | Value                                |
+-----------------+--------------------------------------+
| id              | 008e98cc-ebbf-4549-9ed0-a362d35f7fcb |
| security_groups | af8190fc-ad20-4b59-8dad-fc05bf84d9cd |
+-----------------+--------------------------------------+

$ neutron port-show port-2 -c security_groups -c id
+-----------------+--------------------------------------+
| Field           | Value                                |
+-----------------+--------------------------------------+
| id              | 9c07ec26-ba92-4a81-8030-8eaff23bbd7a |
| security_groups | 42a939a4-0b54-4f93-911d-4f95b62a75ba |
+-----------------+--------------------------------------+

$ neutron port-show port-3 -c security_groups -c id
+-----------------+--------------------------------------+
| Field           | Value                                |
+-----------------+--------------------------------------+
| id              | 9bc0fd19-3ec7-40a3-9347-146a3fe21398 |
| security_groups | 7eac294c-aa22-4396-a8c0-4b219ab8a006 |
+-----------------+--------------------------------------+

3 Create instance

$ nova boot \
    --image cirros \
    --flavor 2 \
    --nic port-id=008e98cc-ebbf-4549-9ed0-a362d35f7fcb \
    --nic port-id=9c07ec26-ba92-4a81-8030-8eaff23bbd7a \
    --nic port-id=9bc0fd19-3ec7-40a3-9347-146a3fe21398 \
    test-instance-1

4 Add security group "default" to "test-instance-1" with Horizon.

5 Show port details. Each port has sg-1, sg-2, sg-3 and default here.

$ neutron port-show port-1 -c security_groups -c id
+-----------------+--------------------------------------+
| Field           | Value                                |
+-----------------+--------------------------------------+
| id              | 008e98cc-ebbf-4549-9ed0-a362d35f7fcb |
| security_groups | 42a939a4-0b54-4f93-911d-4f95b62a75ba |
|                 | 7eac294c-aa22-4396-a8c0-4b219ab8a006 |
|                 | af8190fc-ad20-4b59-8dad-fc05bf84d9cd |
|                 | cefc8530-b658-4090-989e-f7f5c217c0e8 |
+-----------------+--------------------------------------+

$ neutron port-show port-2 -c security_groups -c id
+-----------------+--------------------------------------+
| Field           | Value                                |
+-----------------+--------------------------------------+
| id              | 9c07ec26-ba92-4a81-8030-8eaff23bbd7a |
| security_groups | 42a939a4-0b54-4f93-911d-4f95b62a75ba |
|                 | 7eac294c-aa22-4396-a8c0-4b219ab8a006 |
|                 | af8190fc-ad20-4b59-8dad-fc05bf84d9cd |
|                 | cefc8530-b658-4090-989e-f7f5c217c0e8 |
+-----------------+--------------------------------------+

$ neutron port-show port-3 -c security_groups -c id
+-----------------+--------------------------------------+
| Field           | Value                                |
+-----------------+--------------------------------------+
| id              | 9bc0fd19-3ec7-40a3-9347-146a3fe21398 |
| security_groups | 42a939a4-0b54-4f93-911d-4f95b62a75ba |
|                 | 7eac294c-aa22-4396-a8c0-4b219ab8a006 |
|                 | af8190fc-ad20-4b59-8dad-fc05bf84d9cd |
|                 | cefc8530-b658-4090-989e-f7f5c217c0e8 |
+-----------------+--------------------------------------+

Actual results:

All the ports are added "default","sg-[1-3]" security groups

Expected results:

Only "default" security group should be added to the ports but sg-[1-3] should be added to the ports.

Additional info:

Comment 1 Junko IKEDA 2016-11-15 23:15:55 EST

Each port should have "default" and "sg-1/2/3" which assigned when port-create.
Expected "neutron port-show":

$ neutron port-show port-1 -c security_groups -c id
+-----------------+--------------------------------------+
| Field           | Value                                |
+-----------------+--------------------------------------+
| id              | 008e98cc-ebbf-4549-9ed0-a362d35f7fcb |
| security_groups | af8190fc-ad20-4b59-8dad-fc05bf84d9cd |
|                 | cefc8530-b658-4090-989e-f7f5c217c0e8 |<-default
+-----------------+--------------------------------------+

$ neutron port-show port-2 -c security_groups -c id
+-----------------+--------------------------------------+
| Field           | Value                                |
+-----------------+--------------------------------------+
| id              | 9c07ec26-ba92-4a81-8030-8eaff23bbd7a |
| security_groups | 42a939a4-0b54-4f93-911d-4f95b62a75ba |
|                 | cefc8530-b658-4090-989e-f7f5c217c0e8 |<-default
+-----------------+--------------------------------------+

$ neutron port-show port-3 -c security_groups -c id
+-----------------+--------------------------------------+
| Field           | Value                                |
+-----------------+--------------------------------------+
| id              | 9bc0fd19-3ec7-40a3-9347-146a3fe21398 |
| security_groups | 7eac294c-aa22-4396-a8c0-4b219ab8a006 |
|                 | cefc8530-b658-4090-989e-f7f5c217c0e8 |<-default
+-----------------+--------------------------------------+

Comment 2 Chen 2016-12-08 04:17:26 EST

Hi Radomir,

Do we have any progress on this bugzilla ?

Best Regards,
Chen

Comment 3 Radomir Dopieralski 2016-12-08 04:29:32 EST

The bug has been triaged and is at the top of the queue, waiting for its turn.

Comment 7 Chen 2016-12-12 10:45:37 EST

Hi Radomir,

Thank you for your great information.

I understand that OSP8 backport might be impossible at this stage. Is there any chance that OSP10 will include this feature ?

Best Regards,
Chen

Comment 8 Radomir Dopieralski 2016-12-13 04:47:08 EST

We are not sure yet -- since the patch is still in review and can change before it is merged. Right now I don't see much technical problems backporting it to osp10 (since we are still relatively close to the release of osp10 and so the development has not diverged much), but I cannot promise anything.

Comment 9 Chen 2017-01-09 02:24:30 EST

Hi Radomir,

It would appreciated if you got any news about this bugzilla.

Best Regards,
Chen

Comment 10 Radomir Dopieralski 2017-01-09 03:24:37 EST

The patch upstream is still being reviewed. https://review.openstack.org/#/c/404178/

Comment 11 Chen 2017-03-15 10:34:48 EDT

Hi,

Do we have any news about this feature ?

Best Regards,
Chen

Comment 12 Radomir Dopieralski 2017-03-15 11:10:46 EDT

There are no particularly exciting news. The patch I linked to is being reviewed and improved upstream, being worked on by the original author. I'm unable to estimate when it would be finished.

Comment 13 Beth Elwell 2017-11-16 06:55:44 EST

Fixes for this bug have been merged to upstream master and so will make it into the OSP13 release.

Comment 19 errata-xmlrpc 2018-06-27 09:26:39 EDT

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:2086

Note You need to log in before you can comment on or make changes to this bug.