1395504 – Horizon is adding wrong security groups to ports

Bug 1395504 - Horizon is adding wrong security groups to ports

Summary: Horizon is adding wrong security groups to ports

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	python-django-horizon
Sub Component:
Version:	8.0 (Liberty)
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	Upstream M1
Target Release:	13.0 (Queens)
Assignee:	Beth White
QA Contact:	Radomir Dopieralski
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-11-16 04:00 UTC by Chen
Modified:	2020-01-17 16:11 UTC (History)
CC List:	9 users (show)
Fixed In Version:	python-django-horizon-13.0.0-0.20180123104755.5ccfe81.el7ost
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-06-27 13:26:39 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Priority	Status	Summary	Last Updated
Launchpad	1637444	None	None	None	2016-12-12 15:34:48 UTC
OpenStack gerrit	404178	None	MERGED	Support security groups association per port	2020-05-27 02:25:35 UTC
OpenStack gerrit	451620	None	MERGED	Refactor the current UpdatePort form to workflow version	2020-05-27 02:25:35 UTC
Red Hat Product Errata	RHEA-2018:2086	None	None	None	2018-06-27 13:28:35 UTC

Description Chen 2016-11-16 04:00:34 UTC

Description of problem:

Horizon is adding wrong security groups to ports

Version-Release number of selected component (if applicable):

OSP 8

How reproducible:

100%

Steps to Reproduce:


1 Create security group

$ neutron security-group-create sg-1
$ neutron security-group-create sg-2
$ neutron security-group-create sg-3

2 Create port with the security group 

$ neutron port-create --name port-1 --security-group sg-1 test-network
$ neutron port-create --name port-2 --security-group sg-2 test-network
$ neutron port-create --name port-3 --security-group sg-3 test-network

$ neutron port-show port-1 -c security_groups -c id
+-----------------+--------------------------------------+
| Field           | Value                                |
+-----------------+--------------------------------------+
| id              | 008e98cc-ebbf-4549-9ed0-a362d35f7fcb |
| security_groups | af8190fc-ad20-4b59-8dad-fc05bf84d9cd |
+-----------------+--------------------------------------+

$ neutron port-show port-2 -c security_groups -c id
+-----------------+--------------------------------------+
| Field           | Value                                |
+-----------------+--------------------------------------+
| id              | 9c07ec26-ba92-4a81-8030-8eaff23bbd7a |
| security_groups | 42a939a4-0b54-4f93-911d-4f95b62a75ba |
+-----------------+--------------------------------------+

$ neutron port-show port-3 -c security_groups -c id
+-----------------+--------------------------------------+
| Field           | Value                                |
+-----------------+--------------------------------------+
| id              | 9bc0fd19-3ec7-40a3-9347-146a3fe21398 |
| security_groups | 7eac294c-aa22-4396-a8c0-4b219ab8a006 |
+-----------------+--------------------------------------+

3 Create instance

$ nova boot \
    --image cirros \
    --flavor 2 \
    --nic port-id=008e98cc-ebbf-4549-9ed0-a362d35f7fcb \
    --nic port-id=9c07ec26-ba92-4a81-8030-8eaff23bbd7a \
    --nic port-id=9bc0fd19-3ec7-40a3-9347-146a3fe21398 \
    test-instance-1

4 Add security group "default" to "test-instance-1" with Horizon.

5 Show port details. Each port has sg-1, sg-2, sg-3 and default here.

$ neutron port-show port-1 -c security_groups -c id
+-----------------+--------------------------------------+
| Field           | Value                                |
+-----------------+--------------------------------------+
| id              | 008e98cc-ebbf-4549-9ed0-a362d35f7fcb |
| security_groups | 42a939a4-0b54-4f93-911d-4f95b62a75ba |
|                 | 7eac294c-aa22-4396-a8c0-4b219ab8a006 |
|                 | af8190fc-ad20-4b59-8dad-fc05bf84d9cd |
|                 | cefc8530-b658-4090-989e-f7f5c217c0e8 |
+-----------------+--------------------------------------+

$ neutron port-show port-2 -c security_groups -c id
+-----------------+--------------------------------------+
| Field           | Value                                |
+-----------------+--------------------------------------+
| id              | 9c07ec26-ba92-4a81-8030-8eaff23bbd7a |
| security_groups | 42a939a4-0b54-4f93-911d-4f95b62a75ba |
|                 | 7eac294c-aa22-4396-a8c0-4b219ab8a006 |
|                 | af8190fc-ad20-4b59-8dad-fc05bf84d9cd |
|                 | cefc8530-b658-4090-989e-f7f5c217c0e8 |
+-----------------+--------------------------------------+

$ neutron port-show port-3 -c security_groups -c id
+-----------------+--------------------------------------+
| Field           | Value                                |
+-----------------+--------------------------------------+
| id              | 9bc0fd19-3ec7-40a3-9347-146a3fe21398 |
| security_groups | 42a939a4-0b54-4f93-911d-4f95b62a75ba |
|                 | 7eac294c-aa22-4396-a8c0-4b219ab8a006 |
|                 | af8190fc-ad20-4b59-8dad-fc05bf84d9cd |
|                 | cefc8530-b658-4090-989e-f7f5c217c0e8 |
+-----------------+--------------------------------------+

Actual results:

All the ports are added "default","sg-[1-3]" security groups

Expected results:

Only "default" security group should be added to the ports but sg-[1-3] should be added to the ports.

Additional info:

Comment 1 Junko IKEDA 2016-11-16 04:15:55 UTC

Each port should have "default" and "sg-1/2/3" which assigned when port-create.
Expected "neutron port-show":

$ neutron port-show port-1 -c security_groups -c id
+-----------------+--------------------------------------+
| Field           | Value                                |
+-----------------+--------------------------------------+
| id              | 008e98cc-ebbf-4549-9ed0-a362d35f7fcb |
| security_groups | af8190fc-ad20-4b59-8dad-fc05bf84d9cd |
|                 | cefc8530-b658-4090-989e-f7f5c217c0e8 |<-default
+-----------------+--------------------------------------+

$ neutron port-show port-2 -c security_groups -c id
+-----------------+--------------------------------------+
| Field           | Value                                |
+-----------------+--------------------------------------+
| id              | 9c07ec26-ba92-4a81-8030-8eaff23bbd7a |
| security_groups | 42a939a4-0b54-4f93-911d-4f95b62a75ba |
|                 | cefc8530-b658-4090-989e-f7f5c217c0e8 |<-default
+-----------------+--------------------------------------+

$ neutron port-show port-3 -c security_groups -c id
+-----------------+--------------------------------------+
| Field           | Value                                |
+-----------------+--------------------------------------+
| id              | 9bc0fd19-3ec7-40a3-9347-146a3fe21398 |
| security_groups | 7eac294c-aa22-4396-a8c0-4b219ab8a006 |
|                 | cefc8530-b658-4090-989e-f7f5c217c0e8 |<-default
+-----------------+--------------------------------------+

Comment 2 Chen 2016-12-08 09:17:26 UTC

Hi Radomir,

Do we have any progress on this bugzilla ?

Best Regards,
Chen

Comment 3 Radomir Dopieralski 2016-12-08 09:29:32 UTC

The bug has been triaged and is at the top of the queue, waiting for its turn.

Comment 7 Chen 2016-12-12 15:45:37 UTC

Hi Radomir,

Thank you for your great information.

I understand that OSP8 backport might be impossible at this stage. Is there any chance that OSP10 will include this feature ?

Best Regards,
Chen

Comment 8 Radomir Dopieralski 2016-12-13 09:47:08 UTC

We are not sure yet -- since the patch is still in review and can change before it is merged. Right now I don't see much technical problems backporting it to osp10 (since we are still relatively close to the release of osp10 and so the development has not diverged much), but I cannot promise anything.

Comment 9 Chen 2017-01-09 07:24:30 UTC

Hi Radomir,

It would appreciated if you got any news about this bugzilla.

Best Regards,
Chen

Comment 10 Radomir Dopieralski 2017-01-09 08:24:37 UTC

The patch upstream is still being reviewed. https://review.openstack.org/#/c/404178/

Comment 11 Chen 2017-03-15 14:34:48 UTC

Hi,

Do we have any news about this feature ?

Best Regards,
Chen

Comment 12 Radomir Dopieralski 2017-03-15 15:10:46 UTC

There are no particularly exciting news. The patch I linked to is being reviewed and improved upstream, being worked on by the original author. I'm unable to estimate when it would be finished.

Comment 13 Beth White 2017-11-16 11:55:44 UTC

Fixes for this bug have been merged to upstream master and so will make it into the OSP13 release.

Comment 19 errata-xmlrpc 2018-06-27 13:26:39 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:2086

Note You need to log in before you can comment on or make changes to this bug.