Hide Forgot
Description of problem: When using the python-openstackclient (on the OSP11 undercloud) to list available security groups, it doesn't show the association of a group to a project in the high-level list, only when you ask it to show you the actual group. For example: [stack@undercloud director]$ openstack security group list +--------------------------------------+---------+------------------------+---------+ | ID | Name | Description | Project | +--------------------------------------+---------+------------------------+---------+ | 19f43d66-0dbf-48c9-a4d5-6d3bb3c4c219 | default | Default security group | | | e776d298-b64a-4ce9-a6a2-9818f14bf071 | default | Default security group | | +--------------------------------------+---------+------------------------+---------+ Yet, if I go into one of them, it shows the project id... [stack@undercloud director]$ openstack security group show e776d298-b64a-4ce9-a6a2-9818f14bf071 +-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | created_at | 2017-08-04T08:03:06Z | | description | Default security group | | id | e776d298-b64a-4ce9-a6a2-9818f14bf071 | | name | default | | project_id | 1742f2ee2c0941d69ab7f634a2441ba9 | | revision_number | 1 | | rules | created_at='2017-08-04T08:03:06Z', direction='ingress', ethertype='IPv4', id='1845f055-0571-4155-80e0-e95c7ee211f7', remote_group_id='e776d298-b64a-4ce9-a6a2-9818f14bf071', revision_number='1', updated_at='2017-08-04T08:03:06Z' | | | created_at='2017-08-04T08:03:06Z', direction='egress', ethertype='IPv4', id='51738c8e-4127-4294-bb9f-81da06f66dc5', revision_number='1', updated_at='2017-08-04T08:03:06Z' | | | created_at='2017-08-04T08:03:06Z', direction='egress', ethertype='IPv6', id='bd0a0b5a-67b4-48d3-9b82-688dba82041c', revision_number='1', updated_at='2017-08-04T08:03:06Z' | | | created_at='2017-08-04T08:03:06Z', direction='ingress', ethertype='IPv6', id='ce43ac30-edcc-4aab-b7e6-83d36be8fb55', remote_group_id='e776d298-b64a-4ce9-a6a2-9818f14bf071', revision_number='1', updated_at='2017-08-04T08:03:06Z' | | updated_at | 2017-08-04T08:03:06Z | +-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ [stack@undercloud director]$ openstack project list +----------------------------------+---------+ | ID | Name | +----------------------------------+---------+ | 1742f2ee2c0941d69ab7f634a2441ba9 | admin | | 33b5226c54074c66b922dd4daf33488b | service | +----------------------------------+---------+ The (soon to be deprecated) neutron CLI shows it successfully though... [stack@undercloud director]$ neutron security-group-list neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. +--------------------------------------+---------+----------------------------------+----------------------------------------------------------------------+ | id | name | tenant_id | security_group_rules | +--------------------------------------+---------+----------------------------------+----------------------------------------------------------------------+ | 19f43d66-0dbf-48c9-a4d5-6d3bb3c4c219 | default | | egress, IPv4 | | | | | egress, IPv6 | | | | | ingress, IPv4, remote_group_id: 19f43d66-0dbf-48c9-a4d5-6d3bb3c4c219 | | | | | ingress, IPv6, remote_group_id: 19f43d66-0dbf-48c9-a4d5-6d3bb3c4c219 | | e776d298-b64a-4ce9-a6a2-9818f14bf071 | default | 1742f2ee2c0941d69ab7f634a2441ba9 | egress, IPv4 | | | | | egress, IPv6 | | | | | ingress, IPv4, remote_group_id: e776d298-b64a-4ce9-a6a2-9818f14bf071 | | | | | ingress, IPv6, remote_group_id: e776d298-b64a-4ce9-a6a2-9818f14bf071 | +--------------------------------------+---------+----------------------------------+----------------------------------------------------------------------+ Version-Release number of selected component (if applicable): kernel-3.10.0-693.el7.x86_64 python-openstackclient-3.8.1-1.el7ost.noarch python-neutronclient-6.1.0-1.el7ost.noarch openstack-tripleo-heat-templates-6.1.0-2.el7ost.noarch How reproducible: Consistent during testing. Steps to Reproduce: 1. Deploy vanilla OSP11 environment using TripleO/OSP director 2. Source the overcloudrc file 3. Use python-openstackclient to list security group rules, observe no project association in the output, yet it's correctly associated in the database Actual results: Project ID's are empty in the output Expected results: Project ID's are correctly listed in the output Additional info:
Thank you for the bug report. This appears to be fixed in 3.10 in Pike/OSP12. I also proposed an Ocata backport upstream in the background, we'll see how it goes.
For the record, the Ocata backport also merged upstream ( https://review.openstack.org/#/c/493884/ ) and should be included in the next OSP11 rebase.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:3462