Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
The FDP team is no longer accepting new bugs in Bugzilla. Please report your issues under FDP project in Jira. Thanks.

Bug 1919941

Summary: [ovn-nbctl] Enhance acl-list <LS> to also display ACLs applied through port groups.
Product: Red Hat Enterprise Linux Fast Datapath Reporter: Dumitru Ceara <dceara>
Component: OVNAssignee: OVN Team <ovnteam>
Status: CLOSED WONTFIX QA Contact: Jianlin Shi <jishi>
Severity: unspecified Docs Contact:
Priority: medium    
Version: FDP 20.HCC: ctrautma, mmichels
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2024-02-14 21:12:08 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dumitru Ceara 2021-01-25 12:22:38 UTC 
Description of problem:

When OVN ACLs are applied to a port group they are essentially applied to every logical switch that contains ports that are part of the port group.

However, when displaying ACLs applied on a logical switch, ovn-nbctl only returns ACLs explicitly applied on the logical switch. This makes troubleshooting more complicated.

Version-Release number of selected component (if applicable):
Any.

How reproducible:
Every time.

Steps to Reproduce:
$ ovn-nbctl ls-add ls
$ ovn-nbctl lsp-add ls lsp1
$ ovn-nbctl pg-add pg1 lsp1
$ ovn-nbctl acl-add pg1 to-lport 2 udp allow
$ ovn-nbctl acl-add ls to-lport 1 ip drop

Actual results:
$ ovn-nbctl acl-list ls
  to-lport     1 (ip) drop
$ ovn-nbctl acl-list pg1
  to-lport     2 (udp) allow

Expected results:
$ ovn-nbctl --all acl-list ls
  to-lport     2 (udp) allow
  to-lport     1 (ip) drop
Comment 1 OVN Bot 2024-02-14 21:12:07 UTC 
This issue is being closed as an automatic process due to the issue's age. If you wish to re-open this issue, please do so in Jira (https://issues.redhat.com) in the 'FDP' project. Please be sure to set the component to the latest OVN version where this issue is known to occur. If this is a feature request or improvement, please set the component to 'OVN'.