Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 2214566

Summary: "openstack port list --long" output contains invalid information about security groups
Product: Red Hat OpenStack Reporter: Alex Stupnikov <astupnik>
Component: python-neutronclientAssignee: Fernando Royo <froyo>
Status: CLOSED MIGRATED QA Contact: Eran Kuris <ekuris>
Severity: medium Docs Contact:
Priority: medium    
Version: 16.2 (Train)CC: apevec, aruffin, bcafarel, chrisw, froyo, jveiraca, scohen
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2025-01-10 09:29:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Alex Stupnikov 2023-06-13 12:17:34 UTC 
Description of problem:
When trying to obtain information about security groups in my my RHOSP 16.2 deployment I get None for all ports:

+--------------------------------------+--------------+-------------------+----------------------------------------------------------------------------------------+--------+-----------------+--------------------------+------+
| ID                                   | Name         | MAC Address       | Fixed IP Addresses                                                                     | Status | Security Groups | Device Owner             | Tags |
+--------------------------------------+--------------+-------------------+----------------------------------------------------------------------------------------+--------+-----------------+--------------------------+------+
| 0f2c4600-c14b-4d0c-8ada-de40b3e2795e |              | fa:16:3e:7b:60:bd |                                                                                        | DOWN   | None            | network:dhcp             |      |
| 27187ca2-d1c8-446f-a31b-e2125e1fcaae | direct_port1 | fa:16:3e:d3:8a:d7 | ip_address='192.168.125.199', subnet_id='884b151a-cbd9-4ca7-8106-50e5c0258596'         | DOWN   | None            |                          |      |
| 2f0fcaa6-0b6c-44e2-8227-d881edb8dab4 |              | fa:16:3e:ae:69:69 | ip_address='192.168.126.2', subnet_id='538d5cf7-2c9b-4bb7-88ad-c5d6b75e5ab3'           | DOWN   | None            | network:dhcp             |      |
| 33e2cb3f-e989-4718-ae5b-1c0b13f38edd |              | fa:16:3e:61:4b:43 | ip_address='10.0.0.201', subnet_id='89ecb154-a556-4e81-b171-3490f5713e03'              | N/A    | None            | network:floatingip       |      |
|                                      |              |                   | ip_address='2620:52:0:13b8::1000:a8', subnet_id='611e8148-f484-4a48-a750-59e9bcedfc00' |        |                 |                          |      |
| 4e5e1e89-c013-420c-b73e-701f1d2d657b |              | fa:16:3e:bb:46:c8 | ip_address='10.0.88.30', subnet_id='34b959fe-f95e-48b8-8ed8-eeaa29f59115'              | ACTIVE | None            | network:router_gateway   |      |
| 5b3382b1-bf58-4dd2-8164-5ce62b102d1a | port_router3 | fa:16:3e:57:bd:57 | ip_address='192.168.125.53', subnet_id='884b151a-cbd9-4ca7-8106-50e5c0258596'          | ACTIVE | None            | network:router_interface |      |
| aea6e2d8-d32f-4a74-aab2-2393ad7e65ab |              | fa:16:3e:d0:28:4b | ip_address='192.168.125.1', subnet_id='884b151a-cbd9-4ca7-8106-50e5c0258596'           | ACTIVE | None            | network:router_interface |      |
| af9a5d66-012d-453f-9fb6-dba2793bb37a |              | fa:16:3e:bc:ba:eb | ip_address='192.168.125.178', subnet_id='884b151a-cbd9-4ca7-8106-50e5c0258596'         | ACTIVE | None            | compute:nova             |      |
| b5260772-9acd-4de9-a165-96c2b0769c4f |              | fa:16:3e:c1:39:c4 | ip_address='192.168.125.2', subnet_id='884b151a-cbd9-4ca7-8106-50e5c0258596'           | DOWN   | None            | network:dhcp             |      |
| bc87a29e-5177-486a-b04d-adaeb212c838 |              | fa:16:3e:42:f3:fe | ip_address='10.0.88.181', subnet_id='34b959fe-f95e-48b8-8ed8-eeaa29f59115'             | N/A    | None            | network:floatingip       |      |
| c1f89a6d-e6f6-48e6-b473-5e298cc43723 |              | fa:16:3e:76:b5:94 | ip_address='10.0.88.179', subnet_id='34b959fe-f95e-48b8-8ed8-eeaa29f59115'             | ACTIVE | None            | network:router_gateway   |      |
| ca9a3148-53c5-4135-a416-59d9d1a2cb75 |              | fa:16:3e:b1:59:22 | ip_address='192.168.126.1', subnet_id='538d5cf7-2c9b-4bb7-88ad-c5d6b75e5ab3'           | ACTIVE | None            | network:router_interface |      |
| de53c4e1-14ac-4094-a78e-63503d3535e6 |              | fa:16:3e:e8:04:cb | ip_address='10.0.88.2', subnet_id='34b959fe-f95e-48b8-8ed8-eeaa29f59115'               | DOWN   | None            | network:dhcp             |      |
| f164c0f1-8ac8-4c45-bba9-8c723a30c701 |              | fa:16:3e:99:db:9b | ip_address='10.0.0.187', subnet_id='89ecb154-a556-4e81-b171-3490f5713e03'              | ACTIVE | None            | network:router_gateway   |      |
|                                      |              |                   | ip_address='2620:52:0:13b8::1000:10', subnet_id='611e8148-f484-4a48-a750-59e9bcedfc00' |        |                 |                          |      |
+--------------------------------------+--------------+-------------------+----------------------------------------------------------------------------------------+--------+-----------------+--------------------------+------+

In reality that's not true and there are security groups attached to some ports. The problem is that this command requests fields=security_group_ids instead of fields=security_groups (from openstack port list --long -vv output):

GET call to network for http://10.0.0.127:9696/v2.0/ports?fields=id&fields=name&fields=mac_address&fields=fixed_ips&fields=status&fields=security_group_ids&fields=device_owner&fields=tags

I used curl to get information for corrected URL (&fields=security_groups) and got correct information.

Generally, it may not be the only parameter not working properly.


Version-Release number of selected component (if applicable):
Red Hat OpenStack Platform release 16.2.5 (Train)
python3-neutronclient-6.14.1-2.20220111010835.a09e824.el8ost.noarch
python3-openstackclient-4.0.2-2.20221012154730.54bf2c0.el8ost.noarch


How reproducible:
Try to obtain information about Security Groups attached to ports using "openstack port list --long" 


Actual results:
Information is invalid (None is returned for all ports)

Expected results:
Valid security groups are listed if port has them
Comment 1 Alex Stupnikov 2023-06-13 12:21:27 UTC 
https://docs.openstack.org/api-ref/network/v2/?expanded=list-ports-detail#list-ports
Comment 3 Jakub Libosvar 2024-05-16 13:58:41 UTC 
*** Bug 2280267 has been marked as a duplicate of this bug. ***