yahoo-eng-team team mailing list archive

Thread
Date
[Bug 1228151] Re: Default security group defined by a tenant is not removed automatically on deleting the tenant

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Mark McClain <1228151@xxxxxxxxxxxxxxxxxx>
Date: Wed, 12 Mar 2014 20:53:32 -0000
Reply-to: Bug 1228151 <1228151@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Neutron like other OpenStack projects does not receive tenant delete
events from Keystone.  An outside process must handle the removal of old
tenant resources.

** Changed in: neutron
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1228151

Title:
  Default security group defined by a tenant is not removed
  automatically on deleting the tenant

Status in OpenStack Neutron (virtual network service):
  Won't Fix

Bug description:
  Default security group is defined for each tenant when a tenant is created.
  After deleting the tenant the associated default security group is not cleaned up automatically. Eventually a cluster has scores of security group entities that have identical names and descriptions, which is "default" (can be observed by the admin user via quantum security-group-list CLI command) .

  1) Create a tenant
  $ quantum security-group-list
  +--------------------------------------+---------+-------------+
  | id                                   | name    | description |
  +--------------------------------------+---------+-------------+
  | 0ad4971b-a232-439e-959a-79cfeb2210cb | default | default     |
  | 37ecc8c3-85eb-4c16-ad71-689564324ccc | default | default     |
  | 46dfed8b-610c-49d1-9e27-d55d1d20bd66 | default | default     |
  +--------------------------------------+---------+-------------+

  $ keystone tenant-create --name another_tenant
  +-------------+----------------------------------+
  |   Property  |              Value               |
  +-------------+----------------------------------+
  | description |                                  |
  |   enabled   |               True               |
  |      id     | 89d7ed4d02fe44c28d4218f3d258a4b5 |
  |     name    |          another_tenant          |
  +-------------+----------------------------------+

  $ keystone tenant-list 
  +----------------------------------+--------------------+---------+
  |                id                |        name        | enabled |
  +----------------------------------+--------------------+---------+
  | d6e5537a5d0245b19d4bc4dc3307e497 |       admin        |   True  |
  | e5c565d7d1f3405b8cd759ccba03b969 |      alt_demo      |   True  |
  | 89d7ed4d02fe44c28d4218f3d258a4b5 |   another_tenant   |   True  |
  | f55d9cbde6194a18a2f1ebbb2afd9457 |        demo        |   True  |
  | 64d3667ae3454c6bb7f43d8bef1179df | invisible_to_admin |   True  |
  | 12f3482c24a04a2fab177562d85f4a73 |      service       |   True  |
  +----------------------------------+--------------------+---------+

  2) Associate a user with the tenant and authenticate under the tenant
  $ keystone user-role-add --user demo --role Member --tenant 89d7ed4d02fe44c28d4218f3d258a4b5
  $ nova --os-tenant-name another_tenant --os-username demo --os-password user list
  +----+------+--------+------------+-------------+----------+
  | ID | Name | Status | Task State | Power State | Networks |
  +----+------+--------+------------+-------------+----------+
  +----+------+--------+------------+-------------+----------+

  3) Delete the tenant
  $ keystone tenant-delete 89d7ed4d02fe44c28d4218f3d258a4b5
  $ keystone tenant-list
  +----------------------------------+--------------------+---------+
  |                id                |        name        | enabled |
  +----------------------------------+--------------------+---------+
  | d6e5537a5d0245b19d4bc4dc3307e497 |       admin        |   True  |
  | e5c565d7d1f3405b8cd759ccba03b969 |      alt_demo      |   True  |
  | f55d9cbde6194a18a2f1ebbb2afd9457 |        demo        |   True  |
  | 64d3667ae3454c6bb7f43d8bef1179df | invisible_to_admin |   True  |
  | 12f3482c24a04a2fab177562d85f4a73 |      service       |   True  |
  +----------------------------------+--------------------+---------+

  4) The tenant defined default security group is not deleted
  $ quantum security-group-list
  +--------------------------------------+---------+-------------+
  | id                                   | name    | description |
  +--------------------------------------+---------+-------------+
  | 0ad4971b-a232-439e-959a-79cfeb2210cb | default | default     |
  | 37ecc8c3-85eb-4c16-ad71-689564324ccc | default | default     |
  | 46dfed8b-610c-49d1-9e27-d55d1d20bd66 | default | default     |
  | c7b5b103-69b3-4753-9370-d607a31474a7 | default | default     |
  +--------------------------------------+---------+-------------+

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1228151/+subscriptions