← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #25474

[Bug 829609] Re: EC2 compatibility describe security group returns erroneous value for group ip permissions

  Thread PreviousDate PreviousThread Next 
Is this still valid, hasn't been touched in years.

** Changed in: nova
       Status: Confirmed => Incomplete

** Changed in: nova
       Status: Incomplete => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/829609

Title:
  EC2 compatibility describe security group returns erroneous value for
  group ip permissions

Status in pyjuju:
  Fix Released
Status in OpenStack Compute (Nova):
  Invalid
Status in txAWS: Twisted Amazon:
  Fix Released
Status in txaws package in Ubuntu:
  Fix Released

Bug description:
  When dealing with group to group authorization (including self group
  authorization), nova doesn't associate the correct port ranges to the
  group ip permission.

  ie.
  ec2.authorize_security_group(
                  "ensemble-east",
                  source_group_name="ensemble-east",
                  source_group_owner_id=owner_id)

  results in very different output from euca-describe-groups vs. ec2
  -describe-group.

  ec2-describe-group reports

  GROUP   sg-a7351dce     619193117841    ensemble-east   Ensemble group for east 
  PERMISSION      619193117841    ensemble-east   ALLOWS  tcp     1       65535   FROM    USER    619193117841    NAME ensemble-east      ID sg-a7351dce  ingress
  PERMISSION      619193117841    ensemble-east   ALLOWS  udp     1       65535   FROM    USER    619193117841    NAME ensemble-east      ID sg-a7351dce  ingress
  PERMISSION      619193117841    ensemble-east   ALLOWS  icmp    -1      -1      FROM    USER    619193117841    NAME ensemble-east      ID sg-a7351dce  ingress

  where as euca-describe-group

  GROUP   kapil_project   ensemble-internal       Ensemble group for internal
  PERMISSION      kapil_project   ensemble-internal       ALLOWS                          GRPNAME ensemble-internal

  the output of euca-describe-group isn't parseable to some tools since
  its also missing port ranges. Its unclear if this source group
  declaration for an ingress rule has worked correctly.

To manage notifications about this bug go to:
https://bugs.launchpad.net/juju/+bug/829609/+subscriptions
  Thread PreviousDate PreviousThread Next