yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1175464] Re: should not add default security group to quantum unless api-request had it

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Sean Dague <sean@xxxxxxxxx>
Date: Fri, 09 Dec 2016 16:09:47 -0000
Reply-to: Bug 1175464 <1175464@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Fixed in https://review.openstack.org/#/c/306470/

** Changed in: nova/liberty
       Status: Confirmed => Fix Released

** Changed in: nova/mitaka
       Status: Confirmed => Fix Released

** Changed in: nova
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1175464

Title:
  should not add default security group to quantum unless api-request
  had it

Status in OpenStack Compute (nova):
  Fix Released
Status in OpenStack Compute (nova) liberty series:
  Won't Fix
Status in OpenStack Compute (nova) mitaka series:
  Fix Released

Bug description:
  when booting an instance nova-api automatically adds a default
  security group if one is not specified, though we shouldn't be doing
  this and instead quantum should handle be handing this. This actually
  causes an issue for plugins that implement the port_security_api and
  have port_security_enabled=False on a network.

  https://github.com/openstack/nova/blob/master/nova/api/openstack/compute/contrib/security_groups.py#L498
  https://github.com/openstack/nova/blob/master/nova/api/openstack/compute/contrib/security_groups.py#L511

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1175464/+subscriptions