yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #87342
[Bug 1946250] [NEW] Neutron API reference should explain the intended behavior of port security extension
Public bug reported:
https://docs.openstack.org/api-ref/network/v2/#port-security
The explanation as of the time of writing is as follows:
"The port-security extension adds the port_security_enabled boolean
attribute to networks. At the network level, port_security_enabled
defines the default value for new ports attached to the network; they
will inherit the value of their network’s port_security_enabled unless
explicitly set on the port itself. While the default value for
port_security_enabled is true, this can be changed by updating the
respective network. Note that changing a value of port_security_enabled
on a network, does not cascade the value to ports attached to the
network."
It explains how the attribute behaves and how it's inherited by ports,
but there is no explanation of what the attribute DOES. Does it disable
anti-spoofing? Or SGs? Or both? Is the fact that - traditionally -
port_security_enabled=false disables both the intent of the API, or it's
just a historical fact on how drivers - traditionally - implement the
API?
Same problem as to how port level extension is explained:
https://docs.openstack.org/api-ref/network/v2/#id53
"The port-security extension adds the port_security_enabled boolean
attribute to ports. If a port-security value is not specified during
port creation, a port will inherit the port_security_enabled from the
network its connected to."
** Affects: neutron
Importance: Undecided
Status: New
** Tags: api-ref
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1946250
Title:
Neutron API reference should explain the intended behavior of port
security extension
Status in neutron:
New
Bug description:
https://docs.openstack.org/api-ref/network/v2/#port-security
The explanation as of the time of writing is as follows:
"The port-security extension adds the port_security_enabled boolean
attribute to networks. At the network level, port_security_enabled
defines the default value for new ports attached to the network; they
will inherit the value of their network’s port_security_enabled unless
explicitly set on the port itself. While the default value for
port_security_enabled is true, this can be changed by updating the
respective network. Note that changing a value of
port_security_enabled on a network, does not cascade the value to
ports attached to the network."
It explains how the attribute behaves and how it's inherited by ports,
but there is no explanation of what the attribute DOES. Does it
disable anti-spoofing? Or SGs? Or both? Is the fact that -
traditionally - port_security_enabled=false disables both the intent
of the API, or it's just a historical fact on how drivers -
traditionally - implement the API?
Same problem as to how port level extension is explained:
https://docs.openstack.org/api-ref/network/v2/#id53
"The port-security extension adds the port_security_enabled boolean
attribute to ports. If a port-security value is not specified during
port creation, a port will inherit the port_security_enabled from the
network its connected to."
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1946250/+subscriptions
