yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1716219] Re: cannot list "default" security group with Neutron API

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Rodolfo Alonso <1716219@xxxxxxxxxxxxxxxxxx>
Date: Fri, 16 Dec 2022 16:21:47 -0000
Reply-to: Bug 1716219 <1716219@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Bug closed due to lack of activity, please feel free to reopen if
needed.

** Changed in: neutron
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1716219

Title:
  cannot list "default" security group with Neutron API

Status in neutron:
  Won't Fix

Bug description:
  Copying from mailing list so it doesn't get lost:
  http://lists.openstack.org/pipermail/openstack/2017-June/045114.html

  Hello,

  I'm trying to add some rules to the "default" security group of a
  newly-created project, using the Neutron API 2.0.

  However, it seems that the "default" security group is automatically
  created but it is not returned by Neutron client's
  `list_security_groups()` API call.  My code works just fine if I use any
  security group name other than "default".

  This is an example interaction, which shows that there is no security
  group returned for the project::

      >>> project.id
      u'b26ed1aa29e64c3abeade0a47867eee3'
      >>> response = self.neutron.list_security_groups()  # self.neutron is a neutron_client.v2.Client instance
      >>> secgroups = response['security_groups']
      >>> all_sg_ids = [(sg['id'], sg['tenant_id']) for sg in secgroups]
      >>> all_sg_ids
      [(u'01de4e38-55ea-4b82-8583-274b1bded41a', u'0ff1f3d07fbd4d41892cdf85d7a7d1a9'), ... ]
      >>> len(all_sg_ids)
      17
      >>> project_sg_ids = [(sg['id'], sg['tenant_id']) for sg in secgroups if sg['tenant_id'] == project.id]
      >>> project_sg_ids
      []

  Shouldn't the "default" security group be listed there?

  In more details, this is the code I'm using (which, again, works as
  expected if I use any security group name other than "default")::

      class Projects(object):
          def __init__(self):
              self.session = get_session()
              self.keystone = keystone_client.Client(session=self.session)
              self.neutron = neutron_client.Client(session=self.session)
              self.nova = nova_client('2', session=self.session)
              # ...

          # ...

          def create(self, form):
              domain = self.keystone.domains.get(config.os_project_domain_id)
              project = self.keystone.projects.create(
                  form.name.data,
                  domain,
                  description=form.description.data,
                  enabled=False,  # will enable after configuring it
                  # ...
              )
              try:
                  response = self.neutron.create_security_group({
                      'security_group': {
                          'tenant_id': project.id,
                          'name': 'default',  # works if I change to e.g. 'TEST'
                          'description': "Default security group",
                      }
                  })
              except Conflict:
                  # security group already exists, fetch it
                  # `find_security_group_by_name()` is a small filter
                  # for `list_security_groups()` results
                  default_sg = find_security_group_by_name(self.neutron, project.id, 'default')
              # ... do something with the sec group ...

  What am I doing wrong?

  Thanks,
  Riccardo

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1716219/+subscriptions

References

[Bug 1716219] [NEW] cannot list "default" security group with Neutron API
From: Kevin Benton, 2017-09-10