← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 2026264] [NEW] "--target" parameter in "network log object create" is only expected for ML2/OVS

 

Public bug reported:

According to command help [1], option "--target" when creating security
group log should work to narrow down logging action for specific port.

However, this is something not expected in the ML2/OVN driver, where the
minimal unit of logging is per security group, and is selected using
--resource.

I raised this on the last Neutron meeting to see if it was possible to
have a general solution for this that could be useful for any parameter
and any driver (Like answering with an error through the API) but this
would result on a driver-driven API which is something discouraged.

There was also the option of logging a Warning or an error when using
non-supported parameters, but I don't know if this would give hints to
the users about which driver they are using, something we also don't
want non-admin users to know.

Finally, there is the option to fix this specific problem by changing
the --help for network log create.


[1]
"""
$ openstack network log create --help 
usage: openstack network log create ...

Create a new network log

positional arguments:
  <name>                Name for the network log

optional arguments:
...
  --resource <resource>
                        Name or ID of resource (security group or firewall
                        group) that used for logging. You can control for
                        logging target combination with --target option.
  --target <target>     Port (name or ID) for logging. You can control for
                        logging target combination with --resource option.
...
"""

** Affects: neutron
     Importance: Undecided
     Assignee: Elvira García Ruiz (elviragr)
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2026264

Title:
  "--target" parameter in "network log object create" is only expected
  for ML2/OVS

Status in neutron:
  New

Bug description:
  According to command help [1], option "--target" when creating
  security group log should work to narrow down logging action for
  specific port.

  However, this is something not expected in the ML2/OVN driver, where
  the minimal unit of logging is per security group, and is selected
  using --resource.

  I raised this on the last Neutron meeting to see if it was possible to
  have a general solution for this that could be useful for any
  parameter and any driver (Like answering with an error through the
  API) but this would result on a driver-driven API which is something
  discouraged.

  There was also the option of logging a Warning or an error when using
  non-supported parameters, but I don't know if this would give hints to
  the users about which driver they are using, something we also don't
  want non-admin users to know.

  Finally, there is the option to fix this specific problem by changing
  the --help for network log create.

  
  [1]
  """
  $ openstack network log create --help 
  usage: openstack network log create ...

  Create a new network log

  positional arguments:
    <name>                Name for the network log

  optional arguments:
  ...
    --resource <resource>
                          Name or ID of resource (security group or firewall
                          group) that used for logging. You can control for
                          logging target combination with --target option.
    --target <target>     Port (name or ID) for logging. You can control for
                          logging target combination with --resource option.
  ...
  """

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2026264/+subscriptions