yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #92596
[Bug 2026264] [NEW] "--target" parameter in "network log object create" is only expected for ML2/OVS
Public bug reported:
According to command help [1], option "--target" when creating security
group log should work to narrow down logging action for specific port.
However, this is something not expected in the ML2/OVN driver, where the
minimal unit of logging is per security group, and is selected using
--resource.
I raised this on the last Neutron meeting to see if it was possible to
have a general solution for this that could be useful for any parameter
and any driver (Like answering with an error through the API) but this
would result on a driver-driven API which is something discouraged.
There was also the option of logging a Warning or an error when using
non-supported parameters, but I don't know if this would give hints to
the users about which driver they are using, something we also don't
want non-admin users to know.
Finally, there is the option to fix this specific problem by changing
the --help for network log create.
[1]
"""
$ openstack network log create --help
usage: openstack network log create ...
Create a new network log
positional arguments:
<name> Name for the network log
optional arguments:
...
--resource <resource>
Name or ID of resource (security group or firewall
group) that used for logging. You can control for
logging target combination with --target option.
--target <target> Port (name or ID) for logging. You can control for
logging target combination with --resource option.
...
"""
** Affects: neutron
Importance: Undecided
Assignee: Elvira García Ruiz (elviragr)
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2026264
Title:
"--target" parameter in "network log object create" is only expected
for ML2/OVS
Status in neutron:
New
Bug description:
According to command help [1], option "--target" when creating
security group log should work to narrow down logging action for
specific port.
However, this is something not expected in the ML2/OVN driver, where
the minimal unit of logging is per security group, and is selected
using --resource.
I raised this on the last Neutron meeting to see if it was possible to
have a general solution for this that could be useful for any
parameter and any driver (Like answering with an error through the
API) but this would result on a driver-driven API which is something
discouraged.
There was also the option of logging a Warning or an error when using
non-supported parameters, but I don't know if this would give hints to
the users about which driver they are using, something we also don't
want non-admin users to know.
Finally, there is the option to fix this specific problem by changing
the --help for network log create.
[1]
"""
$ openstack network log create --help
usage: openstack network log create ...
Create a new network log
positional arguments:
<name> Name for the network log
optional arguments:
...
--resource <resource>
Name or ID of resource (security group or firewall
group) that used for logging. You can control for
logging target combination with --target option.
--target <target> Port (name or ID) for logging. You can control for
logging target combination with --resource option.
...
"""
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2026264/+subscriptions