Hi, This sounds like it may be a bug. My guess is that when we switched to project ID a hook was not updated to create the default security group when a project ID is passed instead of a tenant ID (this logic [1] in particular).
Can you please file a bug on launchpad and reference this email thread and we should be able to get it fixed pretty quickly. 1. https://github.com/openstack/neutron/blob/71d9aab87e37b5162ef09b8cbe3b72709fc88a8b/neutron/db/securitygroups_db.py#L146-L153 Cheers, Kevin Benton On Tue, Jun 27, 2017 at 3:30 AM, Riccardo Murri <riccardo.mu...@uzh.ch> wrote: > Hello, > > I'm trying to add some rules to the "default" security group of a > newly-created project, using the Neutron API 2.0. > > However, it seems that the "default" security group is automatically > created but it is not returned by Neutron client's > `list_security_groups()` API call. My code works just fine if I use any > security group name other than "default". > > This is an example interaction, which shows that there is no security > group returned for the project:: > > >>> project.id > u'b26ed1aa29e64c3abeade0a47867eee3' > >>> response = self.neutron.list_security_groups() # self.neutron is > a neutron_client.v2.Client instance > >>> secgroups = response['security_groups'] > >>> all_sg_ids = [(sg['id'], sg['tenant_id']) for sg in secgroups] > >>> all_sg_ids > [(u'01de4e38-55ea-4b82-8583-274b1bded41a', u' > 0ff1f3d07fbd4d41892cdf85d7a7d1a9'), ... ] > >>> len(all_sg_ids) > 17 > >>> project_sg_ids = [(sg['id'], sg['tenant_id']) for sg in secgroups > if sg['tenant_id'] == project.id] > >>> project_sg_ids > [] > > Shouldn't the "default" security group be listed there? > > In more details, this is the code I'm using (which, again, works as > expected if I use any security group name other than "default"):: > > class Projects(object): > def __init__(self): > self.session = get_session() > self.keystone = keystone_client.Client(session=self.session) > self.neutron = neutron_client.Client(session=self.session) > self.nova = nova_client('2', session=self.session) > # ... > > # ... > > def create(self, form): > domain = self.keystone.domains.get( > config.os_project_domain_id) > project = self.keystone.projects.create( > form.name.data, > domain, > description=form.description.data, > enabled=False, # will enable after configuring it > # ... > ) > try: > response = self.neutron.create_security_group({ > 'security_group': { > 'tenant_id': project.id, > 'name': 'default', # works if I change to e.g. > 'TEST' > 'description': "Default security group", > } > }) > except Conflict: > # security group already exists, fetch it > # `find_security_group_by_name()` is a small filter > # for `list_security_groups()` results > default_sg = find_security_group_by_name(self.neutron, > project.id, 'default') > # ... do something with the sec group ... > > What am I doing wrong? > > Thanks, > Riccardo > > -- > Riccardo Murri > http://www.s3it.uzh.ch/about/team/#Riccardo.Murri > > S3IT: Services and Support for Science IT > University of Zurich > Winterthurerstrasse 190, CH-8057 Zürich (Switzerland) > > Tel: +41 44 635 4208 > Fax: +41 44 635 6888 > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/ > openstack > Post to : openstack@lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/ > openstack >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack