Public bug reported: - [x] This doc is inaccurate in this way:
This came up during a review to remove nova-net usage from functional tests and enhance the neutron fixture used in those tests: https://review.opendev.org/#/c/685927/2/nova/tests/functional/test_servers.py@1264 In summary, GET /servers/detail responses for servers in a down cell may include a "security_groups" key because the API proxies that information from neutron only using the server id (the neutron security group driver finds the ports from that server id and the security groups from the ports). None of the security group information about a server, when using neutron, is cached with the server in the cell database unlike the port information (VIFs i.e. instance.info_cache.network_info). As a result, the doc is wrong for the keys it says can be returned from a GET /servers/detail response in a down cell scenario since it doesn't include 'security_groups'. The linked patch above shows that with the changed sample: https://review.opendev.org/#/c/685927/2/doc/api_samples/servers/v2.69 /servers-details-resp.json Also note that this is not the same for the GET /servers/{server_id} (show) case because that returns from the view builder here: https://github.com/openstack/nova/blob/867401e575d2b27b9bc63ceda41cd85233545cd5/nova/api/openstack/compute/views/servers.py#L210 without including any security group information. Note that fixing the API to be consistent between show and detail would require a microversion and is likely not worth a new microversion of that, a user can get security group information from the networking API directly with something like this: GET /v2.0/ports?device_id=<server_id>&fields=security_groups And from the ports response the client can get the security groups by id. This bug is just to update the down cell API guide docs. ----------------------------------- Release: 19.1.0.dev1588 on 2019-09-24 00:12:44 SHA: 2b15e162546ff5aa6458b2d1b2422a775e92b785 Source: https://opendev.org/openstack/nova/src/api-guide/source/down_cells.rst URL: https://docs.openstack.org/api-guide/compute/down_cells.html ** Affects: nova Importance: Medium Status: Confirmed ** Tags: api-guide cells doc -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1846559 Title: Handling Down Cells in nova - security_groups can be in the response for GET /servers/detail Status in OpenStack Compute (nova): Confirmed Bug description: - [x] This doc is inaccurate in this way: This came up during a review to remove nova-net usage from functional tests and enhance the neutron fixture used in those tests: https://review.opendev.org/#/c/685927/2/nova/tests/functional/test_servers.py@1264 In summary, GET /servers/detail responses for servers in a down cell may include a "security_groups" key because the API proxies that information from neutron only using the server id (the neutron security group driver finds the ports from that server id and the security groups from the ports). None of the security group information about a server, when using neutron, is cached with the server in the cell database unlike the port information (VIFs i.e. instance.info_cache.network_info). As a result, the doc is wrong for the keys it says can be returned from a GET /servers/detail response in a down cell scenario since it doesn't include 'security_groups'. The linked patch above shows that with the changed sample: https://review.opendev.org/#/c/685927/2/doc/api_samples/servers/v2.69 /servers-details-resp.json Also note that this is not the same for the GET /servers/{server_id} (show) case because that returns from the view builder here: https://github.com/openstack/nova/blob/867401e575d2b27b9bc63ceda41cd85233545cd5/nova/api/openstack/compute/views/servers.py#L210 without including any security group information. Note that fixing the API to be consistent between show and detail would require a microversion and is likely not worth a new microversion of that, a user can get security group information from the networking API directly with something like this: GET /v2.0/ports?device_id=<server_id>&fields=security_groups And from the ports response the client can get the security groups by id. This bug is just to update the down cell API guide docs. ----------------------------------- Release: 19.1.0.dev1588 on 2019-09-24 00:12:44 SHA: 2b15e162546ff5aa6458b2d1b2422a775e92b785 Source: https://opendev.org/openstack/nova/src/api-guide/source/down_cells.rst URL: https://docs.openstack.org/api-guide/compute/down_cells.html To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1846559/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
