python-neutronclient

list_security_group_rules missing support for optional security_group_id parameter

Bug #1359230 reported by Joris Roovers
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
python-neutronclient
Fix Released
Undecided
Sridhar Gaddam
python-neutronclient 2.3.11

Bug Description

The API specifies that an optional security-group-id can be passed to /v2.0/security-group-rules:

http://developer.openstack.org/api-ref-networking-v2.html

GET /v2.0/security-group-rules/3c0e45ff-adaf-4124-b083-bf390e5482ff
Accept: application/json
{
    "security_group_rule": {
        "direction": "egress",
        "ethertype": "IPv6",
        "id": "3c0e45ff-adaf-4124-b083-bf390e5482ff",
        "port_range_max": null,
        "port_range_min": null,
        "protocol": null,
        "remote_group_id": null,
        "remote_ip_prefix": null,
        "security_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5",
        "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550"
    }
}

This feature is not supported in the current client:

https://github.com/openstack/python-neutronclient/blob/master/neutronclient/v2_0/client.py#L509

Joris Roovers (joris-roovers)
summary: - ist_security_group_rules missing support for optional security_group_id
+ list_security_group_rules missing support for optional security_group_id
tag
summary: list_security_group_rules missing support for optional security_group_id
- tag
+ parameter
Sridhar Gaddam (sridhargaddam)
Changed in python-neutronclient:
assignee: nobody → Sridhar Gaddam (sridhargaddam)
Sridhar Gaddam (sridhargaddam)
Changed in python-neutronclient:
status: New → In Progress
Revision history for this message
Sridhar Gaddam (sridhargaddam) wrote :

The issue is in the extend_list of ListSecurityGroupRule class which is always assuming that
the data includes security_group_id and remote_group_id fields, which may not be the case when
we filter on other fields.

neutron --debug security-group-rule-list -F direction
...

RESP BODY: {"security_group_rules": [{"direction": "egress"}, {"direction": "ingress"}, {"direction": "ingress"}, {"direction": "egress"}]}

ERROR: neutronclient.shell 'remote_group_id'
Traceback (most recent call last):
  File "/opt/stack/python-neutronclient/neutronclient/shell.py", line 692, in run_subcommand
    return run_command(cmd, cmd_parser, sub_argv)
  File "/opt/stack/python-neutronclient/neutronclient/shell.py", line 91, in run_command
    return cmd.run(known_args)
  File "/opt/stack/python-neutronclient/neutronclient/common/command.py", line 29, in run
    return super(OpenStackCommand, self).run(parsed_args)
  File "/usr/local/lib/python2.7/dist-packages/cliff/display.py", line 91, in run
    column_names, data = self.take_action(parsed_args)
  File "/opt/stack/python-neutronclient/neutronclient/common/command.py", line 35, in take_action
    return self.get_data(parsed_args)
  File "/opt/stack/python-neutronclient/neutronclient/neutron/v2_0/__init__.py", line 670, in get_data
    self.extend_list(data, parsed_args)
  File "/opt/stack/python-neutronclient/neutronclient/neutron/v2_0/securitygroup.py", line 137, in extend_list
    sec_group_ids.add(rule[key])
KeyError: 'remote_group_id'
'remote_group_id'

Revision history for this message
Sridhar Gaddam (sridhargaddam) wrote :

As expected when we include the remote_group_id and security_group_id in the filter, the issue is not seen.

neutron security-group-rule-list -F direction -F remote_group_id -F security_group_id
+----------------+-----------+--------------+
| security_group | direction | remote_group |
 +----------------+-----------+--------------+
| default | egress | |
| default | ingress | default |
| default | ingress | default |
| default | egress | |
 +----------------+-----------+--------------+

Patch on the way...

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to python-neutronclient (master)

Fix proposed to branch: master
Review: https://review.openstack.org/135555

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to python-neutronclient (master)

Reviewed: https://review.openstack.org/135555
Committed: https://git.openstack.org/cgit/openstack/python-neutronclient/commit/?id=845f4618f4818d3f536eda1dde8d9b9d860f0417
Submitter: Jenkins
Branch: master

commit 845f4618f4818d3f536eda1dde8d9b9d860f0417
Author: sridhargaddam <email address hidden>
Date: Wed Nov 19 10:03:02 2014 +0000

    Fix KeyError when filtering SG rule listing

    extend_list API of ListSecurityGroupRule class assumes that the data
    includes security_group_id and remote_group_id fields, which may not
    be the case when we filter on other fields. This patch addresses this
    issue.

    Closes-Bug: #1359230
    Change-Id: Icb38e6e926ae441116ac4a895650f80c24d373a6

Changed in python-neutronclient:
status: In Progress → Fix Committed
Akihiro Motoki (amotoki)
Changed in python-neutronclient:
milestone: none → 2.3.11
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.