[Security Groups] When using neutron CLI, if non-existing project is given when listing the SGs, a default SG is created
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| neutron |
In Progress
|
Low
|
Rodolfo Alonso | ||
Bug Description
When using the Neutron CLI, if the SGs are listed and a project is passed (as filter), even if the project does not exist, a default SG is created for this project.
This is happening when the user has admin permissions.
Example: http://
This is not happening with the OSC because the filter parameters are tested. Example:
stack@
No project with a name or ID of 'wrong_project_2' exists.
Checking if the project exists, when this argument is passed, is expensive (a call to keystone must be done). This is also happening only when using the deprecated Neutron CLI. Instead of making this check inline, I would propose an api-paste method to check, in any API call, the existence of the project if the argument is passed. This check can be disabled only removing this filter from the api-paste config.
| Changed in neutron: | |
| importance: | Undecided → Low |
| Changed in neutron: | |
| assignee: | nobody → Rodolfo Alonso (rodolfo-alonso-hernandez) |
| status: | New → In Progress |
| OpenStack Infra (hudson-openstack) wrote Related fix proposed to neutron-tempest-plugin (master) | #1 |
| OpenStack Infra (hudson-openstack) wrote Fix included in openstack/neutron 18.0.0.0rc1 | #2 |
| OpenStack Infra (hudson-openstack) wrote Change abandoned on neutron-tempest-plugin (master) | #3 |
| Brian Haley (brian-haley) wrote | #4 |
Related fix proposed to branch: master
Review: https:/