On Fri, Sep 26, 2014 at 10:19 AM, Christopher Yeoh <cbky...@gmail.com> wrote:
> On Fri, 26 Sep 2014 11:25:49 +0400 > Oleg Bondarev <obonda...@mirantis.com> wrote: > > > On Fri, Sep 26, 2014 at 3:30 AM, Day, Phil <philip....@hp.com> wrote: > > > > > I think the expectation is that if a user is already interaction > > > with Neutron to create ports then they should do the security group > > > assignment in Neutron as well. > > > > > > > Agree. However what do you think a user expects when he/she boots a > > vm (no matter providing port_id or just net_id) > > and specifies security_groups? I think the expectation should be that > > instance will become a member of the specified groups. > > Ignoring security_groups parameter in case port is provided (as it is > > now) seems completely unfair to me. > > One option would be to return a 400 if both port id and security_groups > is supplied. > FWIW this is what has been implemented in Heat when such request is made (see discussion on the bug report and [1]) Simon [1] http://git.openstack.org/cgit/openstack/heat/commit/?id=5c5e36de3737a85bec5023c94265e6bbaf6ad78e > > Chris > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
