Hello,
I'm trying to add some rules to the "default" security group of a
newly-created project, using the Neutron API 2.0.
However, it seems that the "default" security group is automatically
created but it is not returned by Neutron client's
`list_security_groups()` API call. My code works just fine if I use any
security group name other than "default".
This is an example interaction, which shows that there is no security
group returned for the project::
>>> project.id
u'b26ed1aa29e64c3abeade0a47867eee3'
>>> response = self.neutron.list_security_groups() # self.neutron is a
neutron_client.v2.Client instance
>>> secgroups = response['security_groups']
>>> all_sg_ids = [(sg['id'], sg['tenant_id']) for sg in secgroups]
>>> all_sg_ids
[(u'01de4e38-55ea-4b82-8583-274b1bded41a',
u'0ff1f3d07fbd4d41892cdf85d7a7d1a9'), ... ]
>>> len(all_sg_ids)
17
>>> project_sg_ids = [(sg['id'], sg['tenant_id']) for sg in secgroups if
sg['tenant_id'] == project.id]
>>> project_sg_ids
[]
Shouldn't the "default" security group be listed there?
In more details, this is the code I'm using (which, again, works as
expected if I use any security group name other than "default")::
class Projects(object):
def __init__(self):
self.session = get_session()
self.keystone = keystone_client.Client(session=self.session)
self.neutron = neutron_client.Client(session=self.session)
self.nova = nova_client('2', session=self.session)
# ...
# ...
def create(self, form):
domain = self.keystone.domains.get(config.os_project_domain_id)
project = self.keystone.projects.create(
form.name.data,
domain,
description=form.description.data,
enabled=False, # will enable after configuring it
# ...
)
try:
response = self.neutron.create_security_group({
'security_group': {
'tenant_id': project.id,
'name': 'default', # works if I change to e.g. 'TEST'
'description': "Default security group",
}
})
except Conflict:
# security group already exists, fetch it
# `find_security_group_by_name()` is a small filter
# for `list_security_groups()` results
default_sg = find_security_group_by_name(self.neutron,
project.id, 'default')
# ... do something with the sec group ...
What am I doing wrong?
Thanks,
Riccardo
--
Riccardo Murri
http://www.s3it.uzh.ch/about/team/#Riccardo.Murri
S3IT: Services and Support for Science IT
University of Zurich
Winterthurerstrasse 190, CH-8057 Zürich (Switzerland)
Tel: +41 44 635 4208
Fax: +41 44 635 6888
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
