DescribeGroups: Groups are not sorted properly
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
Low
|
Ricardo Carrillo Cruz |
Bug Description
I have created 2 projects and each project is having 1-2 groups.
If I run DescribeSecurit
Actual Result:-
root@ubuntu-
GROUP project-1 default default
PERMISSION project-1 default ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0
GROUP project-2 default default
PERMISSION project-2 default ALLOWS icmp -1 -1 FROM CIDR 0.0.0.0/24
GROUP project-1 test test
GROUP project-2 test test
GROUP project-1 test1 test
Expected Result:-
root@ubuntu-
GROUP project-1 default default
PERMISSION project-1 default ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0
GROUP project-1 test test
GROUP project-1 test1 test
GROUP project-2 default default
PERMISSION project-2 default ALLOWS icmp -1 -1 FROM CIDR 0.0.0.0/24
GROUP project-2 test test
Related branches
- Devin Carlen (community): Approve
- Jay Pipes (community): Approve
-
Diff: 13 lines (+2/-1)1 file modifiednova/api/ec2/cloud.py (+2/-1)
Changed in nova: | |
importance: | Undecided → Low |
status: | New → Confirmed |
Changed in nova: | |
assignee: | nobody → Ricardo Carrillo Cruz (rcc) |
Changed in nova: | |
status: | Confirmed → In Progress |
Changed in nova: | |
status: | In Progress → Fix Released |
Added a LOG line to nova/api/ ec2/cloud. py:
def describe_ security_ groups( self, context, group_name=None, **kwargs):
self.compute_ api.ensure_ default_ security_ group(context) user.is_ admin() : group_get_ all(context) group_get_ by_project( context,
context. project_ id) format_ security_ group(context, g) for g in groups]
LOG.debug( _("Groups after format_ security_ group: %s"), groups, context=context)
if context.
groups = db.security_
else:
groups = db.security_
groups = [self._
This way I can see what's going on.
Ran these commands to reproduce:
root@dormammu- VirtualBox: /home/dormammu/ src/nova/ lp708329/ bin# euca-add-group -a admin:project-1 -d test test VirtualBox: /home/dormammu/ src/nova/ lp708329/ bin# euca-add-group -a admin:project-2 -d test test VirtualBox: /home/dormammu/ src/nova/ lp708329/ bin# euca-add-group -a admin:project-1 -d test test1 VirtualBox: /home/dormammu/ src/nova/ lp708329/ bin# euca-describe- groups VirtualBox: /home/dormammu/ src/nova/ lp708329/ bin# euca-describe- groups
GROUP test test
root@dormammu-
GROUP test test
root@dormammu-
GROUP test1 test
root@dormammu-
GROUP admin default default
GROUP project-1 default default
GROUP project-1 test test
GROUP project-2 default default
GROUP project-2 test test
GROUP project-1 test1 test
root@dormammu-
GROUP admin default default
GROUP project-1 default default
GROUP project-1 test test
GROUP project-2 default default
GROUP project-2 test test
GROUP project-1 test1 test
So, I can reproduce the same thing as the reporter.
Interestingly enough, I see this on the nova api log worker after adding the aforementioned log line:
2011-02-11 21:36:34,659 DEBUG nova.api [-] action: DescribeSecurit yGroups from MainProcess (pid=4984) __call__ /home/dormammu/ src/nova/ lp708329/ nova/api/ ec2/__init_ _.py:212 I9Z2TS admin admin] Groups after format_ security_ group: [{'ipPermissions': [], 'groupName': u'default', 'groupDescription': u'default', 'ownerId': u'admin'}, {'ipPermissions': [], 'groupName': u'default', 'groupDescription': u'default', 'ownerId': u'project-1'}, {'ipPermissions': [], 'groupName': u'test', 'groupDescription': u'test', 'ownerId': u'project-1'}, {'ipPermissions': [], 'groupName': u'default', 'groupDescription': u'default', 'ownerId': u'project-2'}, {'ipPermissions': [], 'groupName': u'test', 'groupDescription': u'test', 'ownerId': u'project-2'}, {'ipPermissions': [], 'groupName': u'test1', 'groupDescription': u'test', 'ownerId': u'project-1'}] from MainProcess (pid=4984) describe_ security_ groups /home/dormammu/ src/nova/ lp708329/ nova/api/ ec2/cloud. py:327
2011-02-11 21:36:34,695 DEBUG nova.api.cloud [94DRVMBGWG40TL
The ownerId field shows something I didn't expect, a project name as the value of the field (u'project-1') . I would expect something like 'admin:project-1' or another key in the group dictionary to hold the project.
I need to investigate what we store for groups in the DB.