def describe_security_groups(self, context, group_name=None, **kwargs): self.compute_api.ensure_default_security_group(context)
if context.user.is_admin():
groups = db.security_group_get_all(context)
else:
groups = db.security_group_get_by_project(context, context.project_id)
groups = [self._format_security_group(context, g) for g in groups] LOG.debug(_("Groups after format_security_group: %s"), groups, context=context)
This way I can see what's going on.
Ran these commands to reproduce:
root@dormammu-VirtualBox:/home/dormammu/src/nova/lp708329/bin# euca-add-group -a admin:project-1 -d test test
GROUP test test
root@dormammu-VirtualBox:/home/dormammu/src/nova/lp708329/bin# euca-add-group -a admin:project-2 -d test test
GROUP test test
root@dormammu-VirtualBox:/home/dormammu/src/nova/lp708329/bin# euca-add-group -a admin:project-1 -d test test1
GROUP test1 test
root@dormammu-VirtualBox:/home/dormammu/src/nova/lp708329/bin# euca-describe-groups
GROUP admin default default
GROUP project-1 default default
GROUP project-1 test test
GROUP project-2 default default
GROUP project-2 test test
GROUP project-1 test1 test
root@dormammu-VirtualBox:/home/dormammu/src/nova/lp708329/bin# euca-describe-groups
GROUP admin default default
GROUP project-1 default default
GROUP project-1 test test
GROUP project-2 default default
GROUP project-2 test test
GROUP project-1 test1 test
So, I can reproduce the same thing as the reporter.
Interestingly enough, I see this on the nova api log worker after adding the aforementioned log line:
The ownerId field shows something I didn't expect, a project name as the value of the field (u'project-1') . I would expect something like 'admin:project-1' or another key in the group dictionary to hold the project.
I need to investigate what we store for groups in the DB.
Added a LOG line to nova/api/ ec2/cloud. py:
def describe_ security_ groups( self, context, group_name=None, **kwargs):
self.compute_ api.ensure_ default_ security_ group(context) user.is_ admin() : group_get_ all(context) group_get_ by_project( context,
context. project_ id) format_ security_ group(context, g) for g in groups]
LOG.debug( _("Groups after format_ security_ group: %s"), groups, context=context)
if context.
groups = db.security_
else:
groups = db.security_
groups = [self._
This way I can see what's going on.
Ran these commands to reproduce:
root@dormammu- VirtualBox: /home/dormammu/ src/nova/ lp708329/ bin# euca-add-group -a admin:project-1 -d test test VirtualBox: /home/dormammu/ src/nova/ lp708329/ bin# euca-add-group -a admin:project-2 -d test test VirtualBox: /home/dormammu/ src/nova/ lp708329/ bin# euca-add-group -a admin:project-1 -d test test1 VirtualBox: /home/dormammu/ src/nova/ lp708329/ bin# euca-describe- groups VirtualBox: /home/dormammu/ src/nova/ lp708329/ bin# euca-describe- groups
GROUP test test
root@dormammu-
GROUP test test
root@dormammu-
GROUP test1 test
root@dormammu-
GROUP admin default default
GROUP project-1 default default
GROUP project-1 test test
GROUP project-2 default default
GROUP project-2 test test
GROUP project-1 test1 test
root@dormammu-
GROUP admin default default
GROUP project-1 default default
GROUP project-1 test test
GROUP project-2 default default
GROUP project-2 test test
GROUP project-1 test1 test
So, I can reproduce the same thing as the reporter.
Interestingly enough, I see this on the nova api log worker after adding the aforementioned log line:
2011-02-11 21:36:34,659 DEBUG nova.api [-] action: DescribeSecurit yGroups from MainProcess (pid=4984) __call__ /home/dormammu/ src/nova/ lp708329/ nova/api/ ec2/__init_ _.py:212 I9Z2TS admin admin] Groups after format_ security_ group: [{'ipPermissions': [], 'groupName': u'default', 'groupDescription': u'default', 'ownerId': u'admin'}, {'ipPermissions': [], 'groupName': u'default', 'groupDescription': u'default', 'ownerId': u'project-1'}, {'ipPermissions': [], 'groupName': u'test', 'groupDescription': u'test', 'ownerId': u'project-1'}, {'ipPermissions': [], 'groupName': u'default', 'groupDescription': u'default', 'ownerId': u'project-2'}, {'ipPermissions': [], 'groupName': u'test', 'groupDescription': u'test', 'ownerId': u'project-2'}, {'ipPermissions': [], 'groupName': u'test1', 'groupDescription': u'test', 'ownerId': u'project-1'}] from MainProcess (pid=4984) describe_ security_ groups /home/dormammu/ src/nova/ lp708329/ nova/api/ ec2/cloud. py:327
2011-02-11 21:36:34,695 DEBUG nova.api.cloud [94DRVMBGWG40TL
The ownerId field shows something I didn't expect, a project name as the value of the field (u'project-1') . I would expect something like 'admin:project-1' or another key in the group dictionary to hold the project.
I need to investigate what we store for groups in the DB.