Comment 1 for bug 708329

Added a LOG line to nova/api/ec2/cloud.py:

    def describe_security_groups(self, context, group_name=None, **kwargs):
        self.compute_api.ensure_default_security_group(context)
        if context.user.is_admin():
            groups = db.security_group_get_all(context)
        else:
            groups = db.security_group_get_by_project(context,
                                                      context.project_id)
        groups = [self._format_security_group(context, g) for g in groups]
        LOG.debug(_("Groups after format_security_group: %s"), groups, context=context)

This way I can see what's going on.

Ran these commands to reproduce:

root@dormammu-VirtualBox:/home/dormammu/src/nova/lp708329/bin# euca-add-group -a admin:project-1 -d test test
GROUP test test
root@dormammu-VirtualBox:/home/dormammu/src/nova/lp708329/bin# euca-add-group -a admin:project-2 -d test test
GROUP test test
root@dormammu-VirtualBox:/home/dormammu/src/nova/lp708329/bin# euca-add-group -a admin:project-1 -d test test1
GROUP test1 test
root@dormammu-VirtualBox:/home/dormammu/src/nova/lp708329/bin# euca-describe-groups
GROUP admin default default
GROUP project-1 default default
GROUP project-1 test test
GROUP project-2 default default
GROUP project-2 test test
GROUP project-1 test1 test
root@dormammu-VirtualBox:/home/dormammu/src/nova/lp708329/bin# euca-describe-groups
GROUP admin default default
GROUP project-1 default default
GROUP project-1 test test
GROUP project-2 default default
GROUP project-2 test test
GROUP project-1 test1 test

So, I can reproduce the same thing as the reporter.
Interestingly enough, I see this on the nova api log worker after adding the aforementioned log line:

2011-02-11 21:36:34,659 DEBUG nova.api [-] action: DescribeSecurityGroups from MainProcess (pid=4984) __call__ /home/dormammu/src/nova/lp708329/nova/api/ec2/__init__.py:212
2011-02-11 21:36:34,695 DEBUG nova.api.cloud [94DRVMBGWG40TLI9Z2TS admin admin] Groups after format_security_group: [{'ipPermissions': [], 'groupName': u'default', 'groupDescription': u'default', 'ownerId': u'admin'}, {'ipPermissions': [], 'groupName': u'default', 'groupDescription': u'default', 'ownerId': u'project-1'}, {'ipPermissions': [], 'groupName': u'test', 'groupDescription': u'test', 'ownerId': u'project-1'}, {'ipPermissions': [], 'groupName': u'default', 'groupDescription': u'default', 'ownerId': u'project-2'}, {'ipPermissions': [], 'groupName': u'test', 'groupDescription': u'test', 'ownerId': u'project-2'}, {'ipPermissions': [], 'groupName': u'test1', 'groupDescription': u'test', 'ownerId': u'project-1'}] from MainProcess (pid=4984) describe_security_groups /home/dormammu/src/nova/lp708329/nova/api/ec2/cloud.py:327

The ownerId field shows something I didn't expect, a project name as the value of the field (u'project-1') . I would expect something like 'admin:project-1' or another key in the group dictionary to hold the project.

I need to investigate what we store for groups in the DB.