[openstack-dev] [nova] security_groups extension in nova api v3
melwitt at yahoo-inc.com
Tue Aug 13 22:35:44 UTC 2013
On Aug 13, 2013, at 2:11 AM, Day, Phil wrote:
> If we really want to get clean separation between Nova and Neutron in the V3 API should we consider making the Nov aV3 API only accept lists o port ids in the server create command ?
> That way there would be no need to every pass security group information into Nova.
> Any cross project co-ordination (for example automatically creating ports) could be handled in the client layer, rather than inside Nova.
Server create is always (until there's a separate layer) going to go cross project calling other apis like neutron and cinder while an instance is being provisioned. For that reason, I tend to think it's ok to give some extra convenience of automatically creating ports if needed, and being able to specify security groups.
For the associate and disassociate, the only convenience is being able to use the instance display name and security group name, which is already handled at the client layer. It seems a clearer case of duplicating what neutron offers.
More information about the OpenStack-dev