<html><head><meta http-equiv="Content-Type" content="text/html charset=iso-8859-1"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Personally I think that we shouldn't enforce the id. The id should be treated as a unique string and it is just an implementation detail that the nova-network backend uses an integer. We had a number of other resources in nova that were implemented on the backend as integers and later changed to using uuids.<div><br></div><div>Vish<br><div><div>On Jul 10, 2013, at 3:12 AM, Jordan Pittier <<a href="mailto:jpittier@octo.com">jpittier@octo.com</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div dir="ltr">Hi,<div>Any ideas on this one ? Maybe I should forward this email to a more specific ML ?</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Jul 4, 2013 at 4:36 PM, Jordan Pittier <span dir="ltr"><<a href="mailto:jpittier@octo.com" target="_blank">jpittier@octo.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><span style="font-family:arial,sans-serif;font-size:13px">Hi guys,</span><div style="font-family:arial,sans-serif;font-size:13px">
<br></div><div style="font-family:arial,sans-serif;font-size:13px">As you may know :</div>
<div style="font-family:arial,sans-serif;font-size:13px">* with Quantum, secgroups are uniquely identified by UUID.</div><div style="font-family:arial,sans-serif;font-size:13px">* with Nova-Net, secgroups are uniquely identified by numerical ID. </div>
<div style="font-family:arial,sans-serif;font-size:13px"><br></div><div style="font-family:arial,sans-serif;font-size:13px">At the moment Nova-api, before calling Nova-Net or Quantum,(see nova/api/openstack/compute/contrib/security_group*) performs some calls to validate_id(), defined in :</div>
<div style="font-family:arial,sans-serif;font-size:13px">* nova/network/security_group/quantum_drive.py for Quantum</div><div style="font-family:arial,sans-serif;font-size:13px">* nova/compute/api.py for Nova-Net</div><div style="font-family:arial,sans-serif;font-size:13px">
<br></div><div style="font-family:arial,sans-serif;font-size:13px">Validate_id() raises an HTTPBadRequest in case the identifier is not an UUID for Quantum or an ID for Nova-Net.</div><div style="font-family:arial,sans-serif;font-size:13px">
<br></div><div style="font-family:arial,sans-serif;font-size:13px"><br></div><div style="font-family:arial,sans-serif;font-size:13px">The first thing to notice is that : (1) It's Nova-API that performs identifier validation and raises the exception.</div>
<div style="font-family:arial,sans-serif;font-size:13px"><br></div><div style="font-family:arial,sans-serif;font-size:13px"><br></div><div style="font-family:arial,sans-serif;font-size:13px">This API mismatch breaks 4 Tempest tests (see <a href="http://bugs.launchpad.net/tempest/+bug/1182384" target="_blank">bugs.launchpad.net/tempest/+bug/1182384</a>) and could be confusing to the user as Sean Dague reported in this bug report.</div>
<div style="font-family:arial,sans-serif;font-size:13px"><br></div><div style="font-family:arial,sans-serif;font-size:13px">I see several approaches to deal with this :</div><div style="font-family:arial,sans-serif;font-size:13px">
1) This API change can't be hidden, clients (and Tempest) must refer to security groups by their specific identifier. Ie Clients must be aware of the backing network implementation. (see <a href="http://review.openstack.org/#/c/29899/" target="_blank">review.openstack.org/#/c/29899/</a>)</div>
<div style="font-family:arial,sans-serif;font-size:13px">2) Encapsulate all calls to validate_id() in a try/catch HTTPBadRequest and raise a HTTPNotFound instead (exception translation)</div><div style="font-family:arial,sans-serif;font-size:13px">
3) Don't do any kind of validation neither for Nova-Net not Quantum. Some unit tests in test_quantum_security_groups.TestQuantumSecurityGroups must be adapted/removed. (see <a href="http://review.openstack.org/#/c/35285/" target="_blank">review.openstack.org/#/c/35285/</a> patchset 2 and 4 for 2 different approaches). Let Quantum and Nova-Net deal with malformed inputs.</div>
<div style="font-family:arial,sans-serif;font-size:13px"><br></div><div style="font-family:arial,sans-serif;font-size:13px">What do you think ? </div><div style="font-family:arial,sans-serif;font-size:13px">Thanks a lot !</div>
<span class="HOEnZb"><font color="#888888">
<div style="font-family:arial,sans-serif;font-size:13px">Jordan</div></font></span></div>
</blockquote></div><br></div>
_______________________________________________<br>OpenStack-dev mailing list<br><a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev<br></blockquote></div><br></div></body></html>