[Openstack-security] [Bug 1289195] Re: The duplicate security group name cause don't know witch security group use in instance

Lee Li lilinguo8212 at gmail.com
Tue Mar 11 02:39:47 UTC 2014 

** Description changed:

  When create a security group, the duplicate name is allowed.
- In create a instance, which security group to use is designed by sg name, this may cause the user don't know witch sg is used and it may be not the user wanted. So the duplicate name of sg should be not allowed.
+ In create a instance, duplicate sg name will cause exception. 
+ So the duplicate name of sg should be not allowed.
  
- In create instance, it's use set to filter the duplicate sg like:
- sg_names = list(set(sg_names))
+ In nova.network.neutronv2.API:allocate_for_instance
+ for security_group in security_groups:
+     name_match = None
+     uuid_match = None
+     for user_security_group in user_security_groups:
+         if user_security_group['name'] == security_group:         # if have duplicate sg name, the name_match will not be None for the second matching.
+             if name_match:
+                 raise exception.NoUniqueMatch(
+                     _("Multiple security groups found matching"
+                        " '%s'. Use an ID to be more specific.") %
+                     security_group)
+ 
+             name_match = user_security_group['id']
+         if user_security_group['id'] == security_group:
+             uuid_match = user_security_group['id']

** Description changed:

  When create a security group, the duplicate name is allowed.
- In create a instance, duplicate sg name will cause exception. 
- So the duplicate name of sg should be not allowed.
+ In create a instance, duplicate sg name will cause exception and the instance will be started fail. So the duplicate name of sg should be not allowed.
  
  In nova.network.neutronv2.API:allocate_for_instance
  for security_group in security_groups:
-     name_match = None
-     uuid_match = None
-     for user_security_group in user_security_groups:
-         if user_security_group['name'] == security_group:         # if have duplicate sg name, the name_match will not be None for the second matching.
-             if name_match:
-                 raise exception.NoUniqueMatch(
-                     _("Multiple security groups found matching"
-                        " '%s'. Use an ID to be more specific.") %
-                     security_group)
+     name_match = None
+     uuid_match = None
+     for user_security_group in user_security_groups:
+         if user_security_group['name'] == security_group:         # if have duplicate sg name, the name_match will not be None for the second matching.
+             if name_match:
+                 raise exception.NoUniqueMatch(
+                     _("Multiple security groups found matching"
+                        " '%s'. Use an ID to be more specific.") %
+                     security_group)
  
-             name_match = user_security_group['id']
-         if user_security_group['id'] == security_group:
-             uuid_match = user_security_group['id']
+             name_match = user_security_group['id']
+         if user_security_group['id'] == security_group:
+             uuid_match = user_security_group['id']

** Summary changed:

- The duplicate security group name cause don't know witch security group use in instance
+ Duplicate security group name cause fail to start instance

-- 
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1289195

Title:
  Duplicate security group name cause fail to start instance

Status in OpenStack Neutron (virtual network service):
  In Progress

Bug description:
  When create a security group, the duplicate name is allowed.
  In create a instance, duplicate sg name will cause exception and the instance will be started fail. So the duplicate name of sg should be not allowed.

  In nova.network.neutronv2.API:allocate_for_instance
  for security_group in security_groups:
      name_match = None
      uuid_match = None
      for user_security_group in user_security_groups:
          if user_security_group['name'] == security_group:         # if have duplicate sg name, the name_match will not be None for the second matching.
              if name_match:
                  raise exception.NoUniqueMatch(
                      _("Multiple security groups found matching"
                         " '%s'. Use an ID to be more specific.") %
                      security_group)

              name_match = user_security_group['id']
          if user_security_group['id'] == security_group:
              uuid_match = user_security_group['id']

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1289195/+subscriptions

More information about the Openstack-security mailing list