[Openstack] [neutron] cannot list "default" security group with Neutron API?

Riccardo Murri riccardo.murri at uzh.ch
Tue Jun 27 10:30:22 UTC 2017 

Hello,

I'm trying to add some rules to the "default" security group of a
newly-created project, using the Neutron API 2.0.

However, it seems that the "default" security group is automatically
created but it is not returned by Neutron client's
`list_security_groups()` API call.  My code works just fine if I use any
security group name other than "default".

This is an example interaction, which shows that there is no security
group returned for the project::

    >>> project.id
    u'b26ed1aa29e64c3abeade0a47867eee3'
    >>> response = self.neutron.list_security_groups()  # self.neutron is a neutron_client.v2.Client instance
    >>> secgroups = response['security_groups']
    >>> all_sg_ids = [(sg['id'], sg['tenant_id']) for sg in secgroups]
    >>> all_sg_ids
    [(u'01de4e38-55ea-4b82-8583-274b1bded41a', u'0ff1f3d07fbd4d41892cdf85d7a7d1a9'), ... ]
    >>> len(all_sg_ids)
    17
    >>> project_sg_ids = [(sg['id'], sg['tenant_id']) for sg in secgroups if sg['tenant_id'] == project.id]
    >>> project_sg_ids
    []

Shouldn't the "default" security group be listed there?

In more details, this is the code I'm using (which, again, works as
expected if I use any security group name other than "default")::

    class Projects(object):
        def __init__(self):
            self.session = get_session()
            self.keystone = keystone_client.Client(session=self.session)
            self.neutron = neutron_client.Client(session=self.session)
            self.nova = nova_client('2', session=self.session)
            # ...

        # ...

        def create(self, form):
            domain = self.keystone.domains.get(config.os_project_domain_id)
            project = self.keystone.projects.create(
                form.name.data,
                domain,
                description=form.description.data,
                enabled=False,  # will enable after configuring it
                # ...
            )
            try:
                response = self.neutron.create_security_group({
                    'security_group': {
                        'tenant_id': project.id,
                        'name': 'default',  # works if I change to e.g. 'TEST'
                        'description': "Default security group",
                    }
                })
            except Conflict:
                # security group already exists, fetch it
                # `find_security_group_by_name()` is a small filter
                # for `list_security_groups()` results
                default_sg = find_security_group_by_name(self.neutron, project.id, 'default')
            # ... do something with the sec group ...

What am I doing wrong?

Thanks,
Riccardo

-- 
Riccardo Murri
http://www.s3it.uzh.ch/about/team/#Riccardo.Murri

S3IT: Services and Support for Science IT
University of Zurich
Winterthurerstrasse 190, CH-8057 Zürich (Switzerland)

Tel: +41 44 635 4208
Fax: +41 44 635 6888

More information about the Openstack mailing list