[openstack-dev] [Nova][Neutron] API inconsistencies with security groups

Joshua Hesketh joshua.hesketh at rackspace.com
Sat Apr 5 04:16:33 UTC 2014


Howdy,

I'm moving a conversation that has begun on a review to this mailing list as it
is perhaps systematic of a larger issue regarding API compatibility
(specifically between neutron and nova-networking). Unfortunately these are
areas I don't have much experience with so I'm hoping to gain some clarity
here.

There is a bug in nova where launching an instance with a given security group
is case-insensitive for nova-networks but case-sensitive for neutron. This
highlights inconsistencies but I also think this is a legitimate bug[0].
Specifically the 'nova boot' command accepts the incorrectly cased security-
group but the instance enters an error state as it has been unable to boot it.
There is an inherent mistake here where the initial check approves the
security-group name but when it comes time to assign the security group (at the
scheduler level) it fails.

I think this should be fixed but then the nova CLI behaves differently with
different tasks. For example, `nova secgroup-add-rule` is case sensitive. So in
reality it is unclear if security groups should, or should not, be case
sensitive. The API implies that they should not. The CLI has methods where some
are and some are not.

I've addressed the initial bug as a patch to the neutron driver[1] and also
amended the case-sensitive lookup in the python-novaclient[2] but both reviews
are being held up by this issue.

I guess the questions are:
  - are people aware of this inconsistency?
  - is there some documentation on the inconsistencies?
  - is a fix of this nature considered an API compatibility break?
  - and what are the expectations (in terms of case-sensitivity)?

Cheers,
Josh

[0] https://launchpad.net/bugs/1286463
[1] https://review.openstack.org/#/c/77347/
[2] https://review.openstack.org/#/c/81688/

-- 
Rackspace Australia




More information about the OpenStack-dev mailing list