On Fri, Sep 26, 2014 at 10:19 AM, Christopher Yeoh <cbkyeoh at gmail.com> wrote: > On Fri, 26 Sep 2014 11:25:49 +0400 > Oleg Bondarev <obondarev at mirantis.com> wrote: > > > On Fri, Sep 26, 2014 at 3:30 AM, Day, Phil <philip.day at hp.com> wrote: > > > > > I think the expectation is that if a user is already interaction > > > with Neutron to create ports then they should do the security group > > > assignment in Neutron as well. > > > > > > > Agree. However what do you think a user expects when he/she boots a > > vm (no matter providing port_id or just net_id) > > and specifies security_groups? I think the expectation should be that > > instance will become a member of the specified groups. > > Ignoring security_groups parameter in case port is provided (as it is > > now) seems completely unfair to me. > > One option would be to return a 400 if both port id and security_groups > is supplied. > FWIW this is what has been implemented in Heat when such request is made (see discussion on the bug report and [1]) Simon [1] http://git.openstack.org/cgit/openstack/heat/commit/?id=5c5e36de3737a85bec5023c94265e6bbaf6ad78e > > Chris > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140926/2cce400f/attachment.html>