>Are there any other providers that support this? We should do a sweep to make >sure this is common, but that can happen after use.
AFAIK there are no other providers that support this. However, I see value in adding this to this portable class: Without it, it would be really hard (if not impossible) to properly implement the `SecurityGroupExtension` for CloudSigma: a rule that says `!192.168.0.0/24` should translate in our portable model into a set of rules, one for each CIDR block that is not in that range. Although this can be done (and @Kentzo from CloudSigma already came up with [an algorithm to do that](https://gist.github.com/nacx/94e39a2eb4d2dd92a1fc)), the inverse process should already be done: given a set of rules, check if they correspond to a "negation one". This can be done, but then there is the problem that the `SecurityGroupExtension` allows you to, for example, remove a single `IpPermission`. If a "negation" rule translates into a "set" of rules, then a user could try to just remove one of them, and that makes really really hard to keep a state that is consistent with the provider. For this reasons, I think it is a reasonable trade-off. Having this in the portable interface, even if it is not widely supported seems harmless to me. It doesn't break any existing provider, and semantically makes sense. I see it the same way as other fields in this class such as the security groups or tenants. They're not supported in a majority of providers, but without them, the `SecurityGroupExtension` couldn't be properly implemented the ones that support that. --- Reply to this email directly or view it on GitHub: https://github.com/jclouds/jclouds/pull/567#issuecomment-58625746
