Hi all, I have struggled with SecurityGroup and SecurityGroupRule object model for a while. And I have some questions about how to handle with SecurityGroup from Neutron. Here is the work flow for my solution now: [cid:[email protected]] Before Object Model, SecurityGroup is a dict and contains SecurityGroupRule like this: {'id': 1, 'ip_protocol': 'tcp', 'from_port': 22, 'to_port': 22, rules: []} With Object Model, SecurityGroup and SecurityGroupRule will be two individual identities. Only SecurityGroupRule knows who its parent_group is. But sometimes we only have SecurityGroup and need to know its rules. So we need to search in dB to find its rules. This works fine with nova SecurityGroup. But it doesn't work with Neutron SecurityGroup, because they are not in Nova dB. Right now, I pass neutron securityGroup to EC2 as dict, and EC2 will behavior varies depends on the SecurityGroup they received.
So the problem is do we have to convert the neutron group into object model as well? If so, then where to store the group and rule information, like nova dB? (I tried to save them in API request or store in neutron_driver, but they can't work) Otherwise we need to modify the design of Security Group Object, like combine them into one object? You can see more details here: https://review.openstack.org/#/c/59655/ Best Regards, Tan
<<inline: image001.png>>
_______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
