On 9/26/2014 3:19 AM, Christopher Yeoh wrote:
On Fri, 26 Sep 2014 11:25:49 +0400
Oleg Bondarev <obonda...@mirantis.com> wrote:
On Fri, Sep 26, 2014 at 3:30 AM, Day, Phil <philip....@hp.com> wrote:
I think the expectation is that if a user is already interaction
with Neutron to create ports then they should do the security group
assignment in Neutron as well.
Agree. However what do you think a user expects when he/she boots a
vm (no matter providing port_id or just net_id)
and specifies security_groups? I think the expectation should be that
instance will become a member of the specified groups.
Ignoring security_groups parameter in case port is provided (as it is
now) seems completely unfair to me.
One option would be to return a 400 if both port id and security_groups
is supplied.
Chris
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
I'd get behind this, it would keep the complexity in nova low if you're
already using neutron.
We already have some validation like this today in the compute API
depending on what you're providing on the request for networks, fixed
IPs and ports.
--
Thanks,
Matt Riedemann
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
