Public bug reported: https://docs.openstack.org/api-ref/network/v2/#port-security
The explanation as of the time of writing is as follows: "The port-security extension adds the port_security_enabled boolean attribute to networks. At the network level, port_security_enabled defines the default value for new ports attached to the network; they will inherit the value of their network’s port_security_enabled unless explicitly set on the port itself. While the default value for port_security_enabled is true, this can be changed by updating the respective network. Note that changing a value of port_security_enabled on a network, does not cascade the value to ports attached to the network." It explains how the attribute behaves and how it's inherited by ports, but there is no explanation of what the attribute DOES. Does it disable anti-spoofing? Or SGs? Or both? Is the fact that - traditionally - port_security_enabled=false disables both the intent of the API, or it's just a historical fact on how drivers - traditionally - implement the API? Same problem as to how port level extension is explained: https://docs.openstack.org/api-ref/network/v2/#id53 "The port-security extension adds the port_security_enabled boolean attribute to ports. If a port-security value is not specified during port creation, a port will inherit the port_security_enabled from the network its connected to." ** Affects: neutron Importance: Undecided Status: New ** Tags: api-ref -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1946250 Title: Neutron API reference should explain the intended behavior of port security extension Status in neutron: New Bug description: https://docs.openstack.org/api-ref/network/v2/#port-security The explanation as of the time of writing is as follows: "The port-security extension adds the port_security_enabled boolean attribute to networks. At the network level, port_security_enabled defines the default value for new ports attached to the network; they will inherit the value of their network’s port_security_enabled unless explicitly set on the port itself. While the default value for port_security_enabled is true, this can be changed by updating the respective network. Note that changing a value of port_security_enabled on a network, does not cascade the value to ports attached to the network." It explains how the attribute behaves and how it's inherited by ports, but there is no explanation of what the attribute DOES. Does it disable anti-spoofing? Or SGs? Or both? Is the fact that - traditionally - port_security_enabled=false disables both the intent of the API, or it's just a historical fact on how drivers - traditionally - implement the API? Same problem as to how port level extension is explained: https://docs.openstack.org/api-ref/network/v2/#id53 "The port-security extension adds the port_security_enabled boolean attribute to ports. If a port-security value is not specified during port creation, a port will inherit the port_security_enabled from the network its connected to." To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1946250/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
