Updates to VIF port's security_groups field not reflected in underlying IPAddrGroups
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
midonet |
Fix Committed
|
Undecided
|
Unassigned |
Bug Description
Translation of VIF port updates does not take into account the possibility that the port's security_groups field may have changed. Consequently, adding a security group ID to a VIF port's security_groups does not add the VIF port's IP address(es) to the corresponding Midonet IPAddrGroup. Likewise, removing the security group ID from the port's security_groups does not remove the port's IP address(es) from the underlying IPAddrGroup.
The updated port will begin using the security rules for any added security groups and stop using the security rules for any dremoved security groups, as it should. However, other ports with security-
affects: | networking-midonet → midonet |
summary: |
- When a port is removed from a security group. its IP address is not - removed from the Midonet IPAddrGroup + Updates to VIF port's security_groups field not reflected in underlying + IPAddrGroups |
Changed in midonet: | |
status: | New → Fix Committed |