cloudstack
cloudstack copied to clipboard
apache
Security group fields in the listVirtualmachines API call's response doesn't change
In listVirtualMachines' response, we have a security group field. After further investigation, we noticed that this field doesn't change at all even if I add the ingress rule to the VM.
(local) > list virtualmachines id="152ee2cf-d9fb-4281-b222-1a9b1b73ef57" filter=id,name,displayname,securitygroup listall=true
{
"count": 1,
"virtualmachine": [
{
"displayname": "Sina-test-security-groups",
"id": "152ee2cf-d9fb-4281-b222-1a9b1b73ef57",
"name": "Sina-test-security-groups",
"securitygroup": [
{
"account": "admin",
"description": "",
"egressrule": [],
"id": "a2a75240-a7f2-42a4-9812-a9954b2d5ab2",
"ingressrule": [],
"name": "Sina-test",
"tags": [],
"virtualmachineids": []
}
]
}
]
}
(local) > list securitygroups virtualmachineid=152ee2cf-d9fb-4281-b222-1a9b1b73ef57
{
"count": 1,
"securitygroup": [
{
"account": "admin",
"description": "",
"domain": "ROOT",
"domainid": "84c14489-6263-11e3-aa07-d89d6717918c",
"egressrule": [],
"id": "a2a75240-a7f2-42a4-9812-a9954b2d5ab2",
"ingressrule": [
{
"cidr": "10.0.0.0/8",
"endport": 20,
"protocol": "tcp",
"ruleid": "506815f8-1586-4353-ac70-8009cff65be8",
"startport": 20,
"tags": []
}
],
"name": "Sina-test",
"tags": [],
"virtualmachinecount": 1,
"virtualmachineids": [
"152ee2cf-d9fb-4281-b222-1a9b1b73ef57"
]
}
]
}
ISSUE TYPE
- Bug Report
COMPONENT NAME
API
CLOUDSTACK VERSION
4.17.2
CONFIGURATION
Basic network with security group
SUMMARY
When I was testing a firewall rules, I noticed that adding an ingress rules to a VM's security group doesn't have any affect on the listVirtualmachines api call output. The ingress rule is always empty. As a result our automation tools should call two APIs rather than one to get correct informations. One to get the informations about the VM and another one to get security groups.
STEPS TO REPRODUCE
1. Call list virtual machine api call using cmk and check `securitygroup` field, it is empty.
2. Add some ingress rules to the security group.
3. Call list virtual machine api call using cmk and check `securitygroup` field again, it is empty.
EXPECTED RESULTS
The ingress rule added to the `securitygroup` field of the virtual machine API call.
ACTUAL RESULTS
The ingress rule in `securitygroup` is empty.
@soreana is this a regression since 4.17.2 or is it missing functionality?
@DaanHoogland Sorry I was on holiday.
It is missing functionality. I also checked that in 4.14. The listVirtualmachines returns an empty ingress rules list there as well.
ok, if there is a PR soon we can add it to 4.18, otherwise I'll mark it for 4.19.
@weizhouapache I'm busy with the HA Proxy customisation PR. Couldn't find a time to look into this one. :(
@DaanHoogland @weizhouapache Sorry for late answer I was on holiday.
We discussed it internally and see that this issue doesn't impact us that much and it doesn't have a priority now. We call listVirtualmachines and then call listSecurityGroups to get the security groups of the VM.
@soreana I tentatively marked it for 4.19, we can move it back into 4.18 at your wish.
@DaanHoogland, I'm setting up a CloudStack to see if I can reproduce the issue. Are we on a tight schedule for the release of 4.19.1?
@soreana , kind of, but 'we' are free to postpone as well ;) . On the other hand we can Severity:Minor so we can postpone. please adjust the milestone (4.20 or create a 4.19.2) if you wish.
@soreana my language skills were failing on that last message obviously. I created a 4.19.2 and moved this one into it. If you make it in time we can always move it back ;)