openstack-resource-controller icon indicating copy to clipboard operation
openstack-resource-controller copied to clipboard
verified publisher icon k-orc

SecurityGroup incorrectly marked available if rules fail

Open mdbooth opened this issue 1 year ago • 1 comments

Security group creation and rule addition both happen in 'create', which only happens once, and sets security group ID even if the rules were not created. Therefore, if the security group is successfully created but the rules are not created, the next reconcile will set the security group id and incorrectly mark it available.

I think the simplest solution is to move rule creation in to a separate 'update' action.

mdbooth avatar Dec 12 '24 15:12 mdbooth

There recently was a lot of refactoring in security groups, and now the security group rules creation happens as part of the security group update.

That said, the security group is still marked as Available as soon as the object exists, which is problematic if we expect the Available status to mean "the observed OpenStack resource matches the spec".

mandre avatar Feb 04 '25 12:02 mandre