)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"7f93612c5f1968f2cdaab7c152702b325181d0f4","unresolved":false,"context_lines":[{"line_number":9,"context_line":"Users can create a port with ip_allocation\u003dnone, which means"},{"line_number":10,"context_line":"that the port will never have an IP. The result is a port"},{"line_number":11,"context_line":"with fixed_ips\u003d[]."},{"line_number":12,"context_line":"Nova needs a fixed ip to be set to apply security groups,"},{"line_number":13,"context_line":"but security groups are only allowed on a neutron port if its"},{"line_number":14,"context_line":"port_security attribute is set to True."},{"line_number":15,"context_line":"Hence, nova can allow a VM to boot with an unaddressed port specified if"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":3,"id":"3f79a3b5_ca083ad8","line":12,"range":{"start_line":12,"start_character":0,"end_line":12,"end_character":56},"updated":"2018-11-27 17:32:14.000000000","message":"im not sure why nova would need a fixed ip actully.\nthe current code may for leagcy reasons but in theory\ni dont think it is required.\n\nneutron security groups apply to the port not the ip.\nin fact you can apply security groups that look just at the Ethernet frame.","commit_id":"740b0eac373ba75af7969c38a2a3a165408ece10"}],"nova/network/neutronv2/api.py":[{"author":{"_account_id":9555,"name":"Matthew Booth","email":"mbooth@redhat.com","username":"MatthewBooth"},"change_message_id":"0f40be528c7ae2974721c6ba47b7a58b56c88573","unresolved":false,"context_lines":[{"line_number":826,"context_line":"                                  network, instance\u003dinstance)"},{"line_number":827,"context_line":"                        raise exception.SecurityGroupCannotBeApplied()"},{"line_number":828,"context_line":"                else:"},{"line_number":829,"context_line":"                    if security_group_ids:"},{"line_number":830,"context_line":"                        # We don\u0027t want to apply security groups on port"},{"line_number":831,"context_line":"                        # for a network defined with"},{"line_number":832,"context_line":"                        # \u0027port_security_enabled\u003dFalse\u0027."}],"source_content_type":"text/x-python","patch_set":2,"id":"bf659307_77c8f853","line":829,"updated":"2018-04-13 13:14:18.000000000","message":"From the bug description it seems you\u0027ve tested this, so I assume I\u0027ve missed something. From my reading of the code, it seems like we\u0027d always have added the default security group here:\n\nhttps://github.com/openstack/nova/blob/00cfb0b45432bccadfb3775ccfbe2214a440a2f1/nova/compute/api.py#L1062\n\n...which would cause this to fail. Assuming it doesn\u0027t, any idea why not?","commit_id":"5567b7897e2726c1839701b02964b4453da4da96"},{"author":{"_account_id":28722,"name":"Anton Kurbatov","email":"anton.kurbatov@acronis.com","username":"akurbatov"},"change_message_id":"9b859e529437370b97c815ea3196f288e6b9ee94","unresolved":false,"context_lines":[{"line_number":826,"context_line":"                                  network, instance\u003dinstance)"},{"line_number":827,"context_line":"                        raise exception.SecurityGroupCannotBeApplied()"},{"line_number":828,"context_line":"                else:"},{"line_number":829,"context_line":"                    if security_group_ids:"},{"line_number":830,"context_line":"                        # We don\u0027t want to apply security groups on port"},{"line_number":831,"context_line":"                        # for a network defined with"},{"line_number":832,"context_line":"                        # \u0027port_security_enabled\u003dFalse\u0027."}],"source_content_type":"text/x-python","patch_set":2,"id":"5f7c97a3_7f5f5574","line":829,"in_reply_to":"bf659307_77c8f853","updated":"2018-07-20 15:41:40.000000000","message":"AFAIU this works because there is security groups cleaning for \u0027default\u0027 group:\nSee:\nhttps://github.com/openstack/nova/blob/d9e04c4ff0b1a9c3383f1848dc846e93030d83cb/nova/network/neutronv2/api.py#L724","commit_id":"5567b7897e2726c1839701b02964b4453da4da96"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"7f93612c5f1968f2cdaab7c152702b325181d0f4","unresolved":false,"context_lines":[{"line_number":932,"context_line":"                        \u0027port_security_enabled\u0027, True)"},{"line_number":933,"context_line":"                if request.port_id:"},{"line_number":934,"context_line":"                    port_security_enabled \u003d ports[request.port_id].get("},{"line_number":935,"context_line":"                        \u0027port_security_enabled\u0027, True)"},{"line_number":936,"context_line":""},{"line_number":937,"context_line":"                if port_security_enabled:"},{"line_number":938,"context_line":"                    # check that requested port has security enabled"}],"source_content_type":"text/x-python","patch_set":3,"id":"3f79a3b5_aa9b7ec4","line":935,"range":{"start_line":935,"start_character":49,"end_line":935,"end_character":53},"updated":"2018-11-27 17:32:14.000000000","message":"technically this should proably default to whether the security group extention is enabled for the neutron api.\n\ne.g. we should default to false if the securitiy groups extention is disabled in neutron.\n\nso all the cases where you have defaulted to true should be defualted to the existence of the extention instead.","commit_id":"740b0eac373ba75af7969c38a2a3a165408ece10"}]}