)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"3fc38bdf3adf0484e394b59e7edd417151d4928c","unresolved":true,"context_lines":[{"line_number":4,"context_line":"Commit:     Stephen Finucane \u003csfinucan@redhat.com\u003e"},{"line_number":5,"context_line":"CommitDate: 2022-10-10 16:30:04 +0100"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"objects: Stop fetching from security_groups table"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"This will allow us to eventually remove those tables in B or later."},{"line_number":10,"context_line":""}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"7abd88f6_070eca73","line":7,"updated":"2023-04-12 17:50:52.000000000","message":"can we do this.\n\nwe have disucssed this n the past but you can specy a defult neutron sercurity gorup to use wiht nova create port correct.\n\ni guess once the port is created and teh security group applied we dont need this info anymore so this is proably ok.\n\nwe do not store this info in teh network requests object\nhttps://github.com/openstack/nova/blob/ae42400b7663bc58d5562de99e976c95131b77a9/nova/objects/network_request.py#L29-L47\n\nbut it is used in the request spec\nhttps://github.com/openstack/nova/blob/ae42400b7663bc58d5562de99e976c95131b77a9/nova/objects/request_spec.py#L101-L102\n\nim not sure that thsi is nova networks only.\n\ncan you show me where this info is pased form teh api to the comptue manger if it not in the instace object\n\nthe api ref says\n\narray\n\t\n\"One or more security groups. Specify the name of the security group in the name attribute. If you omit this attribute, the API creates the server in the default security group. Requested security groups are not applied to pre-existing ports.\"\n\nthe last line is there because this feature is supported with neutron but only on nova created port when you use pass a neutron network or subnet.\n\nthis is where its used in teh nova/network/neutron module\nhttps://github.com/openstack/nova/blob/ae42400b7663bc58d5562de99e976c95131b77a9/nova/network/neutron.py#L968-L1032\n\nthe security groups are passed into  allocate_for_instance\n\nif you keep tracking that back it looks like they are passed to the compute via the rpc request\nhttps://github.com/openstack/nova/blob/ae42400b7663bc58d5562de99e976c95131b77a9/nova/conductor/manager.py#L1774-L1791\n\non the spawn path i guess that is ok.\n\nbut i think this will break the interace atch flow.\n\nhttps://docs.openstack.org/api-ref/compute/?expanded\u003dcreate-interface-detail#create-interface\nwe support attaching networks or subnets to a vm and in that case we expect the secuity groups passed in during spawn to be appled to the attchted network/subnet.\n\n{\n    \"interfaceAttachment\": {\n        \"fixed_ips\": [\n            {\n                \"ip_address\": \"192.168.1.3\"\n            }\n        ],\n        \"net_id\": \"3cb9bc59-5699-4588-a4b1-b87f96708bc6\"\n    }\n}\n\ni.e. that will nolonger result in teh servers secuirty groups being attached to the newly created port.\n\nlooking at \nhttps://github.com/openstack/nova/blob/ae42400b7663bc58d5562de99e976c95131b77a9/nova/compute/manager.py#L8210-L8216 we dont seam to be passing the instace.security groups nad if non are past  we dont inlcude it in the port create request \n\nhttps://github.com/openstack/nova/blob/ae42400b7663bc58d5562de99e976c95131b77a9/nova/network/neutron.py#L516-L517\n\nim going to try this on my home clodu because im still a littel nervous that there might eb a change in behavior but we might be ok as long as we keep the security groups in the request spec for the inital spawn.","commit_id":"b9c71b1fdbeae2ad0e5df70e1cd7a0a44709fe61"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"8ad0c7bc3698e275e62ac5c3207da50dce0d4380","unresolved":false,"context_lines":[{"line_number":4,"context_line":"Commit:     Stephen Finucane \u003csfinucan@redhat.com\u003e"},{"line_number":5,"context_line":"CommitDate: 2022-10-10 16:30:04 +0100"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"objects: Stop fetching from security_groups table"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"This will allow us to eventually remove those tables in B or later."},{"line_number":10,"context_line":""}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"06e30517_89b0126c","line":7,"in_reply_to":"3e5503f0_0b52d61b","updated":"2023-04-13 14:19:51.000000000","message":"[1] is important bit. We don\u0027t store anything in this table nowadays, and haven\u0027t done so for a long time - the only thing that\u0027s change here in recent years is we removed an \u0027if CONF.use_neutron\u0027 conditional when we fully drop nova-net support [2].\n\nYou can check this on a running deployment: create instances with both default and non-default security groups and then inspect the `security_group_instance_association` table in any of the `nova_cellN` tables (assuming DevStack). Here\u0027s output from a local DevStack deployment of mine for an instance running with non-default security groups.\n\n    mysql\u003e use nova_cell1;\n    mysql\u003e select id,uuid from instances WHERE deleted\u003d0 ORDER BY id;\n    +----+--------------------------------------+\n    | id | uuid                                 |\n    +----+--------------------------------------+\n    | 30 | be35a50e-c436-4c17-90f3-2b7c99b4efd3 |\n    +----+--------------------------------------+\n    1 row in set (0.00 sec)\n    mysql\u003e select id,name,project_id from security_groups;\n    +----+---------+----------------------------------+\n    | id | name    | project_id                       |\n    +----+---------+----------------------------------+\n    |  1 | default | 0be9ad3a82db4a248902268df5ac644b |\n    |  2 | default | c4fdc1bcf30541048ca086d7332a57e3 |\n    +----+---------+----------------------------------+\n    2 rows in set (0.00 sec)\n    mysql\u003e select * from security_group_rules;\n    Empty set (0.00 sec)\n    mysql\u003e select * from security_group_default_rules;\n    Empty set (0.01 sec)\n    mysql\u003e select * from security_group_instance_association;\n    Empty set (0.00 sec)\n\n(FYI, the reason there is something in the `security_groups` table is because we\u0027re manually creating records [3]. These are useless though and I really should delete this code also)\n\nHopefully that clears things up. The fact that we\u0027re passing all Tempest tests probably helps too 😎\n\n[1] https://github.com/openstack/nova/blob/27.0.0/nova/compute/api.py#L2109-L2112\n[2] https://github.com/openstack/nova/commit/df001770938afdad61f4579498d4153450554788#diff-1921598ddbbe23b930227e5aa659e6d984f7aaadf5b66ab9a211033b181fcef3\n[3] https://github.com/openstack/nova/blob/27.0.0/nova/db/main/api.py#L3174-L3207","commit_id":"b9c71b1fdbeae2ad0e5df70e1cd7a0a44709fe61"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"46d95c33222717887dd7c99bc6929153d8d432ee","unresolved":true,"context_lines":[{"line_number":4,"context_line":"Commit:     Stephen Finucane \u003csfinucan@redhat.com\u003e"},{"line_number":5,"context_line":"CommitDate: 2022-10-10 16:30:04 +0100"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"objects: Stop fetching from security_groups table"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"This will allow us to eventually remove those tables in B or later."},{"line_number":10,"context_line":""}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"9b45846c_e93db23d","line":7,"in_reply_to":"3e5503f0_0b52d61b","updated":"2023-04-13 13:55:54.000000000","message":"thinking about it last night this bug has existed forever so i dont think we shoudl fix it now so upgrading to +2","commit_id":"b9c71b1fdbeae2ad0e5df70e1cd7a0a44709fe61"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"7321606699005ced131fe70804c446025ead74cc","unresolved":true,"context_lines":[{"line_number":4,"context_line":"Commit:     Stephen Finucane \u003csfinucan@redhat.com\u003e"},{"line_number":5,"context_line":"CommitDate: 2022-10-10 16:30:04 +0100"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"objects: Stop fetching from security_groups table"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"This will allow us to eventually remove those tables in B or later."},{"line_number":10,"context_line":""}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"3e5503f0_0b52d61b","line":7,"in_reply_to":"7abd88f6_070eca73","updated":"2023-04-12 17:59:40.000000000","message":"ok if you attach a network only the default security group is applied not all teh ones you specified when creating the vm.\n\nthis is arguable a bug as if you did not request the default group wehn booting a vm the create port on the attached network woudl still use the default secruity group which you never requested.\n\neither in the interface attach or in teh vm boot request.\n\nchangign that behiaovr would requrie an api microversion change so im temted to ignore that but its not the behavior i would expect.\n\nif we are storign the list of requested seurtiy groups in the instance which we are i woudl expect them to apply to all nova create ports including network attach.","commit_id":"b9c71b1fdbeae2ad0e5df70e1cd7a0a44709fe61"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"55f655cd9d8259b842997833c675c5754fc93b9e","unresolved":false,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":"objects: Stop fetching from security_groups table"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"This will allow us to eventually remove those tables in B or later."},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"Change-Id: I62acb9c155d8202fa49f793c6fef9d8d4b4027f9"},{"line_number":12,"context_line":"Signed-off-by: Stephen Finucane \u003csfinucan@redhat.com\u003e"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"bc1e76f1_ae943154","line":9,"range":{"start_line":9,"start_character":56,"end_line":9,"end_character":57},"updated":"2023-03-23 12:26:58.000000000","message":"C\n\n(can adjust if we need to respin but it\u0027s hardly necessary)","commit_id":"b9c71b1fdbeae2ad0e5df70e1cd7a0a44709fe61"}],"/PATCHSET_LEVEL":[{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"f47119b4495456dfcc852b7274790bceed2171c0","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"39a81b3a_147ac153","updated":"2023-04-12 17:51:13.000000000","message":"+1 untill i check the current behavior.","commit_id":"b9c71b1fdbeae2ad0e5df70e1cd7a0a44709fe61"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"432b1a06ea20a995c314f076465137a16caa6dbf","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"cc01f7b4_08f7099b","updated":"2023-05-31 07:47:22.000000000","message":"As tests are passing we can be safe that these were dead code anyhow.","commit_id":"b9c71b1fdbeae2ad0e5df70e1cd7a0a44709fe61"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"7321606699005ced131fe70804c446025ead74cc","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"1a33adac_4efe931b","updated":"2023-04-12 17:59:40.000000000","message":"if other are ok with the exising but then we can proceed with this removal.","commit_id":"b9c71b1fdbeae2ad0e5df70e1cd7a0a44709fe61"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"d22dee0639cc5bc2d7b16962a39758895af02925","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"38ba2d20_c9ff7dad","updated":"2023-09-12 15:10:26.000000000","message":"this was just rebased","commit_id":"5f50043ec152ff89c263e310746009cb07bafd67"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"378a06901b9a15d38367c4e36f0c71e899184693","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"101a5f90_8eb846b7","updated":"2023-10-03 13:46:48.000000000","message":"I don\u0027t disagree with the change, but I wonder why we should silently accept to save a SG if we no longer support this.","commit_id":"2b55e33398e3799151da6cd9fce3141f5dcc9efb"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"ee436421cf345af51251a9d36f881c21a69aebbb","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"db5652c1_b7e424ae","updated":"2023-10-26 13:07:54.000000000","message":"recheck","commit_id":"2b55e33398e3799151da6cd9fce3141f5dcc9efb"},{"author":{"_account_id":7634,"name":"Takashi Natsume","email":"takanattie@gmail.com","username":"natsumet"},"change_message_id":"923d8dc79dcb3eb1bed5ea77a329c260d1a504db","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"889728b1_d0c5e3f6","updated":"2023-10-29 16:36:10.000000000","message":"recheck timeout","commit_id":"2b55e33398e3799151da6cd9fce3141f5dcc9efb"}],"nova/objects/instance.py":[{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"378a06901b9a15d38367c4e36f0c71e899184693","unresolved":true,"context_lines":[{"line_number":697,"context_line":"    def _save_security_groups(self, context):"},{"line_number":698,"context_line":"        # NOTE(stephenfin): We no longer bother saving these since they"},{"line_number":699,"context_line":"        # shouldn\u0027t be created in the first place"},{"line_number":700,"context_line":"        pass"},{"line_number":701,"context_line":""},{"line_number":702,"context_line":"    def _save_fault(self, context):"},{"line_number":703,"context_line":"        # NOTE(danms): I don\u0027t think we need to worry about this, do we?"}],"source_content_type":"text/x-python","patch_set":4,"id":"e643f667_24375360","line":700,"updated":"2023-10-03 13:46:48.000000000","message":"shouldn\u0027t we then provide some LOG saying \"heh, that\u0027s bizarre we are saving a SG\".\n\nThis way, we could also know which methods call this.","commit_id":"2b55e33398e3799151da6cd9fce3141f5dcc9efb"}]}