cloudify-openstack-plugin icon indicating copy to clipboard operation
cloudify-openstack-plugin copied to clipboard
verified publisher icon cloudify-cosmo

how to get ID of created security group

Open hamsterksu opened this issue 8 years ago • 3 comments

Hi everybody,

i want to link my security groups with remote_group_id

 - direction: ingress
    ethertype: IPv4
    port_range_min: 1
    port_range_max: 65535
    protocol: tcp
    remote_group_id: { get_attribute: [origin_security_group, id ] }

but it does not work just throws internal error

i tried to use remote_group_node: origin_security_group but it does not work too.

So how to use any group in security group rule?

hamsterksu avatar Apr 14 '17 15:04 hamsterksu

Hi,

Every OpenStack node template implementation exposes an "external_id" run-time property containing the UUID assigned by the OpenStack environment.

By looking at the code, it doesn't seem like the "get_attribute" function gets resolved when used in properties. If you're going to try this, please update whether it works or not so it can be prioritized for future versions of the plugin.

Thanks!

idanmo avatar Apr 16 '17 07:04 idanmo

hi @idanmo

Thank you for feedback. get_attribute works in output and it can resolve SG id - { get_attribute: [dataplane_security_group, external_id ] }

but it does not work for property scope

hamsterksu avatar Apr 18 '17 08:04 hamsterksu

Hi,

Yes, unfortunately it doesn't work.

Two workarounds (not ideal):

  1. Create the first security group using a different blueprint and inject its Id to the 2nd blueprint.
  2. Use CIDR based security group rules.

Since get_attribute can be used for operation inputs, the create security group operation should probably be enhanced and allow passing rules as operation inputs. Then, it should be possible to do this kind of reference between the nodes.

I'm not sure when we will be able to solve this, but we are accepting pull requests :-)

idanmo avatar Apr 23 '17 09:04 idanmo