cf bind-security-group has no effect if there is no space in the org

[jeffpak]

Please fill out the issue checklist below and provide ALL the requested information.

• [x] I reviewed open and closed github issues that may be related to my problem.
• [x] I tried updating to the latest version of the CF CLI to see if it fixed my problem.
• [x] I attempted to run the command with CF_TRACE=1 to help debug the issue.
• [x] I am reporting a bug that others will be able to reproduce.
• [x] If this is an issue for the v7 beta release, I've read through the official docs and the release notes.

Describe the bug and the command you saw an issue with When trying to bind a security group to an org with no spaces (cf bind-security-group <security-group> <org>), running cf security-groups shows nothing. We would have expected the output after calling cf bind-security-group to be similar to the result of calling cf bind-<running | staging>-security-group <security-group>, where output would show that all spaces inside of the organization are now under the effect of the security group.

What happened

After trying to bind a security group to an org with no spaces inside of it, we get the following output:

Getting security groups as admin...
OK

     name              organization   space   lifecycle
#0   dns               <all>          <all>   running
     dns               <all>          <all>   staging
#1   dummy-group

Expected behavior We would have expected this output:

Getting security groups as admin...
OK

     name              organization   space   lifecycle
#0   dns               <all>          <all>   running
     dns               <all>          <all>   staging
#1   dummy-group       system         <all>   running

where system is the name of the org we chose to bind to.

Returning an error when binding the ASG could also suffice, although that would introduce fundamentally different behavior from cf bind-<running | staging>-security-group (which does not care if there are no spaces inside the org).

To Reproduce Steps to reproduce the behavior; include the exact CLI commands and verbose output:

1. cf create-security-group dummy-group /path/to/json
2. cf create-org o
3. cf bind-security-group dummy-group o
4. cf security-groups

Provide more context

• Mac OS X 10.13.6 iTerm
• cf/6.46.1+4934877ec.2019-08-23 and cf/7.0.0-beta.26+649b9a675.2019-10-08
• 2.141.0 CC API

We believe that this bug has to do with how the bind-security-group command works internally. It does a loop inside of the org to determine all the spaces, and then will bind the security group to each space. So having no spaces would result in no groups being bound. We believe that there should be parity in behavior with cf bind-staging-security-group or cf bind-running-security-group. Even if there are no spaces, the user should either know that their command successfully executed for the organization, or that nothing happened as a result of there being no spaces.

For reference, this is the current output of cf security-groups when there are spaces inside of the org.

$ cf security-groups
Getting security groups as admin...
OK

     name              organization   space            lifecycle
#0   dns               <all>          <all>            running
     dns               <all>          <all>            staging
#1   dummy-group       system         system-space-1   running
     dummy-group       system         system-space-2   running

Submitted by the CF Networking Program

[cf-gitbot]

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/169135298

The labels on this github issue will be updated when the story is started.

[abbyachau]

Hey @jeffpak thanks for this issue. We plan on building the security group commands on the v7 cf CLI soon and will review this to see how we an help. Those resources are next up in our roadmap (next two months). Thanks again.

[github-actions[bot]]

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed.