search

cloudfoundry / cli

The official command line client for Cloud Foundry
https://docs.cloudfoundry.org/cf-cli
Apache License 2.0
1.75k stars 928 forks source link

cf bind-security-group has no effect if there is no space in the org #1813

Closed jeffpak closed 1 month ago

jeffpak commented 5 years ago

Please fill out the issue checklist below and provide ALL the requested information.

Describe the bug and the command you saw an issue with When trying to bind a security group to an org with no spaces (cf bind-security-group <security-group> <org>), running cf security-groups shows nothing. We would have expected the output after calling cf bind-security-group to be similar to the result of calling cf bind-<running | staging>-security-group <security-group>, where output would show that all spaces inside of the organization are now under the effect of the security group.

What happened

After trying to bind a security group to an org with no spaces inside of it, we get the following output: 

Getting security groups as admin...
OK

     name              organization   space   lifecycle
#0   dns               <all>          <all>   running
     dns               <all>          <all>   staging
#1   dummy-group

Expected behavior We would have expected this output:

Getting security groups as admin...
OK

     name              organization   space   lifecycle
#0   dns               <all>          <all>   running
     dns               <all>          <all>   staging
#1   dummy-group       system         <all>   running

where system is the name of the org we chose to bind to.

Returning an error when binding the ASG could also suffice, although that would introduce fundamentally different behavior from cf bind-<running | staging>-security-group (which does not care if there are no spaces inside the org).

To Reproduce Steps to reproduce the behavior; include the exact CLI commands and verbose output:

  1. cf create-security-group dummy-group /path/to/json
  2. cf create-org o
  3. cf bind-security-group dummy-group o
  4. cf security-groups

Provide more context

We believe that this bug has to do with how the bind-security-group command works internally. It does a loop inside of the org to determine all the spaces, and then will bind the security group to each space. So having no spaces would result in no groups being bound. We believe that there should be parity in behavior with cf bind-staging-security-group or cf bind-running-security-group. Even if there are no spaces, the user should either know that their command successfully executed for the organization, or that nothing happened as a result of there being no spaces.

For reference, this is the current output of cf security-groups when there are spaces inside of the org. 

$ cf security-groups
Getting security groups as admin...
OK

     name              organization   space            lifecycle
#0   dns               <all>          <all>            running
     dns               <all>          <all>            staging
#1   dummy-group       system         system-space-1   running
     dummy-group       system         system-space-2   running

Submitted by the CF Networking Program

cf-gitbot commented 5 years ago

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/169135298

The labels on this github issue will be updated when the story is started.

abbyachau commented 5 years ago

Hey @jeffpak thanks for this issue. We plan on building the security group commands on the v7 cf CLI soon and will review this to see how we an help. Those resources are next up in our roadmap (next two months). Thanks again.

github-actions[bot] commented 1 month ago

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed.

a-b commented 1 month ago

Thank you for your submission. If you still run into this issue with the latest CLI v8, please open a new ticket.