Code review comment for lp://staging/~vila/ubuntu-ci-services-itself/secgroups

> This is a reasonable addition to me to quickly clean things up when I know
> what I'm doing, but I'm hitting an authorization issue:
>
> Traceback (most recent call last):
> File "./leon.py", line 92, in <module>
> leon.clean_spurious_security_groups()
> File "./leon.py", line 73, in clean_spurious_security_groups
> groups = self.nova.security_groups.list()
> File "/tmp/venv/local/lib/python2.7/site-packages/python_novaclient-2.15.0-p
> y2.7.egg/novaclient/v1_1/security_groups.py", line 96, in list
> 'security_groups')
> --snip a bunch of novaclient code--
> File "/tmp/venv/local/lib/python2.7/site-
> packages/python_novaclient-2.15.0-py2.7.egg/novaclient/client.py", line 189,
> in request
> raise exceptions.from_response(resp, body, url, method)
> novaclient.exceptions.Unauthorized: The request you have made requires
> authentication. (HTTP 401)
>
>
> I have a unit_config file with the auth* and juju_env parameters defined. I
> can also manually run "nova secgroup-list" and view my security groups. Do I
> need to have some authorization enabled on my account?

Not that I know of, but your use case is killing Leon for sure, the slight protection excuse doesn't hold anymore for people that have multiple deployments in flight. We would need a far more precise behavior for that.

Additionally, since Chris validated firewall-mode, cleaning the secgroups is not an issue anymore.

If we decide to revert firewall-mode usage later, we may discover that juju[-deployer] has been fixed.

Finally, I realized that I got my movie reference wrong, I was thinking about Victor in Nikita (but Jean Reno plays the same kind of guy which confused me ;)