Context

PR #96 adds full CRUD for load balancer detail view (listeners, pools, members, health monitors). A 5-agent review team (security, UX, user, product, admin) audited the implementation. Bugs found during review were fixed in the PR. This issue tracks the remaining findings for future work.

Bugs Fixed in PR #96

• Member form focus bug — advanceFocus() not used in non-text handler, causing dead-end focus in edit mode
• Silent health monitor defaults — invalid input silently became defaults, now validates with error messages
• Stale pool ID in member delete — pool ID captured at confirm time, not execution time
• Inconsistent focus guards on Selected* methods
• Missing name validation on create forms
• Spinner text not edit-aware in listener/member forms
• Unused functions and parameters removed
• SOURCE_IP_PORT missing from pool LB method options (required for OVN)
• Listener edit only supported name — now includes description and connection limit

Outstanding Items

P0 — Fix before production

• Health monitor lifecycle — Can only create HM during pool creation. Cannot edit delay/timeout/retries/path or remove a monitor from an existing pool. Must delete+recreate pool to fix a failing health check. (Product, User, Admin)
• PENDING state protection — Users can attempt operations on PENDING_CREATE/PENDING_UPDATE resources, get confusing 409 errors. Should disable actions or show messaging. (Product, Admin, User)
• Admin state toggle — Cannot disable LBs/pools/members for maintenance. Standard Octavia operation, essential for ops. (Product)

P1 — Important gaps

• Stronger cascade delete confirmation — One Ctrl+D destroys entire LB tree. Should show child resource count or require name-typing. (Security, Admin)
• Wrap gophercloud error messages — Raw API errors leak endpoints, auth details, internal codes. Should show user-friendly messages. (Security, Admin)
• IP address validation on member create — Address field accepts any string. Should validate IPv4/IPv6 format. (Security)
• Listener port/protocol not editable — Must delete+recreate. Should at minimum warn: "Port cannot be changed, delete and recreate." (User)
• Member count on pool rows — Pools pane doesn't show member count per pool. Must switch to Members pane to verify. (User)
• Adaptive polling — 5s default refresh can exhaust API rate limits. Should poll fast during PENDING, slow when ACTIVE. (Admin)

P2 — Nice to have

• Health monitor expected codes validation — No format validation (e.g. "200, 201" vs "200-201"). (Security)
• Subnet picker filtering — No search on large clouds with 100+ subnets. (Admin, UX)
• Hide monitor section when type is NONE — Section header renders even with no monitor configured. (UX)
• Graceful drain workflow — No one-step "drain and remove" for members (weight=0 → wait → delete). (User)
• Weight=0 warning — Member weight 0 silently disables traffic. Should hint or warn. (Security, Admin)

P3 — Future

• Listener TLS/HTTPS configuration (certificates, connection limits, timeouts)
• Pool session persistence (SOURCE_IP, HTTP_COOKIE)
• L7 policies and rules
• Bulk operations (multi-select members for delete)
• Pool-level health aggregate ("2 of 3 members ONLINE")
• Availability zone and flavor selection for LB create

Coverage Assessment

~40-50% of Octavia's core functionality is covered. Creation and basic management workflows work well. Production readiness requires P0 items (health monitor lifecycle, PENDING state handling, admin state toggle).