Merge lp:~anso/nova/ec2-security-groups

4 files changed, 19 insertions, 19 deletions

diff --git a/nova/api/ec2/cloud.py b/nova/api/ec2/cloud.py
index a6e5da155..df968aa25 100644
--- a/nova/api/ec2/cloud.py
+++ b/nova/api/ec2/cloud.py
@@ -260,7 +260,7 @@ class CloudController(object):
         g = {}
         g['groupDescription'] = group.description
         g['groupName'] = group.name
-        g['ownerId'] = context.user.id
+        g['ownerId'] = group.project_id
         g['ipPermissions'] = []
         for rule in group.rules:
             r = {}
@@ -272,7 +272,7 @@ class CloudController(object):
             if rule.group_id:
                 source_group = db.security_group_get(context, rule.group_id)
                 r['groups'] += [{'groupName': source_group.name,
-                                 'userId': source_group.user_id}]
+                                 'userId': source_group.project_id}]
             else:
                 r['ipRanges'] += [{'cidrIp': rule.cidr}]
             g['ipPermissions'] += [r]
diff --git a/nova/db/sqlalchemy/api.py b/nova/db/sqlalchemy/api.py
index 6b0f61215..5a7187f46 100644
--- a/nova/db/sqlalchemy/api.py
+++ b/nova/db/sqlalchemy/api.py
@@ -413,10 +413,10 @@ def instance_destroy(_context, instance_id):
 def instance_get(context, instance_id):
     session = get_session()
     instance_ref = session.query(models.Instance
-                    ).options(joinedload_all('fixed_ip.floating_ips')
-                    ).options(joinedload_all('security_groups')
                     ).filter_by(id=instance_id
                     ).filter_by(deleted=_deleted(context)
+                    ).options(joinedload_all('security_groups')
+                    ).options(joinedload_all('fixed_ip.floating_ips')
                     ).first()
     if not instance_ref:
         raise exception.NotFound('Instance %s not found' % (instance_id))
@@ -1032,7 +1032,7 @@ def security_group_destroy(_context, security_group_id):
     session = get_session()
     with session.begin():
         # TODO(vish): do we have to use sql here?
-        session.execute('update security_group set deleted=1 where id=:id',
+        session.execute('update security_groups set deleted=1 where id=:id',
                         {'id': security_group_id})
         session.execute('update security_group_rules set deleted=1 '
                         'where group_id=:id',
@@ -1042,7 +1042,7 @@ def security_group_destroy_all(_context):
     session = get_session()
     with session.begin():
         # TODO(vish): do we have to use sql here?
-        session.execute('update security_group set deleted=1')
+        session.execute('update security_groups set deleted=1')
         session.execute('update security_group_rules set deleted=1')
 
 ###################
diff --git a/nova/db/sqlalchemy/models.py b/nova/db/sqlalchemy/models.py
index b89616ddb..67142ad78 100644
--- a/nova/db/sqlalchemy/models.py
+++ b/nova/db/sqlalchemy/models.py
@@ -25,7 +25,7 @@ import datetime
 
 # TODO(vish): clean up these imports
 from sqlalchemy.orm import relationship, backref, exc, object_mapper
-from sqlalchemy import Column, Integer, String, Table
+from sqlalchemy import Column, Integer, String
 from sqlalchemy import ForeignKey, DateTime, Boolean, Text
 from sqlalchemy.ext.declarative import declarative_base
 
@@ -343,13 +343,13 @@ class ExportDevice(BASE, NovaBase):
 class SecurityGroupInstanceAssociation(BASE, NovaBase):
     __tablename__ = 'security_group_instance_association'
     id = Column(Integer, primary_key=True)
-    security_group_id = Column(Integer, ForeignKey('security_group.id'))
+    security_group_id = Column(Integer, ForeignKey('security_groups.id'))
     instance_id = Column(Integer, ForeignKey('instances.id'))
 
 
 class SecurityGroup(BASE, NovaBase):
     """Represents a security group"""
-    __tablename__ = 'security_group'
+    __tablename__ = 'security_groups'
     id = Column(Integer, primary_key=True)
 
     name = Column(String(255))
@@ -359,9 +359,9 @@ class SecurityGroup(BASE, NovaBase):
 
     instances = relationship(Instance,
                              secondary="security_group_instance_association",
-                             secondaryjoin="and_(SecurityGroup.id == SecurityGroupInstanceAssociation.security_group_id,"
-                                                 "Instance.id == SecurityGroupInstanceAssociation.instance_id,"
-                                                 "SecurityGroup.deleted == False,"
+                             primaryjoin="and_(SecurityGroup.id == SecurityGroupInstanceAssociation.security_group_id,"
+                                               "SecurityGroup.deleted == False)",
+                             secondaryjoin="and_(SecurityGroupInstanceAssociation.instance_id == Instance.id,"
                                                  "Instance.deleted == False)",
                              backref='security_groups')
 
@@ -379,7 +379,7 @@ class SecurityGroupIngressRule(BASE, NovaBase):
     __tablename__ = 'security_group_rules'
     id = Column(Integer, primary_key=True)
 
-    parent_group_id = Column(Integer, ForeignKey('security_group.id'))
+    parent_group_id = Column(Integer, ForeignKey('security_groups.id'))
     parent_group = relationship("SecurityGroup", backref="rules",
                          foreign_keys=parent_group_id,
                          primaryjoin="and_(SecurityGroupIngressRule.parent_group_id == SecurityGroup.id,"
@@ -392,7 +392,7 @@ class SecurityGroupIngressRule(BASE, NovaBase):
 
     # Note: This is not the parent SecurityGroup. It's SecurityGroup we're
     # granting access for.
-    group_id = Column(Integer, ForeignKey('security_group.id'))
+    group_id = Column(Integer, ForeignKey('security_groups.id'))
 
 
 class KeyPair(BASE, NovaBase):
@@ -546,7 +546,7 @@ def register_models():
     from sqlalchemy import create_engine
     models = (Service, Instance, Volume, ExportDevice, FixedIp, FloatingIp,
               Network, NetworkIndex, SecurityGroup, SecurityGroupIngressRule,
-              AuthToken) # , Image, Host
+              SecurityGroupInstanceAssociation, AuthToken) # , Image, Host
     engine = create_engine(FLAGS.sql_connection, echo=False)
     for model in models:
         model.metadata.create_all(engine)
diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py
index c86f3ffb7..9d889cf29 100644
--- a/nova/virt/libvirt_conn.py
+++ b/nova/virt/libvirt_conn.py
@@ -527,8 +527,8 @@ class NWFilterFirewall(object):
     def nova_base_ipv4_filter(self):
         retval = "<filter name='nova-base-ipv4' chain='ipv4'>"
         for protocol in ['tcp', 'udp', 'icmp']:
-            for direction,action,priority in [('out','accept', 400),
-                                     ('in','drop', 399)]:
+            for direction,action,priority in [('out','accept', 399),
+                                     ('inout','drop', 400)]:
                 retval += """<rule action='%s' direction='%s' priority='%d'>
                                <%s />
                              </rule>""" % (action, direction,
@@ -540,8 +540,8 @@ class NWFilterFirewall(object):
     def nova_base_ipv6_filter(self):
         retval = "<filter name='nova-base-ipv6' chain='ipv6'>"
         for protocol in ['tcp', 'udp', 'icmp']:
-            for direction,action,priority in [('out','accept',400),
-                                     ('in','drop',399)]:
+            for direction,action,priority in [('out','accept',399),
+                                     ('inout','drop',400)]:
                 retval += """<rule action='%s' direction='%s' priority='%d'>
                                <%s-ipv6 />
                              </rule>""" % (action, direction,