diff options
| author | Adam Gandelman <adamg@canonical.com> | 2012-03-15 15:38:11 -0700 |
|---|---|---|
| committer | Vishvananda Ishaya <vishvananda@gmail.com> | 2012-03-15 19:43:26 -0700 |
| commit | dd6c1907c6634ccb41c3d94ed3296498e32333b0 (patch) | |
| tree | af071491f0508d758be03cc52457b79c8ea44e18 | |
| parent | 67b84ddccc05b22a6e7e27a4c42893a6c50e5db9 (diff) | |
| download | nova-dd6c1907c6634ccb41c3d94ed3296498e32333b0.tar.gz nova-dd6c1907c6634ccb41c3d94ed3296498e32333b0.tar.xz nova-dd6c1907c6634ccb41c3d94ed3296498e32333b0.zip | |
db api: Remove check for security groups reference
security_group_in_use() should only be checking that a security
group is associated with running instances, not that other groups
are referencing it in their rules. With this check in place, it
becomes impossible to delete self-referential security groups.
Fixes bug 956366.
Update: Remove obsolete test as well
Change-Id: I31f49c655b044dbaf0fb66dfaadb876c9dc3d167
| -rw-r--r-- | nova/db/sqlalchemy/api.py | 14 | ||||
| -rw-r--r-- | nova/tests/api/ec2/test_cloud.py | 17 | ||||
| -rw-r--r-- | nova/tests/test_api.py | 9 |
3 files changed, 0 insertions, 40 deletions
diff --git a/nova/db/sqlalchemy/api.py b/nova/db/sqlalchemy/api.py index bf5847dc3..71a17584e 100644 --- a/nova/db/sqlalchemy/api.py +++ b/nova/db/sqlalchemy/api.py @@ -2735,20 +2735,6 @@ def security_group_exists(context, project_id, group_name): def security_group_in_use(context, group_id): session = get_session() with session.begin(): - # Are there any other groups that haven't been deleted - # that include this group in their rules? - rules = session.query(models.SecurityGroupIngressRule).\ - filter_by(group_id=group_id).\ - filter_by(deleted=False).\ - all() - for r in rules: - num_groups = session.query(models.SecurityGroup).\ - filter_by(deleted=False).\ - filter_by(id=r.parent_group_id).\ - count() - if num_groups: - return True - # Are there any instances that haven't been deleted # that include this group? inst_assoc = session.query(models.SecurityGroupInstanceAssociation).\ diff --git a/nova/tests/api/ec2/test_cloud.py b/nova/tests/api/ec2/test_cloud.py index 7f56aa479..fc6c656fe 100644 --- a/nova/tests/api/ec2/test_cloud.py +++ b/nova/tests/api/ec2/test_cloud.py @@ -496,23 +496,6 @@ class CloudTestCase(test.TestCase): self.assertRaises(exception.EC2APIError, revoke, self.context, **kwargs) - def test_delete_security_group_in_use_by_group(self): - group1 = self.cloud.create_security_group(self.context, 'testgrp1', - "test group 1") - group2 = self.cloud.create_security_group(self.context, 'testgrp2', - "test group 2") - kwargs = {'groups': {'1': {'user_id': u'%s' % self.context.user_id, - 'group_name': u'testgrp2'}}, - } - self.cloud.authorize_security_group_ingress(self.context, - group_name='testgrp1', **kwargs) - - self.assertRaises(exception.InvalidGroup, - self.cloud.delete_security_group, - self.context, 'testgrp2') - self.cloud.delete_security_group(self.context, 'testgrp1') - self.cloud.delete_security_group(self.context, 'testgrp2') - def test_delete_security_group_in_use_by_instance(self): """Ensure that a group can not be deleted if in use by an instance.""" image_uuid = 'cedef40a-ed67-4d10-800e-17455edce175' diff --git a/nova/tests/test_api.py b/nova/tests/test_api.py index 473e1d5f9..5735a7dc2 100644 --- a/nova/tests/test_api.py +++ b/nova/tests/test_api.py @@ -572,15 +572,6 @@ class ApiEc2TestCase(test.TestCase): self.expect_http() self.mox.ReplayAll() - # Can not delete the group while it is still used by - # another group. - self.assertRaises(boto_exc.EC2ResponseError, - self.ec2.delete_security_group, - other_security_group_name) - - self.expect_http() - self.mox.ReplayAll() - rv = self.ec2.get_all_security_groups() for group in rv: |