Fix bug 933147 Security group trigger notifications.

Add a lightweight mechanism to allow security group trigger
notifications to be propagated to quantum security group handlers.

Add a global flag: "security_group_handler" to allow for runtime
selection of security group handler class.

Change-Id: I8a3768c26c97020071ad4e52d3a22d8898e72e9f

2 files changed, 27 insertions, 1 deletions

diff --git a/nova/api/ec2/cloud.py b/nova/api/ec2/cloud.py
index 560a2d0dd..1a574ec6f 100644
--- a/nova/api/ec2/cloud.py
+++ b/nova/api/ec2/cloud.py
@@ -202,6 +202,7 @@ class CloudController(object):
         self.volume_api = volume.API()
         self.compute_api = compute.API(network_api=self.network_api,
                                        volume_api=self.volume_api)
+        self.sgh = utils.import_object(FLAGS.security_group_handler)
 
     def __str__(self):
         return 'CloudController'
@@ -622,6 +623,7 @@ class CloudController(object):
         except KeyError:
             prevalues.append(kwargs)
         rule_id = None
+        rule_ids = []
         for values in prevalues:
             rulesvalues = self._rule_args_to_dict(context, values)
             if not rulesvalues:
@@ -634,11 +636,14 @@ class CloudController(object):
                                                            values_for_rule)
                 if rule_id:
                     db.security_group_rule_destroy(context, rule_id)
+                    rule_ids.append(rule_id)
         if rule_id:
             # NOTE(vish): we removed a rule, so refresh
             self.compute_api.trigger_security_group_rules_refresh(
                     context,
                     security_group_id=security_group['id'])
+            self.sgh.trigger_security_group_rule_destroy_refresh(
+                    context, rule_ids)
             return True
         raise exception.EC2APIError(_("No rule for the specified parameters."))
 
@@ -685,15 +690,19 @@ class CloudController(object):
                     raise exception.EC2APIError(_(err) % values_for_rule)
                 postvalues.append(values_for_rule)
 
+        rule_ids = []
         for values_for_rule in postvalues:
             security_group_rule = db.security_group_rule_create(
                     context,
                     values_for_rule)
+            rule_ids.append(security_group_rule['id'])
 
         if postvalues:
             self.compute_api.trigger_security_group_rules_refresh(
                     context,
                     security_group_id=security_group['id'])
+            self.sgh.trigger_security_group_rule_create_refresh(
+                    context, rule_ids)
             return True
 
         raise exception.EC2APIError(_("No rule for the specified parameters."))
@@ -744,6 +753,8 @@ class CloudController(object):
                  'description': group_description}
         group_ref = db.security_group_create(context, group)
 
+        self.sgh.trigger_security_group_create_refresh(context, group)
+
         return {'securityGroupSet': [self._format_security_group(context,
                                                                  group_ref)]}
 
@@ -765,6 +776,9 @@ class CloudController(object):
                 raise notfound(security_group_id=group_id)
         LOG.audit(_("Delete security group %s"), group_name, context=context)
         db.security_group_destroy(context, security_group.id)
+
+        self.sgh.trigger_security_group_destroy_refresh(context,
+                                                        security_group.id)
         return True
 
     def get_console_output(self, context, instance_id, **kwargs):
diff --git a/nova/api/openstack/compute/contrib/security_groups.py b/nova/api/openstack/compute/contrib/security_groups.py
index e1e5a47fe..d7e851468 100644
--- a/nova/api/openstack/compute/contrib/security_groups.py
+++ b/nova/api/openstack/compute/contrib/security_groups.py
@@ -179,6 +179,7 @@ class SecurityGroupController(object):
     def __init__(self):
         self.compute_api = compute.API()
         super(SecurityGroupController, self).__init__()
+        self.sgh = utils.import_object(FLAGS.security_group_handler)
 
     def _format_security_group_rule(self, context, rule):
         sg_rule = {}
@@ -236,6 +237,8 @@ class SecurityGroupController(object):
         security_group = self._get_security_group(context, id)
         LOG.audit(_("Delete security group %s"), id, context=context)
         db.security_group_destroy(context, security_group.id)
+        self.sgh.trigger_security_group_destroy_refresh(
+            context, security_group.id)
 
         return webob.Response(status_int=202)
 
@@ -290,6 +293,7 @@ class SecurityGroupController(object):
                  'name': group_name,
                  'description': group_description}
         group_ref = db.security_group_create(context, group)
+        self.sgh.trigger_security_group_create_refresh(context, group)
 
         return {'security_group': self._format_security_group(context,
                                                                  group_ref)}
@@ -366,7 +370,8 @@ class SecurityGroupRulesController(SecurityGroupController):
             raise exc.HTTPBadRequest(explanation=msg)
 
         security_group_rule = db.security_group_rule_create(context, values)
-
+        self.sgh.trigger_security_group_rule_create_refresh(
+            context, [security_group_rule['id']])
         self.compute_api.trigger_security_group_rules_refresh(context,
                                     security_group_id=security_group['id'])
 
@@ -495,6 +500,8 @@ class SecurityGroupRulesController(SecurityGroupController):
         LOG.audit(msg, security_group['name'], context=context)
 
         db.security_group_rule_destroy(context, rule['id'])
+        self.sgh.trigger_security_group_rule_destroy_refresh(
+            context, [rule['id']])
         self.compute_api.trigger_security_group_rules_refresh(context,
                                     security_group_id=security_group['id'])
 
@@ -505,6 +512,7 @@ class SecurityGroupActionController(wsgi.Controller):
     def __init__(self, *args, **kwargs):
         super(SecurityGroupActionController, self).__init__(*args, **kwargs)
         self.compute_api = compute.API()
+        self.sgh = utils.import_object(FLAGS.security_group_handler)
 
     @wsgi.action('addSecurityGroup')
     def _addSecurityGroup(self, req, id, body):
@@ -528,6 +536,8 @@ class SecurityGroupActionController(wsgi.Controller):
         try:
             instance = self.compute_api.get(context, id)
             self.compute_api.add_security_group(context, instance, group_name)
+            self.sgh.trigger_instance_add_security_group_refresh(
+                context, instance, group_name)
         except exception.SecurityGroupNotFound as exp:
             raise exc.HTTPNotFound(explanation=unicode(exp))
         except exception.InstanceNotFound as exp:
@@ -560,6 +570,8 @@ class SecurityGroupActionController(wsgi.Controller):
             instance = self.compute_api.get(context, id)
             self.compute_api.remove_security_group(context, instance,
                                                    group_name)
+            self.sgh.trigger_instance_remove_security_group_refresh(
+                context, instance, group_name)
         except exception.SecurityGroupNotFound as exp:
             raise exc.HTTPNotFound(explanation=unicode(exp))
         except exception.InstanceNotFound as exp: