diff options
| author | Eoghan Glynn <eglynn@redhat.com> | 2012-09-14 11:15:29 +0000 |
|---|---|---|
| committer | Eoghan Glynn <eglynn@redhat.com> | 2012-09-14 13:41:34 +0100 |
| commit | 29af2252a8bc97157a52fddca78b31224eb55dac (patch) | |
| tree | 8dfd54748c6932257901e7a42a397361b373d9f3 /nova/api | |
| parent | 81b2c8b2a33891d42670e60523d42a85ad227625 (diff) | |
| download | nova-29af2252a8bc97157a52fddca78b31224eb55dac.tar.gz nova-29af2252a8bc97157a52fddca78b31224eb55dac.tar.xz nova-29af2252a8bc97157a52fddca78b31224eb55dac.zip | |
All security groups not returned to admins by default.
Fixes bug 1046054.
Previously security groups relating to all tenants were returned
when requested by an admin user.
Now only those groups related to the current tenant are returned
by default.
To recover the old behaviour, the all_tenants search option may
be specified via the native API with:
/v2/<project_id>/os-security-groups?all_tenants=1
or via the EC2 API with:
Action=DescribeSecurityGroups&Filter.1.Name=all-tenants&Filter.1.Value.1=1
Note that the latter is slightly ultra vires with respect to the
EC2 API spec, in the sense that this filter is in addition to the
standard set. Since we don't pay attention to many of these standard
filters as yet, this stepping slightly off-piste is deemed worth it.
Change-Id: I6157e408394d04096d21747d665e3b3aa6aa55de
Diffstat (limited to 'nova/api')
| -rw-r--r-- | nova/api/ec2/cloud.py | 5 | ||||
| -rw-r--r-- | nova/api/ec2/ec2utils.py | 5 | ||||
| -rw-r--r-- | nova/api/openstack/compute/contrib/security_groups.py | 6 |
3 files changed, 14 insertions, 2 deletions
diff --git a/nova/api/ec2/cloud.py b/nova/api/ec2/cloud.py index 0574ac262..0456dbc2a 100644 --- a/nova/api/ec2/cloud.py +++ b/nova/api/ec2/cloud.py @@ -431,10 +431,13 @@ class CloudController(object): def describe_security_groups(self, context, group_name=None, group_id=None, **kwargs): + search_opts = ec2utils.search_opts_from_filters(kwargs.get('filter')) + raw_groups = self.security_group_api.list(context, group_name, group_id, - context.project_id) + context.project_id, + search_opts=search_opts) groups = [self._format_security_group(context, g) for g in raw_groups] diff --git a/nova/api/ec2/ec2utils.py b/nova/api/ec2/ec2utils.py index 4a7e574ad..fdff3d9f4 100644 --- a/nova/api/ec2/ec2utils.py +++ b/nova/api/ec2/ec2utils.py @@ -301,3 +301,8 @@ def dict_from_dotted_str(items): args[key] = value return args + + +def search_opts_from_filters(filters): + return dict((f['name'].replace('-', '_'), f['value']['1']) + for f in filters if f['value']['1']) if filters else {} diff --git a/nova/api/openstack/compute/contrib/security_groups.py b/nova/api/openstack/compute/contrib/security_groups.py index 8bb9f3cf1..e5b1797b4 100644 --- a/nova/api/openstack/compute/contrib/security_groups.py +++ b/nova/api/openstack/compute/contrib/security_groups.py @@ -266,8 +266,12 @@ class SecurityGroupController(SecurityGroupControllerBase): """Returns a list of security groups""" context = self._authorize_context(req) + search_opts = {} + search_opts.update(req.GET) + raw_groups = self.security_group_api.list(context, - project=context.project_id) + project=context.project_id, + search_opts=search_opts) limited_list = common.limited(raw_groups, req) result = [self._format_security_group(context, group) |