diff options
| author | Aaron Rosen <arosen@nicira.com> | 2013-02-28 14:47:11 -0800 |
|---|---|---|
| committer | Aaron Rosen <arosen@nicira.com> | 2013-03-01 10:34:58 -0800 |
| commit | 5a2b9d7e95cde85d58a35a73030fc8eea88f3386 (patch) | |
| tree | 6c6d2e90047708a3a43e9087e4e8fdefd8c85333 /nova/compute | |
| parent | 35b2b2c5c456c3138e0e31085c71d852320b9ce4 (diff) | |
Implement rules_exist method for quantum security group driver
Originally I thought the quantum security group driver should
not enforce rules exist on the nova-api side and instead it should
just forward the request to quantum which would return the error.
That said there is no extra cost to doing this on the nova-api side
as nova-api already queries for the group before adding the rule.
In addition, rules_exists() is used in revoke_security_group_ingress()
for the ec2 compat APIs so this needs to be implemented.
This patch moves create_security_group_rule() and rule_exists() from
nova/compute/api.py to nova/network/security_group/security_group_base.py
as the same code can be leveraged in both places.
Fixes bug 1136345
Change-Id: I444ffc2b53b30ed496b6e3250433d14f316e594d
Diffstat (limited to 'nova/compute')
| -rw-r--r-- | nova/compute/api.py | 24 |
1 files changed, 0 insertions, 24 deletions
diff --git a/nova/compute/api.py b/nova/compute/api.py index bba6ee1eb..8ae8b6caf 100644 --- a/nova/compute/api.py +++ b/nova/compute/api.py @@ -2987,21 +2987,6 @@ class SecurityGroupAPI(base.Base, security_group_base.SecurityGroupBase): self.trigger_handler('instance_remove_security_group', context, instance, security_group_name) - def rule_exists(self, security_group, new_rule): - """Indicates whether the specified rule is already - defined in the given security group. - """ - for rule in security_group['rules']: - is_duplicate = True - keys = ('group_id', 'cidr', 'from_port', 'to_port', 'protocol') - for key in keys: - if rule.get(key) != new_rule.get(key): - is_duplicate = False - break - if is_duplicate: - return rule.get('id') or True - return False - def get_rule(self, context, id): self.ensure_default(context) try: @@ -3094,15 +3079,6 @@ class SecurityGroupAPI(base.Base, security_group_base.SecurityGroupBase): msg = _("Security group id should be integer") self.raise_invalid_property(msg) - def create_security_group_rule(self, context, security_group, new_rule): - if self.rule_exists(security_group, new_rule): - msg = (_('This rule already exists in group %s') % - new_rule['parent_group_id']) - self.raise_group_already_exists(msg) - return self.add_rules(context, new_rule['parent_group_id'], - security_group['name'], - [new_rule])[0] - def trigger_handler(self, event, *args): handle = getattr(self.sgh, 'trigger_%s_refresh' % event) handle(*args) |