Prevent default security group deletion.

This patch adds a check to confirm that a security group name is not among a list of 'special' group names before proceeding with security group deletion. Fixes: bug 1131830 Change-Id: I5656e01b4ed3fd9c22abe6a731edaef7203d97c4
author: Brent Eagles <beagles@redhat.com> 2013-02-22 13:26:45 -0330
committer: Brent Eagles <beagles@redhat.com> 2013-02-22 16:19:17 -0330
commit: b01923cb8d117476dc643e6c93e3ab1805b06f2d (patch)
tree: 1940ca5708cb6f47f4bad048c8db92d65309771b /nova/compute
parent: a42845e455c74f41852babbbd09a3514021ea71d (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/nova/compute/api.py b/nova/compute/api.py
index f917e379d..c677d9ed1 100644
--- a/nova/compute/api.py
+++ b/nova/compute/api.py
@@ -100,6 +100,7 @@ CONF.import_opt('enable', 'nova.cells.opts', group='cells')
 
 MAX_USERDATA_SIZE = 65535
 QUOTAS = quota.QUOTAS
+RO_SECURITY_GROUPS = ['default']
 
 
 def check_instance_state(vm_state=None, task_state=(None,)):
@@ -2881,6 +2882,11 @@ class SecurityGroupAPI(base.Base, security_group_base.SecurityGroupBase):
         return groups
 
     def destroy(self, context, security_group):
+        if security_group['name'] in RO_SECURITY_GROUPS:
+            msg = _("Unable to delete system group '%s'") % \
+                    security_group['name']
+            self.raise_invalid_group(msg)
+
         if self.db.security_group_in_use(context, security_group['id']):
             msg = _("Security group is still in use")
             self.raise_invalid_group(msg)
author	Brent Eagles <beagles@redhat.com>	2013-02-22 13:26:45 -0330
committer	Brent Eagles <beagles@redhat.com>	2013-02-22 16:19:17 -0330
commit	b01923cb8d117476dc643e6c93e3ab1805b06f2d (patch)
tree	1940ca5708cb6f47f4bad048c8db92d65309771b /nova/compute
parent	a42845e455c74f41852babbbd09a3514021ea71d (diff)