Add iptables based security groups implementation.

author: Soren Hansen <soren.hansen@rackspace.com> 2010-12-06 22:19:29 +0100
committer: Soren Hansen <soren.hansen@rackspace.com> 2010-12-06 22:19:29 +0100
commit: cf21683d741165d2cf0798b7dc9968daa311fafc (patch)
tree: a3916479be457a8a907586788f27b9364debbfd2 /nova/db
parent: 16c440c5b598dab51ce4bd37c48f02f3da87c092 (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/nova/db/sqlalchemy/api.py b/nova/db/sqlalchemy/api.py
index afa55fc03..21b991548 100644
--- a/nova/db/sqlalchemy/api.py
+++ b/nova/db/sqlalchemy/api.py
@@ -574,12 +574,14 @@ def instance_get(context, instance_id, session=None):
     if is_admin_context(context):
         result = session.query(models.Instance).\
                          options(joinedload('security_groups')).\
+                         options(joinedload_all('security_groups.rules')).\
                          filter_by(id=instance_id).\
                          filter_by(deleted=can_read_deleted(context)).\
                          first()
     elif is_user_context(context):
         result = session.query(models.Instance).\
                          options(joinedload('security_groups')).\
+                         options(joinedload_all('security_groups.rules')).\
                          filter_by(project_id=context.project_id).\
                          filter_by(id=instance_id).\
                          filter_by(deleted=False).\
@@ -1506,6 +1508,24 @@ def security_group_rule_get(context, security_group_rule_id, session=None):
 
 
 @require_context
+def security_group_rule_get_by_security_group(context, security_group_id, session=None):
+    if not session:
+        session = get_session()
+    if is_admin_context(context):
+        result = session.query(models.SecurityGroupIngressRule).\
+                         filter_by(deleted=can_read_deleted(context)).\
+                         filter_by(parent_group_id=security_group_id).\
+                         all()
+    else:
+        # TODO(vish): Join to group and check for project_id
+        result = session.query(models.SecurityGroupIngressRule).\
+                         filter_by(deleted=False).\
+                         filter_by(parent_group_id=security_group_id).\
+                         all()
+    return result
+
+
+@require_context
 def security_group_rule_create(context, values):
     security_group_rule_ref = models.SecurityGroupIngressRule()
     security_group_rule_ref.update(values)
author	Soren Hansen <soren.hansen@rackspace.com>	2010-12-06 22:19:29 +0100
committer	Soren Hansen <soren.hansen@rackspace.com>	2010-12-06 22:19:29 +0100
commit	cf21683d741165d2cf0798b7dc9968daa311fafc (patch)
tree	a3916479be457a8a907586788f27b9364debbfd2 /nova/db
parent	16c440c5b598dab51ce4bd37c48f02f3da87c092 (diff)