diff options
| author | Soren Hansen <soren@linux2go.dk> | 2011-08-14 04:17:48 +0000 |
|---|---|---|
| committer | Tarmac <> | 2011-08-14 04:17:48 +0000 |
| commit | eede601db836643a0fbc6689fb9ee9db15a822bc (patch) | |
| tree | 835bb238ff8018d1490f247f1b378ddde4863cba /nova/db | |
| parent | a538f400b5ced8357fa0e892fffd5a01b8e63cec (diff) | |
| parent | adc4d2dc71b6dcdad4bca57925f89d7344a613e8 (diff) | |
| download | nova-eede601db836643a0fbc6689fb9ee9db15a822bc.tar.gz nova-eede601db836643a0fbc6689fb9ee9db15a822bc.tar.xz nova-eede601db836643a0fbc6689fb9ee9db15a822bc.zip | |
Add source-group filtering.
Move refresh to be triggered by allocation and deallocation of IP's rather than creation/destruction of instances.
There really needs a way to use ipsets for this, but it's not widely supported yet (went into mainline linux at 2.6.39), so this implementation just uses regular iptables.
Diffstat (limited to 'nova/db')
| -rw-r--r-- | nova/db/sqlalchemy/models.py | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/nova/db/sqlalchemy/models.py b/nova/db/sqlalchemy/models.py index 939fde199..64b1bd5cd 100644 --- a/nova/db/sqlalchemy/models.py +++ b/nova/db/sqlalchemy/models.py @@ -479,6 +479,11 @@ class SecurityGroupIngressRule(BASE, NovaBase): # Note: This is not the parent SecurityGroup. It's SecurityGroup we're # granting access for. group_id = Column(Integer, ForeignKey('security_groups.id')) + grantee_group = relationship("SecurityGroup", + foreign_keys=group_id, + primaryjoin='and_(' + 'SecurityGroupIngressRule.group_id == SecurityGroup.id,' + 'SecurityGroupIngressRule.deleted == False)') class ProviderFirewallRule(BASE, NovaBase): |