Merge "Don't delete security group in use from OS API."

author: Jenkins <jenkins@review.openstack.org> 2012-02-24 22:07:39 +0000
committer: Gerrit Code Review <review@openstack.org> 2012-02-24 22:07:39 +0000
commit: 48c08d048bfe8c60cf3cd03c1078e2605bbb0a18 (patch)
tree: 407cab140d0e60dec371a9def805e533eceef1d5 /nova
parent: bfa6b0b4f44e451551c4ed910b35b2270aa65c9a (diff)
parent: f006c920e0dc3d3465b0af27b0154aeee3fad373 (diff)
2 files changed, 22 insertions, 0 deletions
diff --git a/nova/api/openstack/compute/contrib/security_groups.py b/nova/api/openstack/compute/contrib/security_groups.py
index 30d3bd6b6..89ef7dc78 100644
--- a/nova/api/openstack/compute/contrib/security_groups.py
+++ b/nova/api/openstack/compute/contrib/security_groups.py
@@ -239,6 +239,9 @@ class SecurityGroupController(SecurityGroupControllerBase):
         context = req.environ['nova.context']
         authorize(context)
         security_group = self._get_security_group(context, id)
+        if db.security_group_in_use(context, security_group.id):
+            msg = _("Security group is still in use")
+            raise exc.HTTPBadRequest(explanation=msg)
         LOG.audit(_("Delete security group %s"), id, context=context)
         db.security_group_destroy(context, security_group.id)
         self.sgh.trigger_security_group_destroy_refresh(
diff --git a/nova/tests/api/openstack/compute/contrib/test_security_groups.py b/nova/tests/api/openstack/compute/contrib/test_security_groups.py
index 609eb9ba0..a64ec7b6f 100644
--- a/nova/tests/api/openstack/compute/contrib/test_security_groups.py
+++ b/nova/tests/api/openstack/compute/contrib/test_security_groups.py
@@ -331,6 +331,25 @@ class TestSecurityGroups(test.TestCase):
         self.assertRaises(webob.exc.HTTPNotFound, self.controller.delete,
                           req, '11111111')
 
+    def test_delete_security_group_in_use(self):
+        sg = security_group_template(id=1, rules=[])
+
+        def security_group_in_use(context, id):
+            return True
+
+        def return_security_group(context, group_id):
+            self.assertEquals(sg['id'], group_id)
+            return security_group_db(sg)
+
+        self.stubs.Set(nova.db, 'security_group_in_use',
+                       security_group_in_use)
+        self.stubs.Set(nova.db, 'security_group_get',
+                       return_security_group)
+
+        req = fakes.HTTPRequest.blank('/v2/fake/os-security-groups/1')
+        self.assertRaises(webob.exc.HTTPBadRequest, self.controller.delete,
+                          req, '1')
+
     def test_associate_by_non_existing_security_group_name(self):
         body = dict(addSecurityGroup=dict(name='non-existing'))
author	Jenkins <jenkins@review.openstack.org>	2012-02-24 22:07:39 +0000
committer	Gerrit Code Review <review@openstack.org>	2012-02-24 22:07:39 +0000
commit	48c08d048bfe8c60cf3cd03c1078e2605bbb0a18 (patch)
tree	407cab140d0e60dec371a9def805e533eceef1d5 /nova
parent	bfa6b0b4f44e451551c4ed910b35b2270aa65c9a (diff)
parent	f006c920e0dc3d3465b0af27b0154aeee3fad373 (diff)