diff options
| author | Todd Willey <todd@ansolabs.com> | 2011-01-18 19:54:27 +0000 |
|---|---|---|
| committer | Tarmac <> | 2011-01-18 19:54:27 +0000 |
| commit | ea1674cf33615e29ae7e6f57988076321461b22d (patch) | |
| tree | 397108295f5b46e8e574d95921515b3de16e1461 /nova | |
| parent | 4577c11923f05ba60ec898186d3f959d86e5de4c (diff) | |
| parent | be8b74ff0226557df01d4bdce2c76d0157e09b8f (diff) | |
| download | nova-ea1674cf33615e29ae7e6f57988076321461b22d.tar.gz nova-ea1674cf33615e29ae7e6f57988076321461b22d.tar.xz nova-ea1674cf33615e29ae7e6f57988076321461b22d.zip | |
Add refresh_security_group_* methods to nova/virt/fake.py, as FakeConnection is the reference for documentation and method signatures that should be implemented by virt connection drivers.
Diffstat (limited to 'nova')
| -rw-r--r-- | nova/virt/fake.py | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/nova/virt/fake.py b/nova/virt/fake.py index 80ae7f34c..037cf83f7 100644 --- a/nova/virt/fake.py +++ b/nova/virt/fake.py @@ -310,6 +310,54 @@ class FakeConnection(object): 'username': 'fakeuser', 'password': 'fakepassword'} + def refresh_security_group_rules(self, security_group_id): + """This method is called after a change to security groups. + + All security groups and their associated rules live in the datastore, + and calling this method should apply the updated rules to instances + running the specified security group. + + An error should be raised if the operation cannot complete. + + """ + return True + + def refresh_security_group_members(self, security_group_id): + """This method is called when a security group is added to an instance. + + This message is sent to the virtualization drivers on hosts that are + running an instance that belongs to a security group that has a rule + that references the security group identified by `security_group_id`. + It is the responsiblity of this method to make sure any rules + that authorize traffic flow with members of the security group are + updated and any new members can communicate, and any removed members + cannot. + + Scenario: + * we are running on host 'H0' and we have an instance 'i-0'. + * instance 'i-0' is a member of security group 'speaks-b' + * group 'speaks-b' has an ingress rule that authorizes group 'b' + * another host 'H1' runs an instance 'i-1' + * instance 'i-1' is a member of security group 'b' + + When 'i-1' launches or terminates we will recieve the message + to update members of group 'b', at which time we will make + any changes needed to the rules for instance 'i-0' to allow + or deny traffic coming from 'i-1', depending on if it is being + added or removed from the group. + + In this scenario, 'i-1' could just as easily have been running on our + host 'H0' and this method would still have been called. The point was + that this method isn't called on the host where instances of that + group are running (as is the case with + :method:`refresh_security_group_rules`) but is called where references + are made to authorizing those instances. + + An error should be raised if the operation cannot complete. + + """ + return True + def get_cpu_info(self): """This method is supported only libvirt. """ return |