diff options
| -rw-r--r-- | nova/api/openstack/compute/contrib/security_group_default_rules.py | 8 | ||||
| -rw-r--r-- | nova/api/openstack/compute/contrib/security_groups.py | 31 | ||||
| -rw-r--r-- | nova/compute/api.py | 8 | ||||
| -rw-r--r-- | nova/network/security_group/quantum_driver.py | 6 | ||||
| -rw-r--r-- | nova/network/security_group/security_group_base.py | 3 |
5 files changed, 28 insertions, 28 deletions
diff --git a/nova/api/openstack/compute/contrib/security_group_default_rules.py b/nova/api/openstack/compute/contrib/security_group_default_rules.py index e2bba8127..751a4d459 100644 --- a/nova/api/openstack/compute/contrib/security_group_default_rules.py +++ b/nova/api/openstack/compute/contrib/security_group_default_rules.py @@ -112,7 +112,7 @@ class SecurityGroupDefaultRulesController(sg.SecurityGroupControllerBase): @wsgi.serializers(xml=SecurityGroupDefaultRuleTemplate) @wsgi.deserializers(xml=SecurityGroupDefaultRulesXMLDeserializer) def create(self, req, body): - context = self._authorize_context(req) + context = sg._authorize_context(req) authorize(context) sg_rule = self._from_body(body, 'security_group_default_rule') @@ -146,7 +146,7 @@ class SecurityGroupDefaultRulesController(sg.SecurityGroupControllerBase): @wsgi.serializers(xml=SecurityGroupDefaultRuleTemplate) def show(self, req, id): - context = self._authorize_context(req) + context = sg._authorize_context(req) authorize(context) id = self.security_group_api.validate_id(id) @@ -161,7 +161,7 @@ class SecurityGroupDefaultRulesController(sg.SecurityGroupControllerBase): return {"security_group_default_rule": fmt_rule} def delete(self, req, id): - context = self._authorize_context(req) + context = sg._authorize_context(req) authorize(context) id = self.security_group_api.validate_id(id) @@ -175,7 +175,7 @@ class SecurityGroupDefaultRulesController(sg.SecurityGroupControllerBase): @wsgi.serializers(xml=SecurityGroupDefaultRulesTemplate) def index(self, req): - context = self._authorize_context(req) + context = sg._authorize_context(req) authorize(context) ret = {'security_group_default_rules': []} diff --git a/nova/api/openstack/compute/contrib/security_groups.py b/nova/api/openstack/compute/contrib/security_groups.py index 354fab647..50d30d6b3 100644 --- a/nova/api/openstack/compute/contrib/security_groups.py +++ b/nova/api/openstack/compute/contrib/security_groups.py @@ -77,6 +77,11 @@ def make_sg(elem): make_rule(rule) +def _authorize_context(req): + context = req.environ['nova.context'] + authorize(context) + return context + sg_nsmap = {None: wsgi.XMLNS_V11} @@ -213,11 +218,6 @@ class SecurityGroupControllerBase(object): context, rule)] return security_group - def _authorize_context(self, req): - context = req.environ['nova.context'] - authorize(context) - return context - def _from_body(self, body, key): if not body: raise exc.HTTPUnprocessableEntity() @@ -233,7 +233,7 @@ class SecurityGroupController(SecurityGroupControllerBase): @wsgi.serializers(xml=SecurityGroupTemplate) def show(self, req, id): """Return data about the given security group.""" - context = self._authorize_context(req) + context = _authorize_context(req) id = self.security_group_api.validate_id(id) @@ -245,7 +245,7 @@ class SecurityGroupController(SecurityGroupControllerBase): def delete(self, req, id): """Delete a security group.""" - context = self._authorize_context(req) + context = _authorize_context(req) id = self.security_group_api.validate_id(id) @@ -259,7 +259,7 @@ class SecurityGroupController(SecurityGroupControllerBase): @wsgi.serializers(xml=SecurityGroupsTemplate) def index(self, req): """Returns a list of security groups.""" - context = self._authorize_context(req) + context = _authorize_context(req) search_opts = {} search_opts.update(req.GET) @@ -280,7 +280,7 @@ class SecurityGroupController(SecurityGroupControllerBase): @wsgi.deserializers(xml=SecurityGroupXMLDeserializer) def create(self, req, body): """Creates a new security group.""" - context = self._authorize_context(req) + context = _authorize_context(req) security_group = self._from_body(body, 'security_group') @@ -303,7 +303,7 @@ class SecurityGroupRulesController(SecurityGroupControllerBase): @wsgi.serializers(xml=SecurityGroupRuleTemplate) @wsgi.deserializers(xml=SecurityGroupRulesXMLDeserializer) def create(self, req, body): - context = self._authorize_context(req) + context = _authorize_context(req) sg_rule = self._from_body(body, 'security_group_rule') @@ -358,7 +358,7 @@ class SecurityGroupRulesController(SecurityGroupControllerBase): cidr, ip_protocol, from_port, to_port) def delete(self, req, id): - context = self._authorize_context(req) + context = _authorize_context(req) id = self.security_group_api.validate_id(id) @@ -380,7 +380,7 @@ class ServerSecurityGroupController(SecurityGroupControllerBase): @wsgi.serializers(xml=SecurityGroupsTemplate) def index(self, req, server_id): """Returns a list of security groups for the given instance.""" - context = self._authorize_context(req) + context = _authorize_context(req) self.security_group_api.ensure_default(context) @@ -390,7 +390,7 @@ class ServerSecurityGroupController(SecurityGroupControllerBase): raise exc.HTTPNotFound(explanation=exp.format_message()) groups = self.security_group_api.get_instance_security_groups( - req, instance['id'], instance['uuid'], True) + context, instance['id'], instance['uuid'], True) result = [self._format_security_group(context, group) for group in groups] @@ -466,7 +466,10 @@ class SecurityGroupsOutputController(wsgi.Controller): openstack_driver.get_openstack_security_group_driver()) def _extend_servers(self, req, servers): + # TODO(arosen) this function should be refactored to reduce duplicate + # code and use get_instance_security_groups instead of get_db_instance. key = "security_groups" + context = _authorize_context(req) if not openstack_driver.is_quantum_security_groups(): for server in servers: instance = req.get_db_instance(server['id']) @@ -483,7 +486,7 @@ class SecurityGroupsOutputController(wsgi.Controller): for server in servers: instance_sgs = ( self.security_group_api.get_instance_security_groups( - req, server['id'])) + context, server['id'])) else: try: # try converting to json diff --git a/nova/compute/api.py b/nova/compute/api.py index 0d915bfc9..15cd52e82 100644 --- a/nova/compute/api.py +++ b/nova/compute/api.py @@ -40,7 +40,6 @@ from nova.compute import task_states from nova.compute import utils as compute_utils from nova.compute import vm_states from nova.consoleauth import rpcapi as consoleauth_rpcapi -from nova import context from nova import crypto from nova.db import base from nova import exception @@ -3164,12 +3163,11 @@ class SecurityGroupAPI(base.Base, security_group_base.SecurityGroupBase): self.security_group_rpcapi.refresh_instance_security_rules( context, instance['host'], instance) - def get_instance_security_groups(self, req, instance_id, + def get_instance_security_groups(self, context, instance_id, instance_uuid=None, detailed=False): if detailed: - return self.db.security_group_get_by_instance( - context.get_admin_context(), instance_id) - instance = req.get_db_instance(instance_id) + return self.db.security_group_get_by_instance(context, instance_id) + instance = self.db.instance_get(context, instance_id) groups = instance.get('security_groups') if groups: return [{'name': group['name']} for group in groups] diff --git a/nova/network/security_group/quantum_driver.py b/nova/network/security_group/quantum_driver.py index 5a24a74ab..d8eede44f 100644 --- a/nova/network/security_group/quantum_driver.py +++ b/nova/network/security_group/quantum_driver.py @@ -23,7 +23,6 @@ from quantumclient.quantum import v2_0 as quantumv20 from webob import exc from nova.compute import api as compute_api -from nova import context from nova import exception from nova.network import quantumv2 from nova.network.security_group import security_group_base @@ -246,14 +245,13 @@ class SecurityGroupAPI(security_group_base.SecurityGroupBase): raise e return self._convert_to_nova_security_group_rule_format(rule) - def get_instance_security_groups(self, req, instance_id, + def get_instance_security_groups(self, context, instance_id, instance_uuid=None, detailed=False): """Returns the security groups that are associated with an instance. If detailed is True then it also returns the full details of the security groups associated with an instance. """ - admin_context = context.get_admin_context() - quantum = quantumv2.get_client(admin_context) + quantum = quantumv2.get_client(context) if instance_uuid: params = {'device_id': instance_uuid} else: diff --git a/nova/network/security_group/security_group_base.py b/nova/network/security_group/security_group_base.py index 4a82bd881..3babf4b00 100644 --- a/nova/network/security_group/security_group_base.py +++ b/nova/network/security_group/security_group_base.py @@ -204,7 +204,8 @@ class SecurityGroupBase(object): def get_rule(self, context, id): raise NotImplementedError() - def get_instance_security_groups(self, req, instance_id): + def get_instance_security_groups(self, context, instance_id, + instance_uuid=None, detailed=False): raise NotImplementedError() def add_to_instance(self, context, instance, security_group_name): |