From 793516d14630a82bb3592f626b753736e63955ec Mon Sep 17 00:00:00 2001 From: Vishvananda Ishaya Date: Wed, 29 Sep 2010 01:33:30 -0700 Subject: autocreate the models and use security_groups --- nova/db/sqlalchemy/api.py | 4 ++-- nova/db/sqlalchemy/models.py | 12 ++++++------ 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/nova/db/sqlalchemy/api.py b/nova/db/sqlalchemy/api.py index 7ef92cad5..200fb3b3c 100644 --- a/nova/db/sqlalchemy/api.py +++ b/nova/db/sqlalchemy/api.py @@ -1031,7 +1031,7 @@ def security_group_destroy(_context, security_group_id): session = get_session() with session.begin(): # TODO(vish): do we have to use sql here? - session.execute('update security_group set deleted=1 where id=:id', + session.execute('update security_groups set deleted=1 where id=:id', {'id': security_group_id}) session.execute('update security_group_rules set deleted=1 ' 'where group_id=:id', @@ -1041,7 +1041,7 @@ def security_group_destroy_all(_context): session = get_session() with session.begin(): # TODO(vish): do we have to use sql here? - session.execute('update security_group set deleted=1') + session.execute('update security_groups set deleted=1') session.execute('update security_group_rules set deleted=1') ################### diff --git a/nova/db/sqlalchemy/models.py b/nova/db/sqlalchemy/models.py index b89616ddb..c2dbf2345 100644 --- a/nova/db/sqlalchemy/models.py +++ b/nova/db/sqlalchemy/models.py @@ -25,7 +25,7 @@ import datetime # TODO(vish): clean up these imports from sqlalchemy.orm import relationship, backref, exc, object_mapper -from sqlalchemy import Column, Integer, String, Table +from sqlalchemy import Column, Integer, String from sqlalchemy import ForeignKey, DateTime, Boolean, Text from sqlalchemy.ext.declarative import declarative_base @@ -343,13 +343,13 @@ class ExportDevice(BASE, NovaBase): class SecurityGroupInstanceAssociation(BASE, NovaBase): __tablename__ = 'security_group_instance_association' id = Column(Integer, primary_key=True) - security_group_id = Column(Integer, ForeignKey('security_group.id')) + security_group_id = Column(Integer, ForeignKey('security_groups.id')) instance_id = Column(Integer, ForeignKey('instances.id')) class SecurityGroup(BASE, NovaBase): """Represents a security group""" - __tablename__ = 'security_group' + __tablename__ = 'security_groups' id = Column(Integer, primary_key=True) name = Column(String(255)) @@ -379,7 +379,7 @@ class SecurityGroupIngressRule(BASE, NovaBase): __tablename__ = 'security_group_rules' id = Column(Integer, primary_key=True) - parent_group_id = Column(Integer, ForeignKey('security_group.id')) + parent_group_id = Column(Integer, ForeignKey('security_groups.id')) parent_group = relationship("SecurityGroup", backref="rules", foreign_keys=parent_group_id, primaryjoin="and_(SecurityGroupIngressRule.parent_group_id == SecurityGroup.id," @@ -392,7 +392,7 @@ class SecurityGroupIngressRule(BASE, NovaBase): # Note: This is not the parent SecurityGroup. It's SecurityGroup we're # granting access for. - group_id = Column(Integer, ForeignKey('security_group.id')) + group_id = Column(Integer, ForeignKey('security_groups.id')) class KeyPair(BASE, NovaBase): @@ -546,7 +546,7 @@ def register_models(): from sqlalchemy import create_engine models = (Service, Instance, Volume, ExportDevice, FixedIp, FloatingIp, Network, NetworkIndex, SecurityGroup, SecurityGroupIngressRule, - AuthToken) # , Image, Host + SecurityGroupInstanceAssociation, AuthToken) # , Image, Host engine = create_engine(FLAGS.sql_connection, echo=False) for model in models: model.metadata.create_all(engine) -- cgit From 5fa5a0b0b9e13f8f44b257eac0385730c959b92f Mon Sep 17 00:00:00 2001 From: Vishvananda Ishaya Date: Wed, 29 Sep 2010 01:58:19 -0700 Subject: fix the primary and secondary join --- nova/db/sqlalchemy/api.py | 4 ++-- nova/db/sqlalchemy/models.py | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/nova/db/sqlalchemy/api.py b/nova/db/sqlalchemy/api.py index 200fb3b3c..447d20b25 100644 --- a/nova/db/sqlalchemy/api.py +++ b/nova/db/sqlalchemy/api.py @@ -412,10 +412,10 @@ def instance_destroy(_context, instance_id): def instance_get(context, instance_id): session = get_session() instance_ref = session.query(models.Instance - ).options(joinedload_all('fixed_ip.floating_ips') - ).options(joinedload_all('security_groups') ).filter_by(id=instance_id ).filter_by(deleted=_deleted(context) + ).options(joinedload_all('security_groups') + ).options(joinedload_all('fixed_ip.floating_ips') ).first() if not instance_ref: raise exception.NotFound('Instance %s not found' % (instance_id)) diff --git a/nova/db/sqlalchemy/models.py b/nova/db/sqlalchemy/models.py index c2dbf2345..67142ad78 100644 --- a/nova/db/sqlalchemy/models.py +++ b/nova/db/sqlalchemy/models.py @@ -359,9 +359,9 @@ class SecurityGroup(BASE, NovaBase): instances = relationship(Instance, secondary="security_group_instance_association", - secondaryjoin="and_(SecurityGroup.id == SecurityGroupInstanceAssociation.security_group_id," - "Instance.id == SecurityGroupInstanceAssociation.instance_id," - "SecurityGroup.deleted == False," + primaryjoin="and_(SecurityGroup.id == SecurityGroupInstanceAssociation.security_group_id," + "SecurityGroup.deleted == False)", + secondaryjoin="and_(SecurityGroupInstanceAssociation.instance_id == Instance.id," "Instance.deleted == False)", backref='security_groups') -- cgit From a86507b3224eb051fea97f65bd5653758fa91668 Mon Sep 17 00:00:00 2001 From: Vishvananda Ishaya Date: Wed, 29 Sep 2010 06:17:39 -0700 Subject: fix ordering of rules to actually allow out and drop in --- nova/virt/libvirt_conn.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py index c86f3ffb7..9d889cf29 100644 --- a/nova/virt/libvirt_conn.py +++ b/nova/virt/libvirt_conn.py @@ -527,8 +527,8 @@ class NWFilterFirewall(object): def nova_base_ipv4_filter(self): retval = "" for protocol in ['tcp', 'udp', 'icmp']: - for direction,action,priority in [('out','accept', 400), - ('in','drop', 399)]: + for direction,action,priority in [('out','accept', 399), + ('inout','drop', 400)]: retval += """ <%s /> """ % (action, direction, @@ -540,8 +540,8 @@ class NWFilterFirewall(object): def nova_base_ipv6_filter(self): retval = "" for protocol in ['tcp', 'udp', 'icmp']: - for direction,action,priority in [('out','accept',400), - ('in','drop',399)]: + for direction,action,priority in [('out','accept',399), + ('inout','drop',400)]: retval += """ <%s-ipv6 /> """ % (action, direction, -- cgit From ddaaebb28649811d723f93a89ee46d69cc3ecabc Mon Sep 17 00:00:00 2001 From: Vishvananda Ishaya Date: Thu, 30 Sep 2010 20:24:42 -0700 Subject: show project ids for groups instead of user ids --- nova/api/ec2/cloud.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nova/api/ec2/cloud.py b/nova/api/ec2/cloud.py index 6c67db28d..8aa76a787 100644 --- a/nova/api/ec2/cloud.py +++ b/nova/api/ec2/cloud.py @@ -260,7 +260,7 @@ class CloudController(object): g = {} g['groupDescription'] = group.description g['groupName'] = group.name - g['ownerId'] = context.user.id + g['ownerId'] = group.project_id g['ipPermissions'] = [] for rule in group.rules: r = {} @@ -272,7 +272,7 @@ class CloudController(object): if rule.group_id: source_group = db.security_group_get(context, rule.group_id) r['groups'] += [{'groupName': source_group.name, - 'userId': source_group.user_id}] + 'userId': source_group.project_id}] else: r['ipRanges'] += [{'cidrIp': rule.cidr}] g['ipPermissions'] += [r] -- cgit