From ad3f578a37001957361014c7400dbe2e8ddd0baf Mon Sep 17 00:00:00 2001
From: Eldar Nugaev <enugaev@griddynamics.com>
Date: Thu, 12 May 2011 17:44:07 +0400
Subject: Added network_info into refresh_security_group_rules

---
 nova/tests/test_virt.py   | 12 +++++++++++-
 nova/virt/libvirt_conn.py | 20 ++++++++++++++------
 2 files changed, 25 insertions(+), 7 deletions(-)

diff --git a/nova/tests/test_virt.py b/nova/tests/test_virt.py
index 1311ba361..874c4693f 100644
--- a/nova/tests/test_virt.py
+++ b/nova/tests/test_virt.py
@@ -849,7 +849,7 @@ class IptablesFirewallTestCase(test.TestCase):
         self.assertEquals(len(rulesv4), 2)
         self.assertEquals(len(rulesv6), 0)
 
-    def multinic_iptables_test(self):
+    def test_multinic_iptables(self):
         ipv4_rules_per_network = 2
         ipv6_rules_per_network = 3
         networks_count = 5
@@ -869,6 +869,16 @@ class IptablesFirewallTestCase(test.TestCase):
         self.assertEquals(ipv6_network_rules,
                           ipv6_rules_per_network * networks_count)
 
+    def test_do_refresh_security_group_rules(self):
+        instance_ref = self._create_instance_ref()
+        self.mox.StubOutWithMock(self.fw,
+                                 'add_filters_for_instance',
+                                 use_mock_anything=True)
+        self.fw.add_filters_for_instance(instance_ref, mox.IgnoreArg())
+        self.fw.instances[instance_ref['id']] = instance_ref
+        self.mox.ReplayAll()
+        self.fw.do_refresh_security_group_rules("fake")
+
 
 class NWFilterTestCase(test.TestCase):
     def setUp(self):
diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py
index 555e44ce2..1e0a25a17 100644
--- a/nova/virt/libvirt_conn.py
+++ b/nova/virt/libvirt_conn.py
@@ -1612,7 +1612,9 @@ class FirewallDriver(object):
         """
         raise NotImplementedError()
 
-    def refresh_security_group_rules(self, security_group_id):
+    def refresh_security_group_rules(self,
+                                     security_group_id,
+                                     network_info=None):
         """Refresh security group rules from data store
 
         Gets called when a rule has been added to or removed from
@@ -1911,7 +1913,9 @@ class NWFilterFirewall(FirewallDriver):
         self._define_filter(self._filter_container(filter_name,
                                                    filter_children))
 
-    def refresh_security_group_rules(self, security_group_id):
+    def refresh_security_group_rules(self,
+                                     security_group_id,
+                                     network_info=None):
         return self._define_filter(
                    self.security_group_to_nwfilter_xml(security_group_id))
 
@@ -2169,15 +2173,19 @@ class IptablesFirewallDriver(FirewallDriver):
     def refresh_security_group_members(self, security_group):
         pass
 
-    def refresh_security_group_rules(self, security_group):
-        self.do_refresh_security_group_rules(security_group)
+    def refresh_security_group_rules(self, security_group, network_info=None):
+        self.do_refresh_security_group_rules(security_group, network_info)
         self.iptables.apply()
 
     @utils.synchronized('iptables', external=True)
-    def do_refresh_security_group_rules(self, security_group):
+    def do_refresh_security_group_rules(self,
+                                        security_group,
+                                        network_info=None):
         for instance in self.instances.values():
             self.remove_filters_for_instance(instance)
-            self.add_filters_for_instance(instance)
+            if not network_info:
+                network_info = _get_network_info(instance)
+            self.add_filters_for_instance(instance, network_info)
 
     def _security_group_chain_name(self, security_group_id):
         return 'nova-sg-%s' % (security_group_id,)
-- 
cgit