From dd6c1907c6634ccb41c3d94ed3296498e32333b0 Mon Sep 17 00:00:00 2001 From: Adam Gandelman Date: Thu, 15 Mar 2012 15:38:11 -0700 Subject: db api: Remove check for security groups reference security_group_in_use() should only be checking that a security group is associated with running instances, not that other groups are referencing it in their rules. With this check in place, it becomes impossible to delete self-referential security groups. Fixes bug 956366. Update: Remove obsolete test as well Change-Id: I31f49c655b044dbaf0fb66dfaadb876c9dc3d167 --- nova/db/sqlalchemy/api.py | 14 -------------- nova/tests/api/ec2/test_cloud.py | 17 ----------------- nova/tests/test_api.py | 9 --------- 3 files changed, 40 deletions(-) diff --git a/nova/db/sqlalchemy/api.py b/nova/db/sqlalchemy/api.py index bf5847dc3..71a17584e 100644 --- a/nova/db/sqlalchemy/api.py +++ b/nova/db/sqlalchemy/api.py @@ -2735,20 +2735,6 @@ def security_group_exists(context, project_id, group_name): def security_group_in_use(context, group_id): session = get_session() with session.begin(): - # Are there any other groups that haven't been deleted - # that include this group in their rules? - rules = session.query(models.SecurityGroupIngressRule).\ - filter_by(group_id=group_id).\ - filter_by(deleted=False).\ - all() - for r in rules: - num_groups = session.query(models.SecurityGroup).\ - filter_by(deleted=False).\ - filter_by(id=r.parent_group_id).\ - count() - if num_groups: - return True - # Are there any instances that haven't been deleted # that include this group? inst_assoc = session.query(models.SecurityGroupInstanceAssociation).\ diff --git a/nova/tests/api/ec2/test_cloud.py b/nova/tests/api/ec2/test_cloud.py index 7f56aa479..fc6c656fe 100644 --- a/nova/tests/api/ec2/test_cloud.py +++ b/nova/tests/api/ec2/test_cloud.py @@ -496,23 +496,6 @@ class CloudTestCase(test.TestCase): self.assertRaises(exception.EC2APIError, revoke, self.context, **kwargs) - def test_delete_security_group_in_use_by_group(self): - group1 = self.cloud.create_security_group(self.context, 'testgrp1', - "test group 1") - group2 = self.cloud.create_security_group(self.context, 'testgrp2', - "test group 2") - kwargs = {'groups': {'1': {'user_id': u'%s' % self.context.user_id, - 'group_name': u'testgrp2'}}, - } - self.cloud.authorize_security_group_ingress(self.context, - group_name='testgrp1', **kwargs) - - self.assertRaises(exception.InvalidGroup, - self.cloud.delete_security_group, - self.context, 'testgrp2') - self.cloud.delete_security_group(self.context, 'testgrp1') - self.cloud.delete_security_group(self.context, 'testgrp2') - def test_delete_security_group_in_use_by_instance(self): """Ensure that a group can not be deleted if in use by an instance.""" image_uuid = 'cedef40a-ed67-4d10-800e-17455edce175' diff --git a/nova/tests/test_api.py b/nova/tests/test_api.py index 473e1d5f9..5735a7dc2 100644 --- a/nova/tests/test_api.py +++ b/nova/tests/test_api.py @@ -572,15 +572,6 @@ class ApiEc2TestCase(test.TestCase): self.expect_http() self.mox.ReplayAll() - # Can not delete the group while it is still used by - # another group. - self.assertRaises(boto_exc.EC2ResponseError, - self.ec2.delete_security_group, - other_security_group_name) - - self.expect_http() - self.mox.ReplayAll() - rv = self.ec2.get_all_security_groups() for group in rv: -- cgit