From 4243440af10f3d682d255f7283618361a6e94d57 Mon Sep 17 00:00:00 2001 From: Todd Willey Date: Tue, 18 Jan 2011 02:03:52 -0500 Subject: I might have gone overboard with documenting _members. --- nova/virt/fake.py | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/nova/virt/fake.py b/nova/virt/fake.py index a57a8f43b..4eb42ab85 100644 --- a/nova/virt/fake.py +++ b/nova/virt/fake.py @@ -310,6 +310,53 @@ class FakeConnection(object): 'username': 'fakeuser', 'password': 'fakepassword'} + def refresh_security_group_rules(self, security_group_id): + """This method is called after a change to security groups. + + All security groups and their associated rules live in the datastore, + and calling this method should apply the updated rules to instances + running the specified security group. + + An error should be raised if the operation cannot complete. + + """ + return True + + def refresh_security_group_members(self, security_group_id): + """This method is called when a security group is added to an instance. + + This message is sent to the virtualization drivers on hosts that are + running an instance that belongs to a security group that has a rule + that references the security group identified by `security_group_id`. + It is the responsiblity of this method to make sure any rules + that authorize traffic flow with members of the security group are + updated and any new members can communicate, and any removed members + cannot. + + Scenario: + * we are running on host 'H0' and we have an instance 'i-0'. + * instance 'i-0' is a member of security group 'speaks-b' + * group 'speaks-b' has an ingress rule that authorizes group 'b' + * another host 'H1' runs an instance 'i-1' + * instance 'i-1' is a member of security group 'b' + + When 'i-1' launches or terminates we will recieve the message + to update members of group 'b', at which time we will make + any changes needed to the rules for instance 'i-0' to allow + or deny traffic coming from 'i-1', depending on if it is being + added or removed from the group. + + In this scenario, 'i-1' could just as easily have been running on our + host 'H0' and this method would still have been called. The point was + that this method isn't called on the host where instances of that + group are running (as is the case with + :method:`refresh_security_group_rules`) but is called where references + are made to authorizing those instances. + + An error should be raised if the operation cannot complete. + + """ + return True class FakeInstance(object): -- cgit From 11a10dc9a2fcaaf94e9c661fc9162fd5b8bd420e Mon Sep 17 00:00:00 2001 From: Todd Willey Date: Tue, 18 Jan 2011 02:05:07 -0500 Subject: pep8 --- nova/virt/fake.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/nova/virt/fake.py b/nova/virt/fake.py index 4eb42ab85..f8b3c7807 100644 --- a/nova/virt/fake.py +++ b/nova/virt/fake.py @@ -318,7 +318,7 @@ class FakeConnection(object): running the specified security group. An error should be raised if the operation cannot complete. - + """ return True @@ -328,7 +328,7 @@ class FakeConnection(object): This message is sent to the virtualization drivers on hosts that are running an instance that belongs to a security group that has a rule that references the security group identified by `security_group_id`. - It is the responsiblity of this method to make sure any rules + It is the responsiblity of this method to make sure any rules that authorize traffic flow with members of the security group are updated and any new members can communicate, and any removed members cannot. @@ -354,10 +354,11 @@ class FakeConnection(object): are made to authorizing those instances. An error should be raised if the operation cannot complete. - + """ return True + class FakeInstance(object): def __init__(self): -- cgit