From f006c920e0dc3d3465b0af27b0154aeee3fad373 Mon Sep 17 00:00:00 2001
From: Russell Bryant <rbryant@redhat.com>
Date: Thu, 23 Feb 2012 14:00:42 -0500
Subject: Don't delete security group in use from OS API.

Fix bug 938853.

This patch adds a check to the OpenStack API so that a security group
still in use can not be deleted.  This same check just recently went in
for the EC2 API.

Change-Id: I75dc47c5f5d227b94c45ba8a0f00c37bd63f09fc
---
 nova/api/openstack/compute/contrib/security_groups.py | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'nova/api')

diff --git a/nova/api/openstack/compute/contrib/security_groups.py b/nova/api/openstack/compute/contrib/security_groups.py
index 30d3bd6b6..89ef7dc78 100644
--- a/nova/api/openstack/compute/contrib/security_groups.py
+++ b/nova/api/openstack/compute/contrib/security_groups.py
@@ -239,6 +239,9 @@ class SecurityGroupController(SecurityGroupControllerBase):
         context = req.environ['nova.context']
         authorize(context)
         security_group = self._get_security_group(context, id)
+        if db.security_group_in_use(context, security_group.id):
+            msg = _("Security group is still in use")
+            raise exc.HTTPBadRequest(explanation=msg)
         LOG.audit(_("Delete security group %s"), id, context=context)
         db.security_group_destroy(context, security_group.id)
         self.sgh.trigger_security_group_destroy_refresh(
-- 
cgit