From 3dc539bcb0d9031f81076ac2e1870918400150ed Mon Sep 17 00:00:00 2001 From: Russell Bryant Date: Fri, 10 Feb 2012 19:01:10 -0500 Subject: Don't allow EC2 removal of security group in use. Fix bug 817872. This patch modifies the behavior of removing security groups via the EC2 API to better match the EC2 API spec. The EC2 documentation says that a group that is still in use can not be removed. A new function has been added to the db API to find out whether a particular security group is still in use. "In use" is defined as applied to an active instance, or applied to another group that has not been deleted. Unit tests have been updated to ensure that an error is raised when these conditions are hit. Change-Id: I5b3fdf1da213b04084fe266c1a6ed92e01cf1e19 --- nova/api/ec2/cloud.py | 2 ++ 1 file changed, 2 insertions(+) (limited to 'nova/api') diff --git a/nova/api/ec2/cloud.py b/nova/api/ec2/cloud.py index 560a2d0dd..50732d086 100644 --- a/nova/api/ec2/cloud.py +++ b/nova/api/ec2/cloud.py @@ -763,6 +763,8 @@ class CloudController(object): security_group = db.security_group_get(context, group_id) if not security_group: raise notfound(security_group_id=group_id) + if db.security_group_in_use(context, security_group.id): + raise exception.InvalidGroup(reason="In Use") LOG.audit(_("Delete security group %s"), group_name, context=context) db.security_group_destroy(context, security_group.id) return True -- cgit