From 2525afadd3475143040e6a4fe4021dc911a3f159 Mon Sep 17 00:00:00 2001
From: Mark McLoughlin <markmc@redhat.com>
Date: Fri, 31 Aug 2012 16:49:06 +0100
Subject: Avoid leaking security group quota reservations

Fixes bug #1043765

If you attempt to create a security group where one already exists using
that name, a security groups quota reservation is leaked. Fix by
ensuring the reservation is rolled back in all failure cases.

Add a check to the tests to ensure that a reservation isn't leaked in
any of our sad path tests for security group creation.

Change-Id: I22d6e4a0452d3ac7a23056b0a4aee6f7dd135e30
---
 nova/compute/api.py | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

(limited to 'nova/compute')

diff --git a/nova/compute/api.py b/nova/compute/api.py
index dcc6a7f06..dfc92f362 100644
--- a/nova/compute/api.py
+++ b/nova/compute/api.py
@@ -2099,13 +2099,14 @@ class SecurityGroupAPI(base.Base):
 
         LOG.audit(_("Create Security Group %s"), name, context=context)
 
-        self.ensure_default(context)
+        try:
+            self.ensure_default(context)
 
-        if self.db.security_group_exists(context, context.project_id, name):
-            msg = _('Security group %s already exists') % name
-            self.raise_group_already_exists(msg)
+            if self.db.security_group_exists(context,
+                                             context.project_id, name):
+                msg = _('Security group %s already exists') % name
+                self.raise_group_already_exists(msg)
 
-        try:
             group = {'user_id': context.user_id,
                      'project_id': context.project_id,
                      'name': name,
-- 
cgit