From 5a2b9d7e95cde85d58a35a73030fc8eea88f3386 Mon Sep 17 00:00:00 2001 From: Aaron Rosen Date: Thu, 28 Feb 2013 14:47:11 -0800 Subject: Implement rules_exist method for quantum security group driver Originally I thought the quantum security group driver should not enforce rules exist on the nova-api side and instead it should just forward the request to quantum which would return the error. That said there is no extra cost to doing this on the nova-api side as nova-api already queries for the group before adding the rule. In addition, rules_exists() is used in revoke_security_group_ingress() for the ec2 compat APIs so this needs to be implemented. This patch moves create_security_group_rule() and rule_exists() from nova/compute/api.py to nova/network/security_group/security_group_base.py as the same code can be leveraged in both places. Fixes bug 1136345 Change-Id: I444ffc2b53b30ed496b6e3250433d14f316e594d --- nova/compute/api.py | 24 ------------------------ 1 file changed, 24 deletions(-) (limited to 'nova/compute') diff --git a/nova/compute/api.py b/nova/compute/api.py index bba6ee1eb..8ae8b6caf 100644 --- a/nova/compute/api.py +++ b/nova/compute/api.py @@ -2987,21 +2987,6 @@ class SecurityGroupAPI(base.Base, security_group_base.SecurityGroupBase): self.trigger_handler('instance_remove_security_group', context, instance, security_group_name) - def rule_exists(self, security_group, new_rule): - """Indicates whether the specified rule is already - defined in the given security group. - """ - for rule in security_group['rules']: - is_duplicate = True - keys = ('group_id', 'cidr', 'from_port', 'to_port', 'protocol') - for key in keys: - if rule.get(key) != new_rule.get(key): - is_duplicate = False - break - if is_duplicate: - return rule.get('id') or True - return False - def get_rule(self, context, id): self.ensure_default(context) try: @@ -3094,15 +3079,6 @@ class SecurityGroupAPI(base.Base, security_group_base.SecurityGroupBase): msg = _("Security group id should be integer") self.raise_invalid_property(msg) - def create_security_group_rule(self, context, security_group, new_rule): - if self.rule_exists(security_group, new_rule): - msg = (_('This rule already exists in group %s') % - new_rule['parent_group_id']) - self.raise_group_already_exists(msg) - return self.add_rules(context, new_rule['parent_group_id'], - security_group['name'], - [new_rule])[0] - def trigger_handler(self, event, *args): handle = getattr(self.sgh, 'trigger_%s_refresh' % event) handle(*args) -- cgit