From e53676bb32b70ff01ca27c310e558b651590be3d Mon Sep 17 00:00:00 2001 From: Devin Carlen Date: Fri, 10 Sep 2010 15:26:13 -0700 Subject: Refactored to security group api to support projects --- nova/db/api.py | 34 ++++++++++++-------- nova/db/sqlalchemy/api.py | 76 +++++++++++++++++++++++++++----------------- nova/db/sqlalchemy/models.py | 22 ++++++------- 3 files changed, 77 insertions(+), 55 deletions(-) (limited to 'nova/db') diff --git a/nova/db/api.py b/nova/db/api.py index 2bcf0bd2b..cdbd15486 100644 --- a/nova/db/api.py +++ b/nova/db/api.py @@ -442,33 +442,39 @@ def volume_update(context, volume_id, values): """ return IMPL.volume_update(context, volume_id, values) + #################### -def security_group_create(context, values): - """Create a new security group""" - return IMPL.security_group_create(context, values) +def security_group_get_all(context): + """Get all security groups""" + return IMPL.security_group_get_all(context) -def security_group_get_by_id(context, security_group_id): +def security_group_get(context, security_group_id): """Get security group by its internal id""" - return IMPL.security_group_get_by_id(context, security_group_id) + return IMPL.security_group_get(context, security_group_id) -def security_group_get_by_instance(context, instance_id): - """Get security groups to which the instance is assigned""" - return IMPL.security_group_get_by_instance(context, instance_id) +def security_group_get_by_name(context, project_id, group_name): + """Returns a security group with the specified name from a project""" + return IMPL.securitygroup_get_by_name(context, project_id, group_name) -def security_group_get_by_user(context, user_id): - """Get security groups owned by the given user""" - return IMPL.security_group_get_by_user(context, user_id) +def security_group_get_by_project(context, project_id): + """Get all security groups belonging to a project""" + return IMPL.securitygroup_get_by_project(context, project_id) -def security_group_get_by_user_and_name(context, user_id, name): - """Get user's named security group""" - return IMPL.security_group_get_by_user_and_name(context, user_id, name) +def security_group_get_by_instance(context, instance_id): + """Get security groups to which the instance is assigned""" + return IMPL.security_group_get_by_instance(context, instance_id) + +def security_group_create(context, values): + """Create a new security group""" + return IMPL.security_group_create(context, values) + def security_group_destroy(context, security_group_id): """Deletes a security group""" diff --git a/nova/db/sqlalchemy/api.py b/nova/db/sqlalchemy/api.py index 1c95efd83..61d733940 100644 --- a/nova/db/sqlalchemy/api.py +++ b/nova/db/sqlalchemy/api.py @@ -616,20 +616,45 @@ def volume_update(_context, volume_id, values): ################### -def security_group_create(_context, values): - security_group_ref = models.SecurityGroup() - for (key, value) in values.iteritems(): - security_group_ref[key] = value - security_group_ref.save() - return security_group_ref +def security_group_get_all(_context): + session = get_session() + return session.query(models.SecurityGroup + ).options(eagerload('rules') + ).filter_by(deleted=False + ).all() -def security_group_get_by_id(_context, security_group_id): +def security_group_get(_context, security_group_id): session = get_session() with session.begin(): return session.query(models.SecurityGroup + ).options(eagerload('rules') + ).get(security_group_id) + + +def securitygroup_get_by_name(context, project_id, group_name): + session = get_session() + group_ref = session.query(models.SecurityGroup ).options(eagerload('rules') - ).get(security_group_id) + ).filter_by(project_id=project_id + ).filter_by(name=group_name + ).filter_by(deleted=False + ).first() + if not group_ref: + raise exception.NotFound( + 'No security group named %s for project: %s' \ + % (group_name, project_id)) + + return group_ref + + +def securitygroup_get_by_project(_context, project_id): + session = get_session() + return session.query(models.SecurityGroup + ).options(eagerload('rules') + ).filter_by(project_id=project_id + ).filter_by(deleted=False + ).all() def security_group_get_by_instance(_context, instance_id): @@ -638,34 +663,27 @@ def security_group_get_by_instance(_context, instance_id): return session.query(models.Instance ).get(instance_id ).security_groups \ - .all() + .filter_by(deleted=False + ).all() -def security_group_get_by_user(_context, user_id): - session = get_session() - with session.begin(): - return session.query(models.SecurityGroup - ).filter_by(user_id=user_id - ).filter_by(deleted=False - ).options(eagerload('rules') - ).all() +def security_group_create(_context, values): + security_group_ref = models.SecurityGroup() + for (key, value) in values.iteritems(): + security_group_ref[key] = value + security_group_ref.save() + return security_group_ref -def security_group_get_by_user_and_name(_context, user_id, name): - session = get_session() - with session.begin(): - return session.query(models.SecurityGroup - ).filter_by(user_id=user_id - ).filter_by(name=name - ).filter_by(deleted=False - ).options(eagerload('rules') - ).one() def security_group_destroy(_context, security_group_id): session = get_session() with session.begin(): - security_group = session.query(models.SecurityGroup - ).get(security_group_id) - security_group.delete(session=session) + # TODO(vish): do we have to use sql here? + session.execute('update security_group set deleted=1 where id=:id', + {'id': security_group_id}) + session.execute('update security_group_rule set deleted=1 ' + 'where group_id=:id', + {'id': security_group_id}) ################### diff --git a/nova/db/sqlalchemy/models.py b/nova/db/sqlalchemy/models.py index f27520aa8..3c4b9ddd7 100644 --- a/nova/db/sqlalchemy/models.py +++ b/nova/db/sqlalchemy/models.py @@ -306,26 +306,23 @@ class SecurityGroup(BASE, NovaBase): class SecurityGroupIngressRule(BASE, NovaBase): """Represents a rule in a security group""" - __tablename__ = 'security_group_rules' + __tablename__ = 'security_group_rule' id = Column(Integer, primary_key=True) - parent_group_id = Column(Integer, ForeignKey('security_group.id')) - parent_group = relationship("SecurityGroup", backref="rules", foreign_keys=parent_group_id, - primaryjoin=parent_group_id==SecurityGroup.id) + group_id = Column(Integer, ForeignKey('security_group.id')) + group = relationship("SecurityGroup", backref="rules", + foreign_keys=group_id, + primaryjoin=group_id==SecurityGroup.id) protocol = Column(String(5)) # "tcp", "udp", or "icmp" from_port = Column(Integer) to_port = Column(Integer) + cidr = Column(String(255)) # Note: This is not the parent SecurityGroup. It's SecurityGroup we're # granting access for. - group_id = Column(Integer, ForeignKey('security_group.id')) - - @property - def user(self): - return auth.manager.AuthManager().get_user(self.user_id) + source_group_id = Column(Integer, ForeignKey('security_group.id')) - cidr = Column(String(255)) class Network(BASE, NovaBase): """Represents a network""" @@ -430,8 +427,9 @@ class FloatingIp(BASE, NovaBase): def register_models(): """Register Models and create metadata""" from sqlalchemy import create_engine - models = (Service, Instance, Volume, ExportDevice, - FixedIp, FloatingIp, Network, NetworkIndex) # , Image, Host) + models = (Service, Instance, Volume, ExportDevice, FixedIp, FloatingIp, + Network, NetworkIndex, SecurityGroup, SecurityGroupIngressRule) + # , Image, Host engine = create_engine(FLAGS.sql_connection, echo=False) for model in models: model.metadata.create_all(engine) -- cgit