From b26a067626d5809381207a6ecafa0a3793e254fd Mon Sep 17 00:00:00 2001 From: Tomas Sedovic Date: Mon, 16 Apr 2012 15:10:31 +0200 Subject: [PATCH] Fix creation of security group and rules When the group or rule already exists, The Nova API and client errored out. Signed-off-by: Tomas Sedovic --- heat/engine/resources.py | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/heat/engine/resources.py b/heat/engine/resources.py index e17966643..02adfd973 100644 --- a/heat/engine/resources.py +++ b/heat/engine/resources.py @@ -28,6 +28,7 @@ from email.mime.multipart import MIMEMultipart from email.mime.text import MIMEText from novaclient.v1_1 import client +from novaclient.exceptions import BadRequest from heat.common import exception from heat.db import api as db_api @@ -208,16 +209,31 @@ class SecurityGroup(Resource): self.state_set(self.CREATE_IN_PROGRESS) Resource.create(self) - sec = self.nova().security_groups.create(self.name, self.description) + groups = self.nova().security_groups.list() + for group in groups: + if group.name == self.name: + sec = group + break + + if not sec: + sec = self.nova().security_groups.create(self.name, self.description) + self.instance_id_set(sec.id) if 'SecurityGroupIngress' in self.t['Properties']: + rules_client = self.nova().security_group_rules for i in self.t['Properties']['SecurityGroupIngress']: - rule = self.nova().security_group_rules.create(sec.id, - i['IpProtocol'], - i['FromPort'], - i['ToPort'], - i['CidrIp']) + try: + rule = rules_client.create(sec.id, + i['IpProtocol'], + i['FromPort'], + i['ToPort'], + i['CidrIp']) + except BadRequest as ex: + if ex.message.find('already exists') >= 0: + pass # no worries, the rule is already there + else: + raise # unexpected error self.state_set(self.CREATE_COMPLETE) def delete(self):