Security groups: ensure correct ID is passed to exception

Commit 5dacbba701 deleted a local variable that was used when raising an exception. Change-Id: I2e65c94c96e967e1e22c80561b239021f6f54f54
2016-03-06 04:15:03 -08:00 · 2016-03-06 04:15:03 -08:00 · bd2c1b2104
parent 289e9d988d
commit bd2c1b2104
3 changed files with 10 additions and 8 deletions
--- a/neutron/db/securitygroups_db.py
+++ b/neutron/db/securitygroups_db.py
@ -552,9 +552,10 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
        # Check in database if rule exists
        filters = self._make_security_group_rule_filter_dict(
            security_group_rule)
-        db_rules = self.get_security_group_rules(
-            context, filters,
-            fields=security_group_rule['security_group_rule'].keys())
+        keys = security_group_rule['security_group_rule'].keys()
+        fields = list(keys) + ['id']
+        db_rules = self.get_security_group_rules(context, filters,
+                                                 fields=fields)
        # Note(arosen): the call to get_security_group_rules wildcards
        # values in the filter that have a value of [None]. For
        # example, filters = {'remote_group_id': [None]} will return
@ -565,9 +566,9 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
        # relying on this behavior. Therefore, we do the filtering
        # below to check for these corner cases.
        for db_rule in db_rules:
-            # need to remove id from db_rule for matching
+            rule_id = db_rule.pop('id', None)
            if (security_group_rule['security_group_rule'] == db_rule):
-                raise ext_sg.SecurityGroupRuleExists(id=id)
+                raise ext_sg.SecurityGroupRuleExists(rule_id=rule_id)

    def _validate_ip_prefix(self, rule):
        """Check that a valid cidr was specified as remote_ip_prefix
--- a/neutron/extensions/securitygroup.py
+++ b/neutron/extensions/securitygroup.py
@ -114,7 +114,7 @@ class DuplicateSecurityGroupRuleInPost(nexception.InUse):


 class SecurityGroupRuleExists(nexception.InUse):
-    message = _("Security group rule already exists. Rule id is %(id)s.")
+    message = _("Security group rule already exists. Rule id is %(rule_id)s.")


 class SecurityGroupRuleInUse(nexception.InUse):
--- a/neutron/tests/unit/extensions/test_securitygroup.py
+++ b/neutron/tests/unit/extensions/test_securitygroup.py
@ -946,14 +946,15 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
        description = 'my webservers'
        with self.security_group(name, description) as sg:
            security_group_id = sg['security_group']['id']
-            with self.security_group_rule(security_group_id):
+            with self.security_group_rule(security_group_id) as sgr:
                rule = self._build_security_group_rule(
                    sg['security_group']['id'], 'ingress',
                    const.PROTO_NAME_TCP, '22', '22')
-                self._create_security_group_rule(self.fmt, rule)
                res = self._create_security_group_rule(self.fmt, rule)
                self.deserialize(self.fmt, res)
                self.assertEqual(webob.exc.HTTPConflict.code, res.status_int)
+                self.assertIn(sgr['security_group_rule']['id'],
+                              res.json['NeutronError']['message'])

    def test_create_security_group_rule_min_port_greater_max(self):
        name = 'webservers'