Merge "Get instance security_groups from already fetched instance"

nova/api/metadata/base.py

@@ -131,7 +131,7 @@ class InstanceMetadata(object):
 
         secgroup_api = openstack_driver.get_openstack_security_group_driver()
         self.security_groups = secgroup_api.get_instance_security_groups(
-            ctxt, instance.uuid)
+            ctxt, instance)
 
         self.mappings = _format_instance_mapping(ctxt, instance)
 
@@ -546,7 +546,8 @@ def get_metadata_by_instance_id(instance_id, address, ctxt=None):
     ctxt = ctxt or context.get_admin_context()
     instance = objects.Instance.get_by_uuid(
         ctxt, instance_id, expected_attrs=['ec2_ids', 'flavor', 'info_cache',
-                                           'metadata', 'system_metadata'])
+                                           'metadata', 'system_metadata',
+                                           'security_groups'])
     return InstanceMetadata(instance, address)
 
 

nova/api/openstack/compute/legacy_v2/contrib/security_groups.py

@@ -327,7 +327,7 @@ class ServerSecurityGroupController(SecurityGroupControllerBase):
             instance = common.get_instance(self.compute_api, context,
                                            server_id)
             groups = self.security_group_api.get_instance_security_groups(
-                context, instance.uuid, True)
+                context, instance, True)
 
         result = [self._format_security_group(context, group)
                     for group in groups]

nova/api/openstack/compute/security_groups.py

@@ -339,7 +339,7 @@ class ServerSecurityGroupController(SecurityGroupControllerBase):
             instance = common.get_instance(self.compute_api, context,
                                            server_id)
             groups = self.security_group_api.get_instance_security_groups(
-                context, instance.uuid, True)
+                context, instance, True)
         except (exception.SecurityGroupNotFound,
                 exception.InstanceNotFound) as exp:
             msg = exp.format_message()

nova/compute/api.py

@@ -4389,14 +4389,11 @@ class SecurityGroupAPI(base.Base, security_group_base.SecurityGroupBase):
             context, group_ids)
         self._refresh_instance_security_rules(context, instances)
 
-    def get_instance_security_groups(self, context, instance_uuid,
-                                     detailed=False):
+    def get_instance_security_groups(self, context, instance, detailed=False):
         if detailed:
             return self.db.security_group_get_by_instance(context,
-                                                          instance_uuid)
-        instance = objects.Instance(uuid=instance_uuid)
-        groups = objects.SecurityGroupList.get_by_instance(context, instance)
-        return [{'name': group.name} for group in groups]
+                                                          instance.uuid)
+        return [{'name': group.name} for group in instance.security_groups]
 
     def populate_security_groups(self, security_groups):
         if not security_groups:

nova/network/security_group/neutron_driver.py

@@ -407,16 +407,15 @@ class SecurityGroupAPI(security_group_base.SecurityGroupBase):
 
         return instances_security_group_bindings
 
-    def get_instance_security_groups(self, context, instance_uuid,
-                                     detailed=False):
+    def get_instance_security_groups(self, context, instance, detailed=False):
         """Returns the security groups that are associated with an instance.
         If detailed is True then it also returns the full details of the
         security groups associated with an instance.
         """
-        servers = [{'id': instance_uuid}]
+        servers = [{'id': instance.uuid}]
         sg_bindings = self.get_instances_security_groups_bindings(
                                   context, servers, detailed)
-        return sg_bindings.get(instance_uuid, [])
+        return sg_bindings.get(instance.uuid, [])
 
     def _has_security_group_requirements(self, port):
         port_security_enabled = port.get('port_security_enabled', True)

nova/network/security_group/security_group_base.py

@@ -201,8 +201,7 @@ class SecurityGroupBase(object):
     def get_rule(self, context, id):
         raise NotImplementedError()
 
-    def get_instance_security_groups(self, context, instance_uuid,
-                                     detailed=False):
+    def get_instance_security_groups(self, context, instance, detailed=False):
         raise NotImplementedError()
 
     def add_to_instance(self, context, instance, security_group_name):

nova/tests/unit/api/openstack/compute/test_neutron_security_groups.py

@@ -370,7 +370,8 @@ class TestNeutronSecurityGroupsV21(
                     {'name': sg3['id']}]
         security_group_api = self.controller.security_group_api
         sgs = security_group_api.get_instance_security_groups(
-            context.get_admin_context(), test_security_groups.FAKE_UUID1)
+            context.get_admin_context(),
+            instance_obj.Instance(uuid=test_security_groups.FAKE_UUID1))
         self.assertEqual(sgs, expected)
 
     @mock.patch('nova.network.security_group.neutron_driver.SecurityGroupAPI.'
@@ -382,7 +383,7 @@ class TestNeutronSecurityGroupsV21(
         security_group_api = self.controller.security_group_api
         ctx = context.get_admin_context()
         sgs = security_group_api.get_instance_security_groups(ctx,
-                test_security_groups.FAKE_UUID1)
+                instance_obj.Instance(uuid=test_security_groups.FAKE_UUID1))
 
         neutron_sg_bind_mock.assert_called_once_with(ctx, servers, False)
         self.assertEqual([], sgs)
@@ -396,7 +397,8 @@ class TestNeutronSecurityGroupsV21(
             device_id=test_security_groups.FAKE_UUID1)
         security_group_api = self.controller.security_group_api
         sgs = security_group_api.get_instance_security_groups(
-            context.get_admin_context(), test_security_groups.FAKE_UUID1)
+            context.get_admin_context(),
+            instance_obj.Instance(uuid=test_security_groups.FAKE_UUID1))
         self.assertEqual(sgs, [{'name': 'test1'}])
 
     def test_create_port_with_sg_and_port_security_enabled_false(self):

nova/tests/unit/compute/test_compute_api.py

@@ -3644,19 +3644,15 @@ class SecurityGroupAPITest(test.NoDBTestCase):
         self.context = context.RequestContext(self.user_id,
                                               self.project_id)
 
-    @mock.patch('nova.objects.security_group.SecurityGroupList.'
-                'get_by_instance')
-    def test_get_instance_security_groups(self, mock_get):
+    def test_get_instance_security_groups(self):
         groups = objects.SecurityGroupList()
         groups.objects = [objects.SecurityGroup(name='foo'),
                           objects.SecurityGroup(name='bar')]
-        mock_get.return_value = groups
+        instance = objects.Instance(security_groups=groups)
         names = self.secgroup_api.get_instance_security_groups(self.context,
-                    uuids.instance)
+                                                               instance)
         self.assertEqual(sorted([{'name': 'bar'}, {'name': 'foo'}], key=str),
                          sorted(names, key=str))
-        self.assertEqual(1, mock_get.call_count)
-        self.assertEqual(uuids.instance, mock_get.call_args_list[0][0][1].uuid)
 
     @mock.patch('nova.objects.security_group.make_secgroup_list')
     def test_populate_security_groups(self, mock_msl):

nova/tests/unit/network/security_group/test_neutron_driver.py

@@ -27,6 +27,7 @@ from nova.network.security_group import neutron_driver
 from nova.network.security_group import openstack_driver
 from nova import objects
 from nova import test
+from nova.tests import uuidsentinel as uuids
 
 
 class TestNeutronDriver(test.NoDBTestCase):
@@ -394,12 +395,14 @@ class TestNeutronDriver(test.NoDBTestCase):
 
     def test_instance_empty_security_groups(self):
 
-        port_list = {'ports': [{'id': 1, 'device_id': '1',
+        port_list = {'ports': [{'id': 1, 'device_id': uuids.instance,
                      'security_groups': []}]}
-        self.moxed_client.list_ports(device_id=['1']).AndReturn(port_list)
+        self.moxed_client.list_ports(
+            device_id=[uuids.instance]).AndReturn(port_list)
         self.mox.ReplayAll()
         sg_api = neutron_driver.SecurityGroupAPI()
-        result = sg_api.get_instance_security_groups(self.context, '1')
+        result = sg_api.get_instance_security_groups(
+            self.context, objects.Instance(uuid=uuids.instance))
         self.assertEqual([], result)
 
 

nova/tests/unit/test_metadata.py

@@ -83,6 +83,7 @@ def fake_inst_obj(context):
         default_ephemeral_device=None,
         default_swap_device=None,
         system_metadata={},
+        security_groups=objects.SecurityGroupList(),
         availability_zone=None)
     nwinfo = network_model.NetworkInfo([])
     inst.info_cache = objects.InstanceInfoCache(context=context,
@@ -1229,8 +1230,8 @@ class MetadataHandlerTestCase(test.TestCase):
         self.assertFalse(mock_context.called, "get_admin_context() should not"
                          "have been called, the context was given")
         mock_uuid.assert_called_once_with('CONTEXT', 'foo',
-            expected_attrs=['ec2_ids', 'flavor', 'info_cache',
-                            'metadata', 'system_metadata'])
+            expected_attrs=['ec2_ids', 'flavor', 'info_cache', 'metadata',
+                            'system_metadata', 'security_groups'])
         imd.assert_called_once_with(inst, 'bar')
 
     @mock.patch.object(context, 'get_admin_context')
@@ -1246,8 +1247,8 @@ class MetadataHandlerTestCase(test.TestCase):
 
         mock_context.assert_called_once_with()
         mock_uuid.assert_called_once_with('CONTEXT', 'foo',
-            expected_attrs=['ec2_ids', 'flavor', 'info_cache',
-                            'metadata', 'system_metadata'])
+            expected_attrs=['ec2_ids', 'flavor', 'info_cache', 'metadata',
+                            'system_metadata', 'security_groups'])
         imd.assert_called_once_with(inst, 'bar')