openstack/nova
Code Issues Proposed changes

Lots of PEP-8 work.

Browse Source
This commit is contained in:
Soren Hansen
2010-12-15 14:04:06 +01:00
parent 1539df7429
commit b420a3daa5
7 changed files with 57 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
nova/api/ec2/cloud.py
View File

@@ -361,7 +361,7 @@ class CloudController(object):
if match:
db.security_group_rule_destroy(context, rule['id'])
self.compute_api.trigger_security_group_rules_refresh(context,
security_group['id'])
security_group['id'])
return True
raise exception.ApiError("No rule for the specified parameters.")
@@ -385,7 +385,7 @@ class CloudController(object):
security_group_rule = db.security_group_rule_create(context, values)
self.compute_api.trigger_security_group_rules_refresh(context,
security_group['id'])
security_group['id'])
return True

4
nova/compute/api.py
View File

@@ -166,7 +166,6 @@ class ComputeAPI(base.Base):
"args": {"topic": FLAGS.compute_topic,
"instance_id": instance_id}})
for group_id in security_groups:
self.trigger_security_group_members_refresh(elevated, group_id)
@@ -189,7 +188,6 @@ class ComputeAPI(base.Base):
'project_id': context.project_id}
db.security_group_create(context, values)
def trigger_security_group_rules_refresh(self, context, security_group_id):
"""Called when a rule is added to or removed from a security_group"""
@@ -206,7 +204,6 @@ class ComputeAPI(base.Base):
{"method": "refresh_security_group_rules",
"args": {"security_group_id": security_group.id}})
def trigger_security_group_members_refresh(self, context, group_id):
"""Called when a security group gains a new or loses a member
@@ -244,7 +241,6 @@ class ComputeAPI(base.Base):
{"method": "refresh_security_group_members",
"args": {"security_group_id": group_id}})
def update_instance(self, context, instance_id, **kwargs):
"""Updates the instance in the datastore.

2
nova/compute/manager.py
View File

@@ -85,7 +85,6 @@ class ComputeManager(manager.Manager):
"""This call passes straight through to the virtualization driver."""
yield self.driver.refresh_security_group_rules(security_group_id)
@defer.inlineCallbacks
@exception.wrap_exception
def refresh_security_group_members(self, context,
@@ -93,7 +92,6 @@ class ComputeManager(manager.Manager):
"""This call passes straight through to the virtualization driver."""
yield self.driver.refresh_security_group_members(security_group_id)
@defer.inlineCallbacks
@exception.wrap_exception
def run_instance(self, context, instance_id, **_kwargs):

2
nova/db/api.py
View File

@@ -715,7 +715,7 @@ def security_group_rule_get_by_security_group_grantee(context,
security_group_id):
"""Get all rules that grant access to the given security group."""
return IMPL.security_group_rule_get_by_security_group_grantee(context,
security_group_id)
security_group_id)
def security_group_rule_destroy(context, security_group_rule_id):

3
nova/db/sqlalchemy/api.py
View File

@@ -1515,7 +1515,8 @@ def security_group_rule_get(context, security_group_rule_id, session=None):
@require_context
def security_group_rule_get_by_security_group(context, security_group_id, session=None):
def security_group_rule_get_by_security_group(context, security_group_id,
session=None):
if not session:
session = get_session()
if is_admin_context(context):

63
nova/tests/virt_unittest.py
View File

@@ -43,14 +43,14 @@ class LibvirtConnTestCase(test.TrialTestCase):
def test_get_uri_and_template(self):
ip = '10.11.12.13'
instance = { 'memory_kb': '1024000',
'basepath': '/some/path',
'bridge_name': 'br100',
'mac_address': '02:12:34:46:56:67',
'vcpus': 2,
'project_id': 'fake',
'bridge': 'br101',
'instance_type': 'm1.small'}
instance = {'memory_kb': '1024000',
'basepath': '/some/path',
'bridge_name': 'br100',
'mac_address': '02:12:34:46:56:67',
'vcpus': 2,
'project_id': 'fake',
'bridge': 'br101',
'instance_type': 'm1.small'}
user_context = context.RequestContext(project=self.project,
user=self.user)
@@ -141,26 +141,30 @@ class IptablesFirewallTestCase(test.TrialTestCase):
def _p(self, *args, **kwargs):
if 'iptables-restore' in args:
print ' '.join(args), kwargs['stdin']
print ' '.join(args), kwargs['stdin']
if 'iptables-save' in args:
return
in_rules = ['# Generated by iptables-save v1.4.4 on Mon Dec 6 11:54:13 2010',
'*filter',
':INPUT ACCEPT [969615:281627771]',
':FORWARD ACCEPT [0:0]',
':OUTPUT ACCEPT [915599:63811649]',
':nova-block-ipv4 - [0:0]',
'-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT ',
'-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT ',
'-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT ',
'-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT ',
'-A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT ',
'-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT ',
'-A FORWARD -i virbr0 -o virbr0 -j ACCEPT ',
'-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable ',
'-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable ',
'COMMIT',
'# Completed on Mon Dec 6 11:54:13 2010']
in_rules = [
'# Generated by iptables-save v1.4.4 on Mon Dec 6 11:54:13 2010',
'*filter',
':INPUT ACCEPT [969615:281627771]',
':FORWARD ACCEPT [0:0]',
':OUTPUT ACCEPT [915599:63811649]',
':nova-block-ipv4 - [0:0]',
'-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT ',
'-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT ',
'-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT ',
'-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT ',
'-A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state RELATED'
',ESTABLISHED -j ACCEPT ',
'-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT ',
'-A FORWARD -i virbr0 -o virbr0 -j ACCEPT ',
'-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable ',
'-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable ',
'COMMIT',
'# Completed on Mon Dec 6 11:54:13 2010'
]
def test_static_filters(self):
self.fw.execute = self._p
@@ -179,7 +183,6 @@ class IptablesFirewallTestCase(test.TrialTestCase):
db.fixed_ip_update(admin_ctxt, ip, {'allocated': True,
'instance_id': instance_ref['id']})
secgroup = db.security_group_create(admin_ctxt,
{'user_id': 'fake',
'project_id': 'fake',
@@ -204,7 +207,8 @@ class IptablesFirewallTestCase(test.TrialTestCase):
in_rules = filter(lambda l: not l.startswith('#'), self.in_rules)
for rule in in_rules:
if not 'nova' in rule:
self.assertTrue(rule in out_rules, 'Rule went missing: %s' % rule)
self.assertTrue(rule in out_rules,
'Rule went missing: %s' % rule)
print '\n'.join(out_rules)
@@ -225,7 +229,8 @@ class NWFilterTestCase(test.TrialTestCase):
self.fake_libvirt_connection = Mock()
self.fw = libvirt_conn.NWFilterFirewall(lambda:self.fake_libvirt_connection)
self.fw = libvirt_conn.NWFilterFirewall(
lambda: self.fake_libvirt_connection)
def tearDown(self):
self.manager.delete_project(self.project)

29
nova/virt/libvirt_conn.py
View File

@@ -104,8 +104,9 @@ flags.DEFINE_string('libvirt_uri',
flags.DEFINE_bool('allow_project_net_traffic',
True,
'Whether to allow in project network traffic')
flags.DEFINE_string('firewall_driver', 'nova.virt.libvirt_conn.IptablesFirewallDriver',
'Firewall driver (defaults to nwfilter)')
flags.DEFINE_string('firewall_driver',
'nova.virt.libvirt_conn.IptablesFirewallDriver',
'Firewall driver (defaults to nwfilter)')
def get_connection(read_only):
@@ -687,7 +688,6 @@ class FirewallDriver(object):
the security group."""
raise NotImplementedError()
def refresh_security_group_members(self, security_group_id):
"""Refresh security group members from data store
@@ -855,7 +855,6 @@ class NWFilterFirewall(FirewallDriver):
net = IPy.IP(cidr)
return str(net.net()), str(net.netmask())
@defer.inlineCallbacks
def prepare_instance_filter(self, instance):
"""
@@ -869,8 +868,9 @@ class NWFilterFirewall(FirewallDriver):
instance_filter_name = self._instance_filter_name(instance)
instance_secgroup_filter_name = '%s-secgroup' % (instance_filter_name,)
instance_filter_children = ['nova-base', instance_secgroup_filter_name]
instance_secgroup_filter_children = ['nova-base-ipv4', 'nova-base-ipv6',
'nova-allow-dhcp-server']
instance_secgroup_filter_children = ['nova-base-ipv4',
'nova-base-ipv6',
'nova-allow-dhcp-server']
ctxt = context.get_admin_context()
@@ -883,14 +883,14 @@ class NWFilterFirewall(FirewallDriver):
yield self._define_filter(project_filter)
instance_secgroup_filter_children += [('nova-project-%s' %
instance['project_id'])]
instance['project_id'])]
for security_group in db.security_group_get_by_instance(ctxt,
instance['id']):
instance['id']):
yield self.refresh_security_group_rules(security_group['id'])
instance_secgroup_filter_children += [('nova-secgroup-%s' %
security_group['id'])]
security_group['id'])]
yield self._define_filter(
self._filter_container(instance_secgroup_filter_name,
@@ -978,12 +978,11 @@ class IptablesFirewallDriver(FirewallDriver):
if not new_filter[rules_index].startswith(':'):
break
our_chains = [':nova-ipv4-fallback - [0:0]']
our_rules = ['-A nova-ipv4-fallback -j DROP']
our_rules = ['-A nova-ipv4-fallback -j DROP']
our_chains += [':nova-local - [0:0]']
our_rules += ['-A FORWARD -j nova-local']
our_rules += ['-A FORWARD -j nova-local']
security_groups = set()
# Add our chains
@@ -1018,12 +1017,12 @@ class IptablesFirewallDriver(FirewallDriver):
# Allow DHCP responses
dhcp_server = self._dhcp_server_for_instance(instance)
our_rules += ['-A %s -s %s -p udp --sport 67 --dport 68' % (chain_name, dhcp_server)]
our_rules += ['-A %s -s %s -p udp --sport 67 --dport 68' %
(chain_name, dhcp_server)]
# If nothing matches, jump to the fallback chain
our_rules += ['-A %s -j nova-ipv4-fallback' % (chain_name,)]
# then, security group chains and rules
for security_group in security_groups:
chain_name = self._security_group_chain_name(security_group)
@@ -1031,7 +1030,7 @@ class IptablesFirewallDriver(FirewallDriver):
rules = \
db.security_group_rule_get_by_security_group(ctxt,
security_group['id'])
security_group['id'])
for rule in rules:
logging.info('%r', rule)