Add a new firewall backend for libvirt, based on iptables.

2011-01-10 10:49:39 +00:00 · 2011-01-10 10:49:39 +00:00 · 2ee313cf3d
commit 2ee313cf3d
parent afaf391e44 602f214e52
2 changed files with 47 additions and 2 deletions
--- a/nova/db/api.py
+++ b/nova/db/api.py
@ -772,6 +772,13 @@ def security_group_rule_get_by_security_group(context, security_group_id):
                                                          security_group_id)


+def security_group_rule_get_by_security_group_grantee(context,
+                                                      security_group_id):
+    """Get all rules that grant access to the given security group."""
+    return IMPL.security_group_rule_get_by_security_group_grantee(context,
+                                                             security_group_id)
+
+
 def security_group_rule_destroy(context, security_group_rule_id):
    """Deletes a security group rule."""
    return IMPL.security_group_rule_destroy(context, security_group_rule_id)
--- a/nova/db/sqlalchemy/api.py
+++ b/nova/db/sqlalchemy/api.py
@ -650,7 +650,7 @@ def instance_get(context, instance_id, session=None):
    if is_admin_context(context):
        result = session.query(models.Instance).\
                         options(joinedload_all('fixed_ip.floating_ips')).\
-                         options(joinedload('security_groups')).\
+                         options(joinedload_all('security_groups.rules')).\
                         options(joinedload('volumes')).\
                         filter_by(id=instance_id).\
                         filter_by(deleted=can_read_deleted(context)).\
@ -658,7 +658,7 @@ def instance_get(context, instance_id, session=None):
    elif is_user_context(context):
        result = session.query(models.Instance).\
                         options(joinedload_all('fixed_ip.floating_ips')).\
-                         options(joinedload('security_groups')).\
+                         options(joinedload_all('security_groups.rules')).\
                         options(joinedload('volumes')).\
                         filter_by(project_id=context.project_id).\
                         filter_by(id=instance_id).\
@ -1578,6 +1578,44 @@ def security_group_rule_get(context, security_group_rule_id, session=None):
    return result


+@require_context
+def security_group_rule_get_by_security_group(context, security_group_id,
+                                              session=None):
+    if not session:
+        session = get_session()
+    if is_admin_context(context):
+        result = session.query(models.SecurityGroupIngressRule).\
+                         filter_by(deleted=can_read_deleted(context)).\
+                         filter_by(parent_group_id=security_group_id).\
+                         all()
+    else:
+        # TODO(vish): Join to group and check for project_id
+        result = session.query(models.SecurityGroupIngressRule).\
+                         filter_by(deleted=False).\
+                         filter_by(parent_group_id=security_group_id).\
+                         all()
+    return result
+
+
+@require_context
+def security_group_rule_get_by_security_group_grantee(context,
+                                                      security_group_id,
+                                                      session=None):
+    if not session:
+        session = get_session()
+    if is_admin_context(context):
+        result = session.query(models.SecurityGroupIngressRule).\
+                         filter_by(deleted=can_read_deleted(context)).\
+                         filter_by(group_id=security_group_id).\
+                         all()
+    else:
+        result = session.query(models.SecurityGroupIngressRule).\
+                         filter_by(deleted=False).\
+                         filter_by(group_id=security_group_id).\
+                         all()
+    return result
+
+
@require_context
 def security_group_rule_create(context, values):
    security_group_rule_ref = models.SecurityGroupIngressRule()