openstack/placement
Code Issues Proposed changes

Add a new firewall backend for libvirt, based on iptables.

Browse Source
This commit is contained in:
Soren Hansen 2011-01-10 10:49:39 +00:00 committed by Tarmac
commit 2ee313cf3d
2 changed files with 47 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
nova/db/api.py
View File

@ -772,6 +772,13 @@ def security_group_rule_get_by_security_group(context, security_group_id):
security_group_id) security_group_id)
def security_group_rule_get_by_security_group_grantee(context,
security_group_id):
"""Get all rules that grant access to the given security group."""
return IMPL.security_group_rule_get_by_security_group_grantee(context,
security_group_id)
def security_group_rule_destroy(context, security_group_rule_id): def security_group_rule_destroy(context, security_group_rule_id):
"""Deletes a security group rule.""" """Deletes a security group rule."""
return IMPL.security_group_rule_destroy(context, security_group_rule_id) return IMPL.security_group_rule_destroy(context, security_group_rule_id)

42
nova/db/sqlalchemy/api.py
View File

@ -650,7 +650,7 @@ def instance_get(context, instance_id, session=None):
if is_admin_context(context): if is_admin_context(context):
result = session.query(models.Instance).\ result = session.query(models.Instance).\
options(joinedload_all('fixed_ip.floating_ips')).\ options(joinedload_all('fixed_ip.floating_ips')).\
options(joinedload('security_groups')).\ options(joinedload_all('security_groups.rules')).\
options(joinedload('volumes')).\ options(joinedload('volumes')).\
filter_by(id=instance_id).\ filter_by(id=instance_id).\
filter_by(deleted=can_read_deleted(context)).\ filter_by(deleted=can_read_deleted(context)).\
@ -658,7 +658,7 @@ def instance_get(context, instance_id, session=None):
elif is_user_context(context): elif is_user_context(context):
result = session.query(models.Instance).\ result = session.query(models.Instance).\
options(joinedload_all('fixed_ip.floating_ips')).\ options(joinedload_all('fixed_ip.floating_ips')).\
options(joinedload('security_groups')).\ options(joinedload_all('security_groups.rules')).\
options(joinedload('volumes')).\ options(joinedload('volumes')).\
filter_by(project_id=context.project_id).\ filter_by(project_id=context.project_id).\
filter_by(id=instance_id).\ filter_by(id=instance_id).\
@ -1578,6 +1578,44 @@ def security_group_rule_get(context, security_group_rule_id, session=None):
return result return result
@require_context
def security_group_rule_get_by_security_group(context, security_group_id,
session=None):
if not session:
session = get_session()
if is_admin_context(context):
result = session.query(models.SecurityGroupIngressRule).\
filter_by(deleted=can_read_deleted(context)).\
filter_by(parent_group_id=security_group_id).\
all()
else:
# TODO(vish): Join to group and check for project_id
result = session.query(models.SecurityGroupIngressRule).\
filter_by(deleted=False).\
filter_by(parent_group_id=security_group_id).\
all()
return result
@require_context
def security_group_rule_get_by_security_group_grantee(context,
security_group_id,
session=None):
if not session:
session = get_session()
if is_admin_context(context):
result = session.query(models.SecurityGroupIngressRule).\
filter_by(deleted=can_read_deleted(context)).\
filter_by(group_id=security_group_id).\
all()
else:
result = session.query(models.SecurityGroupIngressRule).\
filter_by(deleted=False).\
filter_by(group_id=security_group_id).\
all()
return result
@require_context @require_context
def security_group_rule_create(context, values): def security_group_rule_create(context, values):
security_group_rule_ref = models.SecurityGroupIngressRule() security_group_rule_ref = models.SecurityGroupIngressRule()