def delete_security_group(self, context, id):
filters = {'security_group_id': [id]}
ports = self._get_port_security_group_bindings(context, filters)
if ports:
raise ext_sg.SecurityGroupInUse(id=id)
# confirm security group exists
sg = self._get_security_group(context, id)
if sg['name'] == 'default' and not context.is_admin:
raise ext_sg.SecurityGroupCannotRemoveDefault()
kwargs = {
'context': context,
'security_group_id': id,
'security_group': sg,
}
# NOTE(armax): a callback exception here will prevent the request
# from being processed. This is a hook point for backend's validation;
# we raise to propagate the reason for the failure.
try:
registry.notify(resources.SECURITY_GROUP, events.BEFORE_DELETE,
self, **kwargs)
except exceptions.CallbackFailure as e:
reason = _('cannot be deleted due to %s') % e
raise ext_sg.SecurityGroupInUse(id=id, reason=reason)
with context.session.begin(subtransactions=True):
context.session.delete(sg)
kwargs.pop('security_group')
registry.notify(resources.SECURITY_GROUP, events.AFTER_DELETE, self,
**kwargs)
def delete_security_group(self, context, id):
filters = {'security_group_id': [id]}
ports = self._get_port_security_group_bindings(context, filters)
if ports:
raise ext_sg.SecurityGroupInUse(id=id)
# confirm security group exists
sg = self._get_security_group(context, id)
if sg['name'] == 'default' and not context.is_admin:
raise ext_sg.SecurityGroupCannotRemoveDefault()
kwargs = {
'context': context,
'security_group_id': id,
'security_group': sg,
}
self._registry_notify(resources.SECURITY_GROUP,
events.BEFORE_DELETE,
exc_cls=ext_sg.SecurityGroupInUse,
id=id,
**kwargs)
with context.session.begin(subtransactions=True):
self._registry_notify(resources.SECURITY_GROUP,
events.PRECOMMIT_DELETE,
exc_cls=ext_sg.SecurityGroupInUse,
id=id,
**kwargs)
context.session.delete(sg)
kwargs.pop('security_group')
registry.notify(resources.SECURITY_GROUP, events.AFTER_DELETE, self,
**kwargs)
def delete_security_group(self, context, id):
"""Delete chains for Neutron security group."""
LOG.debug(_("MidonetPluginV2.delete_security_group called: id=%s"), id)
with context.session.begin(subtransactions=True):
sg = super(MidonetPluginV2, self).get_security_group(context, id)
if not sg:
raise ext_sg.SecurityGroupNotFound(id=id)
if sg["name"] == 'default' and not context.is_admin:
raise ext_sg.SecurityGroupCannotRemoveDefault()
sg_id = sg['id']
filters = {'security_group_id': [sg_id]}
if super(MidonetPluginV2, self)._get_port_security_group_bindings(
context, filters):
raise ext_sg.SecurityGroupInUse(id=sg_id)
# Delete MidoNet Chains and portgroup for the SG
tenant_id = sg['tenant_id']
self.client.delete_chains_by_names(
tenant_id, _sg_chain_names(sg["id"]).values())
self.client.delete_port_group_by_name(
tenant_id, _sg_port_group_name(sg["id"]))
super(MidonetPluginV2, self).delete_security_group(context, id)
def delete_security_group(self, context, sg_id):
"""Delete a security group
Delete security group from Neutron and PLUMgrid Platform
:param sg_id: security group ID of the rule to be removed
"""
with context.session.begin(subtransactions=True):
sg = super(NeutronPluginPLUMgridV2,
self).get_security_group(context, sg_id)
if not sg:
raise sec_grp.SecurityGroupNotFound(id=sg_id)
if sg['name'] == 'default' and not context.is_admin:
raise sec_grp.SecurityGroupCannotRemoveDefault()
sec_grp_ip = sg['id']
filters = {'security_group_id': [sec_grp_ip]}
if super(NeutronPluginPLUMgridV2,
self)._get_port_security_group_bindings(context, filters):
raise sec_grp.SecurityGroupInUse(id=sec_grp_ip)
sec_db = super(NeutronPluginPLUMgridV2,
self).delete_security_group(context, sg_id)
try:
LOG.debug("PLUMgrid Library: delete_security_group()"
" called")
self._plumlib.delete_security_group(sg)
except Exception as err_message:
raise plum_excep.PLUMgridException(err_msg=err_message)
return sec_db
def delete_security_group(self, context, id):
"""Delete chains for Neutron security group."""
LOG.debug(_("Ml2Plugin.delete_security_group called: id=%s"), id)
with context.session.begin(subtransactions=True):
sg = super(plugin.Ml2Plugin, self).get_security_group(context, id)
if not sg:
raise ext_sg.SecurityGroupNotFound(id=id)
if sg["name"] == 'default' and not context.is_admin:
raise ext_sg.SecurityGroupCannotRemoveDefault()
sg_id = sg['id']
filters = {'security_group_id': [sg_id]}
if super(plugin.Ml2Plugin,
self)._get_port_security_group_bindings(context, filters):
raise ext_sg.SecurityGroupInUse(id=sg_id)
super(plugin.Ml2Plugin, self).delete_security_group(context, id)
mech_context = driver_context.SecurityGroupContext(
self, context, sg)
self.mechanism_manager.delete_security_group_precommit(
mech_context)
try:
self.mechanism_manager.delete_security_group_postcommit(
mech_context)
except ml2_exc.MechanismDriverError:
with excutils.save_and_reraise_exception():
LOG.error(
_("mechanism_manager."
"delete_security_group_postcommit "
"failed, deleting security group '%s'"), sg)
def delete_security_group(self, context, id):
"""Delete chains for Neutron security group."""
LOG.debug(_("MidonetPluginV2.delete_security_group called: id=%s"), id)
with context.session.begin(subtransactions=True):
sg_db_entry = super(MidonetPluginV2, self).get_security_group(
context, id)
if not sg_db_entry:
raise ext_sg.SecurityGroupNotFound(id=id)
sg_name = sg_db_entry['name']
sg_id = sg_db_entry['id']
tenant_id = sg_db_entry['tenant_id']
if sg_name == 'default' and not context.is_admin:
raise ext_sg.SecurityGroupCannotRemoveDefault()
filters = {'security_group_id': [sg_id]}
if super(MidonetPluginV2, self)._get_port_security_group_bindings(
context, filters):
raise ext_sg.SecurityGroupInUse(id=sg_id)
# Delete MidoNet Chains and portgroup for the SG
self.client.delete_for_sg(tenant_id, sg_id, sg_name)
return super(MidonetPluginV2, self).delete_security_group(
context, id)
def delete_security_group(self, context, id):
filters = {'security_group_id': [id]}
ports = self._get_port_security_group_bindings(context, filters)
if ports:
raise ext_sg.SecurityGroupInUse(id=id)
# confirm security group exists
sg = self._get_security_group(context, id)
if sg['name'] == 'default' and not context.is_admin:
raise ext_sg.SecurityGroupCannotRemoveDefault()
with context.session.begin(subtransactions=True):
context.session.delete(sg)
def delete_security_group(self, context, id):
filters = {'security_group_id': [id]}
with db_api.CONTEXT_READER.using(context):
ports = self._get_port_security_group_bindings(context, filters)
if ports:
raise ext_sg.SecurityGroupInUse(id=id)
# confirm security group exists
sg = self._get_security_group(context, id, fields=['id', 'name'])
if sg['name'] == 'default' and not context.is_admin:
raise ext_sg.SecurityGroupCannotRemoveDefault()
self._registry_notify(resources.SECURITY_GROUP,
events.BEFORE_DELETE,
exc_cls=ext_sg.SecurityGroupInUse,
id=id,
payload=events.DBEventPayload(context,
states=(sg, ),
resource_id=id))
with db_api.CONTEXT_WRITER.using(context):
# pass security_group_rule_ids to ensure
# consistency with deleted rules
# get security_group_bindings and security_group one more time
# so that they will be attached for session where sg will be
# deleted
ports = self._get_port_security_group_bindings(context, filters)
sg = self._get_security_group(context, id)
sgr_ids = [r['id'] for r in sg.rules]
sec_group = self._make_security_group_dict(sg)
self._registry_notify(
resources.SECURITY_GROUP,
events.PRECOMMIT_DELETE,
exc_cls=ext_sg.SecurityGroupInUse,
payload=events.DBEventPayload(
context,
resource_id=id,
states=(sec_group, ),
metadata={'security_group_rule_ids': sgr_ids}))
sg.delete()
registry.publish(resources.SECURITY_GROUP,
events.AFTER_DELETE,
self,
payload=events.DBEventPayload(
context,
resource_id=id,
states=(sec_group, ),
metadata={
'security_group_rule_ids': sgr_ids,
'name': sg['name']
}))
def delete_security_group(context, id):
LOG.info("delete_security_group %s for tenant %s" %
(id, context.tenant_id))
with context.session.begin():
group = db_api.security_group_find(context, id=id, scope=db_api.ONE)
# TODO(anyone): name and ports are lazy-loaded. Could be good op later
if not group:
raise sg_ext.SecurityGroupNotFound(group_id=id)
if id == DEFAULT_SG_UUID or group.name == "default":
raise sg_ext.SecurityGroupCannotRemoveDefault()
if group.ports:
raise sg_ext.SecurityGroupInUse(id=id)
db_api.security_group_delete(context, group)
def update_security_group(self, context, id, security_group):
s = security_group['security_group']
if 'stateful' in s:
with db_api.CONTEXT_READER.using(context):
sg = self._get_security_group(context, id)
if s['stateful'] != sg['stateful']:
filters = {'security_group_id': [id]}
ports = self._get_port_security_group_bindings(
context, filters)
if ports:
raise ext_sg.SecurityGroupInUse(id=id)
self._registry_notify(resources.SECURITY_GROUP,
events.BEFORE_UPDATE,
exc_cls=ext_sg.SecurityGroupConflict,
payload=events.DBEventPayload(context,
resource_id=id,
states=(s, )))
with db_api.CONTEXT_WRITER.using(context):
sg = self._get_security_group(context, id)
if sg.name == 'default' and 'name' in s:
raise ext_sg.SecurityGroupCannotUpdateDefault()
sg_dict = self._make_security_group_dict(sg)
original_security_group = sg_dict
sg.update_fields(s)
sg.update()
sg_dict = self._make_security_group_dict(sg)
self._registry_notify(resources.SECURITY_GROUP,
events.PRECOMMIT_UPDATE,
exc_cls=ext_sg.SecurityGroupConflict,
payload=events.DBEventPayload(
context,
request_body=s,
states=(original_security_group, ),
resource_id=id,
desired_state=sg_dict))
registry.publish(resources.SECURITY_GROUP,
events.AFTER_UPDATE,
self,
payload=events.DBEventPayload(
context,
request_body=s,
states=(original_security_group, sg_dict),
resource_id=id))
return sg_dict
def delete_security_group(self, context, id):
filters = {'security_group_id': [id]}
with db_api.context_manager.reader.using(context):
ports = self._get_port_security_group_bindings(context, filters)
if ports:
raise ext_sg.SecurityGroupInUse(id=id)
# confirm security group exists
sg = self._get_security_group(context, id)
if sg['name'] == 'default' and not context.is_admin:
raise ext_sg.SecurityGroupCannotRemoveDefault()
kwargs = {
'context': context,
'security_group_id': id,
'security_group': sg,
}
self._registry_notify(resources.SECURITY_GROUP,
events.BEFORE_DELETE,
exc_cls=ext_sg.SecurityGroupInUse,
id=id,
**kwargs)
with db_api.context_manager.writer.using(context):
# pass security_group_rule_ids to ensure
# consistency with deleted rules
# get security_group_bindings and security_group one more time
# so that they will be attached for session where sg will be
# deleted
ports = self._get_port_security_group_bindings(context, filters)
sg = self._get_security_group(context, id)
kwargs['security_group_rule_ids'] = [r['id'] for r in sg.rules]
kwargs['security_group'] = self._make_security_group_dict(sg)
self._registry_notify(resources.SECURITY_GROUP,
events.PRECOMMIT_DELETE,
exc_cls=ext_sg.SecurityGroupInUse,
id=id,
**kwargs)
sg.delete()
kwargs.pop('security_group')
registry.notify(resources.SECURITY_GROUP, events.AFTER_DELETE, self,
**kwargs)
def _check_for_security_group_in_use(self, context, sg_id):
filters = {'security_group_id': [sg_id]}
bound_ports = self._get_port_security_group_bindings(context, filters)
if bound_ports:
raise ext_sg.SecurityGroupInUse(id=sg_id)
