def delete_security_group(self, context, id): filters = {'security_group_id': [id]} ports = self._get_port_security_group_bindings(context, filters) if ports: raise ext_sg.SecurityGroupInUse(id=id) # confirm security group exists sg = self._get_security_group(context, id) if sg['name'] == 'default' and not context.is_admin: raise ext_sg.SecurityGroupCannotRemoveDefault() kwargs = { 'context': context, 'security_group_id': id, 'security_group': sg, } # NOTE(armax): a callback exception here will prevent the request # from being processed. This is a hook point for backend's validation; # we raise to propagate the reason for the failure. try: registry.notify(resources.SECURITY_GROUP, events.BEFORE_DELETE, self, **kwargs) except exceptions.CallbackFailure as e: reason = _('cannot be deleted due to %s') % e raise ext_sg.SecurityGroupInUse(id=id, reason=reason) with context.session.begin(subtransactions=True): context.session.delete(sg) kwargs.pop('security_group') registry.notify(resources.SECURITY_GROUP, events.AFTER_DELETE, self, **kwargs)
def delete_security_group(self, context, id): filters = {'security_group_id': [id]} ports = self._get_port_security_group_bindings(context, filters) if ports: raise ext_sg.SecurityGroupInUse(id=id) # confirm security group exists sg = self._get_security_group(context, id) if sg['name'] == 'default' and not context.is_admin: raise ext_sg.SecurityGroupCannotRemoveDefault() kwargs = { 'context': context, 'security_group_id': id, 'security_group': sg, } self._registry_notify(resources.SECURITY_GROUP, events.BEFORE_DELETE, exc_cls=ext_sg.SecurityGroupInUse, id=id, **kwargs) with context.session.begin(subtransactions=True): self._registry_notify(resources.SECURITY_GROUP, events.PRECOMMIT_DELETE, exc_cls=ext_sg.SecurityGroupInUse, id=id, **kwargs) context.session.delete(sg) kwargs.pop('security_group') registry.notify(resources.SECURITY_GROUP, events.AFTER_DELETE, self, **kwargs)
def delete_security_group(self, context, id): """Delete chains for Neutron security group.""" LOG.debug(_("MidonetPluginV2.delete_security_group called: id=%s"), id) with context.session.begin(subtransactions=True): sg = super(MidonetPluginV2, self).get_security_group(context, id) if not sg: raise ext_sg.SecurityGroupNotFound(id=id) if sg["name"] == 'default' and not context.is_admin: raise ext_sg.SecurityGroupCannotRemoveDefault() sg_id = sg['id'] filters = {'security_group_id': [sg_id]} if super(MidonetPluginV2, self)._get_port_security_group_bindings( context, filters): raise ext_sg.SecurityGroupInUse(id=sg_id) # Delete MidoNet Chains and portgroup for the SG tenant_id = sg['tenant_id'] self.client.delete_chains_by_names( tenant_id, _sg_chain_names(sg["id"]).values()) self.client.delete_port_group_by_name( tenant_id, _sg_port_group_name(sg["id"])) super(MidonetPluginV2, self).delete_security_group(context, id)
def delete_security_group(self, context, sg_id): """Delete a security group Delete security group from Neutron and PLUMgrid Platform :param sg_id: security group ID of the rule to be removed """ with context.session.begin(subtransactions=True): sg = super(NeutronPluginPLUMgridV2, self).get_security_group(context, sg_id) if not sg: raise sec_grp.SecurityGroupNotFound(id=sg_id) if sg['name'] == 'default' and not context.is_admin: raise sec_grp.SecurityGroupCannotRemoveDefault() sec_grp_ip = sg['id'] filters = {'security_group_id': [sec_grp_ip]} if super(NeutronPluginPLUMgridV2, self)._get_port_security_group_bindings(context, filters): raise sec_grp.SecurityGroupInUse(id=sec_grp_ip) sec_db = super(NeutronPluginPLUMgridV2, self).delete_security_group(context, sg_id) try: LOG.debug("PLUMgrid Library: delete_security_group()" " called") self._plumlib.delete_security_group(sg) except Exception as err_message: raise plum_excep.PLUMgridException(err_msg=err_message) return sec_db
def delete_security_group(self, context, id): """Delete chains for Neutron security group.""" LOG.debug(_("Ml2Plugin.delete_security_group called: id=%s"), id) with context.session.begin(subtransactions=True): sg = super(plugin.Ml2Plugin, self).get_security_group(context, id) if not sg: raise ext_sg.SecurityGroupNotFound(id=id) if sg["name"] == 'default' and not context.is_admin: raise ext_sg.SecurityGroupCannotRemoveDefault() sg_id = sg['id'] filters = {'security_group_id': [sg_id]} if super(plugin.Ml2Plugin, self)._get_port_security_group_bindings(context, filters): raise ext_sg.SecurityGroupInUse(id=sg_id) super(plugin.Ml2Plugin, self).delete_security_group(context, id) mech_context = driver_context.SecurityGroupContext( self, context, sg) self.mechanism_manager.delete_security_group_precommit( mech_context) try: self.mechanism_manager.delete_security_group_postcommit( mech_context) except ml2_exc.MechanismDriverError: with excutils.save_and_reraise_exception(): LOG.error( _("mechanism_manager." "delete_security_group_postcommit " "failed, deleting security group '%s'"), sg)
def delete_security_group(self, context, id): """Delete chains for Neutron security group.""" LOG.debug(_("MidonetPluginV2.delete_security_group called: id=%s"), id) with context.session.begin(subtransactions=True): sg_db_entry = super(MidonetPluginV2, self).get_security_group( context, id) if not sg_db_entry: raise ext_sg.SecurityGroupNotFound(id=id) sg_name = sg_db_entry['name'] sg_id = sg_db_entry['id'] tenant_id = sg_db_entry['tenant_id'] if sg_name == 'default' and not context.is_admin: raise ext_sg.SecurityGroupCannotRemoveDefault() filters = {'security_group_id': [sg_id]} if super(MidonetPluginV2, self)._get_port_security_group_bindings( context, filters): raise ext_sg.SecurityGroupInUse(id=sg_id) # Delete MidoNet Chains and portgroup for the SG self.client.delete_for_sg(tenant_id, sg_id, sg_name) return super(MidonetPluginV2, self).delete_security_group( context, id)
def delete_security_group(self, context, id): filters = {'security_group_id': [id]} ports = self._get_port_security_group_bindings(context, filters) if ports: raise ext_sg.SecurityGroupInUse(id=id) # confirm security group exists sg = self._get_security_group(context, id) if sg['name'] == 'default' and not context.is_admin: raise ext_sg.SecurityGroupCannotRemoveDefault() with context.session.begin(subtransactions=True): context.session.delete(sg)
def delete_security_group(self, context, id): filters = {'security_group_id': [id]} with db_api.CONTEXT_READER.using(context): ports = self._get_port_security_group_bindings(context, filters) if ports: raise ext_sg.SecurityGroupInUse(id=id) # confirm security group exists sg = self._get_security_group(context, id, fields=['id', 'name']) if sg['name'] == 'default' and not context.is_admin: raise ext_sg.SecurityGroupCannotRemoveDefault() self._registry_notify(resources.SECURITY_GROUP, events.BEFORE_DELETE, exc_cls=ext_sg.SecurityGroupInUse, id=id, payload=events.DBEventPayload(context, states=(sg, ), resource_id=id)) with db_api.CONTEXT_WRITER.using(context): # pass security_group_rule_ids to ensure # consistency with deleted rules # get security_group_bindings and security_group one more time # so that they will be attached for session where sg will be # deleted ports = self._get_port_security_group_bindings(context, filters) sg = self._get_security_group(context, id) sgr_ids = [r['id'] for r in sg.rules] sec_group = self._make_security_group_dict(sg) self._registry_notify( resources.SECURITY_GROUP, events.PRECOMMIT_DELETE, exc_cls=ext_sg.SecurityGroupInUse, payload=events.DBEventPayload( context, resource_id=id, states=(sec_group, ), metadata={'security_group_rule_ids': sgr_ids})) sg.delete() registry.publish(resources.SECURITY_GROUP, events.AFTER_DELETE, self, payload=events.DBEventPayload( context, resource_id=id, states=(sec_group, ), metadata={ 'security_group_rule_ids': sgr_ids, 'name': sg['name'] }))
def delete_security_group(context, id): LOG.info("delete_security_group %s for tenant %s" % (id, context.tenant_id)) with context.session.begin(): group = db_api.security_group_find(context, id=id, scope=db_api.ONE) # TODO(anyone): name and ports are lazy-loaded. Could be good op later if not group: raise sg_ext.SecurityGroupNotFound(group_id=id) if id == DEFAULT_SG_UUID or group.name == "default": raise sg_ext.SecurityGroupCannotRemoveDefault() if group.ports: raise sg_ext.SecurityGroupInUse(id=id) db_api.security_group_delete(context, group)
def update_security_group(self, context, id, security_group): s = security_group['security_group'] if 'stateful' in s: with db_api.CONTEXT_READER.using(context): sg = self._get_security_group(context, id) if s['stateful'] != sg['stateful']: filters = {'security_group_id': [id]} ports = self._get_port_security_group_bindings( context, filters) if ports: raise ext_sg.SecurityGroupInUse(id=id) self._registry_notify(resources.SECURITY_GROUP, events.BEFORE_UPDATE, exc_cls=ext_sg.SecurityGroupConflict, payload=events.DBEventPayload(context, resource_id=id, states=(s, ))) with db_api.CONTEXT_WRITER.using(context): sg = self._get_security_group(context, id) if sg.name == 'default' and 'name' in s: raise ext_sg.SecurityGroupCannotUpdateDefault() sg_dict = self._make_security_group_dict(sg) original_security_group = sg_dict sg.update_fields(s) sg.update() sg_dict = self._make_security_group_dict(sg) self._registry_notify(resources.SECURITY_GROUP, events.PRECOMMIT_UPDATE, exc_cls=ext_sg.SecurityGroupConflict, payload=events.DBEventPayload( context, request_body=s, states=(original_security_group, ), resource_id=id, desired_state=sg_dict)) registry.publish(resources.SECURITY_GROUP, events.AFTER_UPDATE, self, payload=events.DBEventPayload( context, request_body=s, states=(original_security_group, sg_dict), resource_id=id)) return sg_dict
def delete_security_group(self, context, id): filters = {'security_group_id': [id]} with db_api.context_manager.reader.using(context): ports = self._get_port_security_group_bindings(context, filters) if ports: raise ext_sg.SecurityGroupInUse(id=id) # confirm security group exists sg = self._get_security_group(context, id) if sg['name'] == 'default' and not context.is_admin: raise ext_sg.SecurityGroupCannotRemoveDefault() kwargs = { 'context': context, 'security_group_id': id, 'security_group': sg, } self._registry_notify(resources.SECURITY_GROUP, events.BEFORE_DELETE, exc_cls=ext_sg.SecurityGroupInUse, id=id, **kwargs) with db_api.context_manager.writer.using(context): # pass security_group_rule_ids to ensure # consistency with deleted rules # get security_group_bindings and security_group one more time # so that they will be attached for session where sg will be # deleted ports = self._get_port_security_group_bindings(context, filters) sg = self._get_security_group(context, id) kwargs['security_group_rule_ids'] = [r['id'] for r in sg.rules] kwargs['security_group'] = self._make_security_group_dict(sg) self._registry_notify(resources.SECURITY_GROUP, events.PRECOMMIT_DELETE, exc_cls=ext_sg.SecurityGroupInUse, id=id, **kwargs) sg.delete() kwargs.pop('security_group') registry.notify(resources.SECURITY_GROUP, events.AFTER_DELETE, self, **kwargs)
def _check_for_security_group_in_use(self, context, sg_id): filters = {'security_group_id': [sg_id]} bound_ports = self._get_port_security_group_bindings(context, filters) if bound_ports: raise ext_sg.SecurityGroupInUse(id=sg_id)