Skip to content

Commit 110a683

Browse files
stephenfinstephenfin
committed
nova-net: Make the security group API a module
We're wrestling with multiple imports for this thing and have introduced a cache to avoid having to load the thing repeatedly. However, Python already has a way to ensure this doesn't happen: the use of a module. Given that we don't have any state, we can straight up drop the class and just call functions directly. Along the way, we drop the 'ensure_default' function, which is a no-op for neutron and switch all the mocks over, where necessary. Change-Id: Ia8dbe8ba61ec6d1b8498918a53a103a6eff4d488 Signed-off-by: Stephen Finucane <[email protected]>
1 parent cc0e195 commit 110a683

File tree

17 files changed

+828
-1038
lines changed

17 files changed

+828
-1038
lines changed

nova/api/metadata/base.py

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@
3333
from nova import context
3434
from nova import exception
3535
from nova.network import neutron
36-
from nova.network.security_group import openstack_driver
36+
from nova.network import security_group_api
3737
from nova import objects
3838
from nova.objects import virt_device_metadata as metadata_obj
3939
from nova import utils
@@ -140,8 +140,7 @@ def __init__(self, instance, address=None, content=None, extra_md=None,
140140

141141
self.availability_zone = instance.get('availability_zone')
142142

143-
secgroup_api = openstack_driver.get_openstack_security_group_driver()
144-
self.security_groups = secgroup_api.get_instance_security_groups(
143+
self.security_groups = security_group_api.get_instance_security_groups(
145144
ctxt, instance)
146145

147146
self.mappings = _format_instance_mapping(ctxt, instance)

nova/api/openstack/compute/security_groups.py

Lines changed: 44 additions & 55 deletions
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@
2828
from nova.compute import api as compute
2929
from nova import exception
3030
from nova.i18n import _
31-
from nova.network.security_group import openstack_driver
31+
from nova.network import security_group_api
3232
from nova.policies import security_groups as sg_policies
3333
from nova.virt import netutils
3434

@@ -48,10 +48,7 @@ class SecurityGroupControllerBase(object):
4848

4949
def __init__(self):
5050
super(SecurityGroupControllerBase, self).__init__()
51-
self.security_group_api = (
52-
openstack_driver.get_openstack_security_group_driver())
53-
self.compute_api = compute.API(
54-
security_group_api=self.security_group_api)
51+
self.compute_api = compute.API()
5552

5653
def _format_security_group_rule(self, context, rule, group_rule_data=None):
5754
"""Return a security group rule in desired API response format.
@@ -71,7 +68,7 @@ def _format_security_group_rule(self, context, rule, group_rule_data=None):
7168
sg_rule['group'] = group_rule_data
7269
elif rule['group_id']:
7370
try:
74-
source_group = self.security_group_api.get(
71+
source_group = security_group_api.get(
7572
context, id=rule['group_id'])
7673
except exception.SecurityGroupNotFound:
7774
# NOTE(arosen): There is a possible race condition that can
@@ -127,7 +124,7 @@ def _get_group_rule_data_by_rule_group_id(self, context, groups):
127124
if (rule_group_id and
128125
rule_group_id not in group_rule_data_by_rule_group_id):
129126
try:
130-
source_group = self.security_group_api.get(
127+
source_group = security_group_api.get(
131128
context, id=rule['group_id'])
132129
group_rule_data_by_rule_group_id[rule_group_id] = {
133130
'name': source_group.get('name'),
@@ -161,9 +158,9 @@ def show(self, req, id):
161158
context = _authorize_context(req)
162159

163160
try:
164-
id = self.security_group_api.validate_id(id)
165-
security_group = self.security_group_api.get(context, None, id,
166-
map_exception=True)
161+
id = security_group_api.validate_id(id)
162+
security_group = security_group_api.get(
163+
context, None, id, map_exception=True)
167164
except exception.SecurityGroupNotFound as exp:
168165
raise exc.HTTPNotFound(explanation=exp.format_message())
169166
except exception.Invalid as exp:
@@ -180,10 +177,10 @@ def delete(self, req, id):
180177
context = _authorize_context(req)
181178

182179
try:
183-
id = self.security_group_api.validate_id(id)
184-
security_group = self.security_group_api.get(context, None, id,
185-
map_exception=True)
186-
self.security_group_api.destroy(context, security_group)
180+
id = security_group_api.validate_id(id)
181+
security_group = security_group_api.get(
182+
context, None, id, map_exception=True)
183+
security_group_api.destroy(context, security_group)
187184
except exception.SecurityGroupNotFound as exp:
188185
raise exc.HTTPNotFound(explanation=exp.format_message())
189186
except exception.Invalid as exp:
@@ -200,9 +197,8 @@ def index(self, req):
200197
search_opts.update(req.GET)
201198

202199
project_id = context.project_id
203-
raw_groups = self.security_group_api.list(context,
204-
project=project_id,
205-
search_opts=search_opts)
200+
raw_groups = security_group_api.list(
201+
context, project=project_id, search_opts=search_opts)
206202

207203
limited_list = common.limited(raw_groups, req)
208204
result = [self._format_security_group(context, group)
@@ -224,10 +220,10 @@ def create(self, req, body):
224220
group_description = security_group.get('description', None)
225221

226222
try:
227-
self.security_group_api.validate_property(group_name, 'name', None)
228-
self.security_group_api.validate_property(group_description,
223+
security_group_api.validate_property(group_name, 'name', None)
224+
security_group_api.validate_property(group_description,
229225
'description', None)
230-
group_ref = self.security_group_api.create_security_group(
226+
group_ref = security_group_api.create_security_group(
231227
context, group_name, group_description)
232228
except exception.Invalid as exp:
233229
raise exc.HTTPBadRequest(explanation=exp.format_message())
@@ -244,9 +240,9 @@ def update(self, req, id, body):
244240
context = _authorize_context(req)
245241

246242
try:
247-
id = self.security_group_api.validate_id(id)
248-
security_group = self.security_group_api.get(context, None, id,
249-
map_exception=True)
243+
id = security_group_api.validate_id(id)
244+
security_group = security_group_api.get(
245+
context, None, id, map_exception=True)
250246
except exception.SecurityGroupNotFound as exp:
251247
raise exc.HTTPNotFound(explanation=exp.format_message())
252248
except exception.Invalid as exp:
@@ -257,10 +253,10 @@ def update(self, req, id, body):
257253
group_description = security_group_data.get('description', None)
258254

259255
try:
260-
self.security_group_api.validate_property(group_name, 'name', None)
261-
self.security_group_api.validate_property(group_description,
262-
'description', None)
263-
group_ref = self.security_group_api.update_security_group(
256+
security_group_api.validate_property(group_name, 'name', None)
257+
security_group_api.validate_property(
258+
group_description, 'description', None)
259+
group_ref = security_group_api.update_security_group(
264260
context, security_group, group_name, group_description)
265261
except exception.SecurityGroupNotFound as exp:
266262
raise exc.HTTPNotFound(explanation=exp.format_message())
@@ -284,15 +280,14 @@ def create(self, req, body):
284280
source_group = {}
285281

286282
try:
287-
parent_group_id = self.security_group_api.validate_id(
283+
parent_group_id = security_group_api.validate_id(
288284
sg_rule.get('parent_group_id'))
289-
security_group = self.security_group_api.get(context, None,
290-
parent_group_id,
291-
map_exception=True)
285+
security_group = security_group_api.get(
286+
context, None, parent_group_id, map_exception=True)
292287
if group_id is not None:
293-
group_id = self.security_group_api.validate_id(group_id)
288+
group_id = security_group_api.validate_id(group_id)
294289

295-
source_group = self.security_group_api.get(
290+
source_group = security_group_api.get(
296291
context, id=group_id)
297292
new_rule = self._rule_args_to_dict(context,
298293
to_port=sg_rule.get('to_port'),
@@ -324,7 +319,7 @@ def create(self, req, body):
324319
'tenant_id': source_group.get('project_id')}
325320

326321
security_group_rule = (
327-
self.security_group_api.create_security_group_rule(
322+
security_group_api.create_security_group_rule(
328323
context, security_group, new_rule))
329324
except exception.Invalid as exp:
330325
raise exc.HTTPBadRequest(explanation=exp.format_message())
@@ -342,12 +337,12 @@ def _rule_args_to_dict(self, context, to_port=None, from_port=None,
342337
ip_protocol=None, cidr=None, group_id=None):
343338

344339
if group_id is not None:
345-
return self.security_group_api.new_group_ingress_rule(
346-
group_id, ip_protocol, from_port, to_port)
340+
return security_group_api.new_group_ingress_rule(
341+
group_id, ip_protocol, from_port, to_port)
347342
else:
348-
cidr = self.security_group_api.parse_cidr(cidr)
349-
return self.security_group_api.new_cidr_ingress_rule(
350-
cidr, ip_protocol, from_port, to_port)
343+
cidr = security_group_api.parse_cidr(cidr)
344+
return security_group_api.new_cidr_ingress_rule(
345+
cidr, ip_protocol, from_port, to_port)
351346

352347
@wsgi.Controller.api_version("2.1", MAX_PROXY_API_SUPPORT_VERSION)
353348
@wsgi.expected_errors((400, 404, 409))
@@ -356,14 +351,13 @@ def delete(self, req, id):
356351
context = _authorize_context(req)
357352

358353
try:
359-
id = self.security_group_api.validate_id(id)
360-
rule = self.security_group_api.get_rule(context, id)
354+
id = security_group_api.validate_id(id)
355+
rule = security_group_api.get_rule(context, id)
361356
group_id = rule['parent_group_id']
362-
security_group = self.security_group_api.get(context, None,
363-
group_id,
364-
map_exception=True)
365-
self.security_group_api.remove_rules(context, security_group,
366-
[rule['id']])
357+
security_group = security_group_api.get(
358+
context, None, group_id, map_exception=True)
359+
security_group_api.remove_rules(
360+
context, security_group, [rule['id']])
367361
except exception.SecurityGroupNotFound as exp:
368362
raise exc.HTTPNotFound(explanation=exp.format_message())
369363
except exception.NoUniqueMatch as exp:
@@ -379,11 +373,9 @@ def index(self, req, server_id):
379373
"""Returns a list of security groups for the given instance."""
380374
context = _authorize_context(req)
381375

382-
self.security_group_api.ensure_default(context)
383-
384376
instance = common.get_instance(self.compute_api, context, server_id)
385377
try:
386-
groups = self.security_group_api.get_instance_security_groups(
378+
groups = security_group_api.get_instance_security_groups(
387379
context, instance, True)
388380
except (exception.SecurityGroupNotFound,
389381
exception.InstanceNotFound) as exp:
@@ -408,10 +400,7 @@ def index(self, req, server_id):
408400
class SecurityGroupActionController(wsgi.Controller):
409401
def __init__(self):
410402
super(SecurityGroupActionController, self).__init__()
411-
self.security_group_api = (
412-
openstack_driver.get_openstack_security_group_driver())
413-
self.compute_api = compute.API(
414-
security_group_api=self.security_group_api)
403+
self.compute_api = compute.API()
415404

416405
def _parse(self, body, action):
417406
try:
@@ -443,7 +432,7 @@ def _addSecurityGroup(self, req, id, body):
443432

444433
group_name = self._parse(body, 'addSecurityGroup')
445434
try:
446-
return self._invoke(self.security_group_api.add_to_instance,
435+
return self._invoke(security_group_api.add_to_instance,
447436
context, id, group_name)
448437
except (exception.SecurityGroupNotFound,
449438
exception.InstanceNotFound) as exp:
@@ -464,7 +453,7 @@ def _removeSecurityGroup(self, req, id, body):
464453
group_name = self._parse(body, 'removeSecurityGroup')
465454

466455
try:
467-
return self._invoke(self.security_group_api.remove_from_instance,
456+
return self._invoke(security_group_api.remove_from_instance,
468457
context, id, group_name)
469458
except (exception.SecurityGroupNotFound,
470459
exception.InstanceNotFound) as exp:

nova/api/openstack/compute/views/servers.py

Lines changed: 3 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@
2727
from nova.compute import vm_states
2828
from nova import context as nova_context
2929
from nova import exception
30-
from nova.network.security_group import openstack_driver
30+
from nova.network import security_group_api
3131
from nova import objects
3232
from nova.objects import fields
3333
from nova.objects import virtual_interface
@@ -70,8 +70,6 @@ def __init__(self):
7070
self._image_builder = views_images.ViewBuilder()
7171
self._flavor_builder = views_flavors.ViewBuilder()
7272
self.compute_api = compute.API()
73-
self.security_group_api = (
74-
openstack_driver.get_openstack_security_group_driver())
7573

7674
def create(self, request, instance):
7775
"""View that should be returned when an instance is created."""
@@ -657,9 +655,8 @@ def _add_security_grps(self, req, servers, instances,
657655
if not create_request:
658656
context = req.environ['nova.context']
659657
sg_instance_bindings = (
660-
self.security_group_api
661-
.get_instances_security_groups_bindings(context,
662-
servers))
658+
security_group_api.get_instances_security_groups_bindings(
659+
context, servers))
663660
for server in servers:
664661
groups = sg_instance_bindings.get(server['id'])
665662
if groups:

nova/compute/api.py

Lines changed: 4 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -62,7 +62,7 @@
6262
from nova.network import constants
6363
from nova.network import model as network_model
6464
from nova.network import neutron
65-
from nova.network.security_group import openstack_driver
65+
from nova.network import security_group_api
6666
from nova import objects
6767
from nova.objects import base as obj_base
6868
from nova.objects import block_device as block_device_obj
@@ -287,13 +287,11 @@ class API(base.Base):
287287
"""API for interacting with the compute manager."""
288288

289289
def __init__(self, image_api=None, network_api=None, volume_api=None,
290-
security_group_api=None, **kwargs):
290+
**kwargs):
291291
self.image_api = image_api or image.API()
292292
self.network_api = network_api or neutron.API()
293293
self.volume_api = volume_api or cinder.API()
294294
self._placementclient = None # Lazy-load on first access.
295-
self.security_group_api = (security_group_api or
296-
openstack_driver.get_openstack_security_group_driver())
297295
self.compute_rpcapi = compute_rpcapi.ComputeAPI()
298296
self.compute_task_api = conductor.ComputeTaskAPI()
299297
self.servicegroup_api = servicegroup.API()
@@ -399,7 +397,7 @@ def _check_requested_secgroups(self, context, secgroups):
399397
if secgroup == "default":
400398
security_groups.append(secgroup)
401399
continue
402-
secgroup_dict = self.security_group_api.get(context, secgroup)
400+
secgroup_dict = security_group_api.get(context, secgroup)
403401
if not secgroup_dict:
404402
raise exception.SecurityGroupNotFoundForProject(
405403
project_id=context.project_id, security_group_id=secgroup)
@@ -1167,9 +1165,8 @@ def _provision_instances(self, context, instance_type, min_count,
11671165
# Check quotas
11681166
num_instances = compute_utils.check_num_instances_quota(
11691167
context, instance_type, min_count, max_count)
1170-
security_groups = self.security_group_api.populate_security_groups(
1168+
security_groups = security_group_api.populate_security_groups(
11711169
security_groups)
1172-
self.security_group_api.ensure_default(context)
11731170
port_resource_requests = base_options.pop('port_resource_requests')
11741171
instances_to_build = []
11751172
# We could be iterating over several instances with several BDMs per

nova/network/security_group/__init__.py

Whitespace-only changes.

0 commit comments

Comments
 (0)