Simple way of returning per-server security groups

Bug #909207

Change-Id: I7d111222210eaf3abfbae5bc7cccb6e823affc45

nova/api/openstack/compute/contrib/security_groups.py

@@ -1,4 +1,5 @@
 # Copyright 2011 OpenStack LLC.
+# Copyright 2012 Justin Santa Barbara
 # All Rights Reserved.
 #
 #    Licensed under the Apache License, Version 2.0 (the "License"); you may
@@ -501,6 +502,38 @@ def delete(self, req, id):
         return webob.Response(status_int=202)
 
 
+# NOTE(justinsb): Does WSGI see the base class methods?
+#  i.e. are we exposing create/delete here?
+class ServerSecurityGroupController(SecurityGroupController):
+    def __init__(self, *args, **kwargs):
+        super(ServerSecurityGroupController, self).__init__(*args, **kwargs)
+        self.compute_api = compute.API()
+
+    @wsgi.serializers(xml=SecurityGroupsTemplate)
+    def index(self, req, server_id):
+        """Returns a list of security groups for the given instance."""
+        context = req.environ['nova.context']
+        authorize(context)
+
+        self.compute_api.ensure_default_security_group(context)
+
+        try:
+            instance = self.compute_api.get(context, server_id)
+            groups = db.security_group_get_by_instance(context,
+                                                       instance['id'])
+        except exception.ApiError, e:
+            raise webob.exc.HTTPBadRequest(explanation=e.message)
+        except exception.NotAuthorized, e:
+            raise webob.exc.HTTPUnauthorized()
+
+        result = [self._format_security_group(context, group)
+                    for group in groups]
+
+        return {'security_groups':
+                list(sorted(result,
+                            key=lambda k: (k['tenant_id'], k['name'])))}
+
+
 class SecurityGroupActionController(wsgi.Controller):
     def __init__(self, *args, **kwargs):
         super(SecurityGroupActionController, self).__init__(*args, **kwargs)
@@ -594,4 +627,11 @@ def get_resources(self):
         res = extensions.ResourceExtension('os-security-group-rules',
                                 controller=SecurityGroupRulesController())
         resources.append(res)
+
+        res = extensions.ResourceExtension(
+            'os-security-groups',
+            controller=ServerSecurityGroupController(),
+            parent=dict(member_name='server', collection_name='servers'))
+        resources.append(res)
+
         return resources

nova/tests/api/openstack/compute/contrib/test_security_groups.py

@@ -1,6 +1,7 @@
 # vim: tabstop=4 shiftwidth=4 softtabstop=4
 
 # Copyright 2011 OpenStack LLC
+# Copyright 2012 Justin Santa Barbara
 #
 #    Licensed under the Apache License, Version 2.0 (the "License"); you may
 #    not use this file except in compliance with the License. You may obtain
@@ -110,6 +111,8 @@ def setUp(self):
         super(TestSecurityGroups, self).setUp()
 
         self.controller = security_groups.SecurityGroupController()
+        self.server_controller = (
+            security_groups.ServerSecurityGroupController())
         self.manager = security_groups.SecurityGroupActionController()
 
     def tearDown(self):
@@ -240,6 +243,36 @@ def return_security_groups(context, project_id):
 
         self.assertEquals(res_dict, expected)
 
+    def test_get_security_group_by_instance(self):
+        groups = []
+        for i, name in enumerate(['default', 'test']):
+            sg = security_group_template(id=i + 1,
+                                         name=name,
+                                         description=name + '-desc',
+                                         rules=[])
+            groups.append(sg)
+        expected = {'security_groups': groups}
+
+        def return_instance(context, server_id):
+            self.assertEquals(server_id, FAKE_UUID)
+            return return_server_by_uuid(context, server_id)
+
+        self.stubs.Set(nova.db, 'instance_get_by_uuid',
+                       return_instance)
+
+        def return_security_groups(context, instance_id):
+            self.assertEquals(instance_id, 1)
+            return [security_group_db(sg) for sg in groups]
+
+        self.stubs.Set(nova.db, 'security_group_get_by_instance',
+                       return_security_groups)
+
+        req = fakes.HTTPRequest.blank('/v2/%s/servers/%s/os-security-groups' %
+                                      ('fake', FAKE_UUID))
+        res_dict = self.server_controller.index(req, FAKE_UUID)
+
+        self.assertEquals(res_dict, expected)
+
     def test_get_security_group_by_id(self):
         sg = security_group_template(id=2, rules=[])