Comment 4 for bug 1119080

I got your point. Your solution introducing _do_create_security_group sounds reasonable to me.
Each implementation may define extra arguments, but sg db mixin is a kind of base class. So it is better not to change the original interface as long as possible.

About update_security_group, allow_put of all attributes are set to False in the attribute map at the moment. It means update_security_group is never called if I understand correctly.
The best solution is to disable PUT for security group in the API layer, but I am not sure there is an easy way to disable a particular method (update_security_group in this case).
Other solution is just to remove update_security_group from the base class. Perhaps it can work. Do you test it?