Fix security group race condition while creating rule
Previously, it was possible for someone to create a security group rule
where the rule references another security group. To do this nova would
first create the security group rule and then look up the referenced group
(group_id's) name in order to return that via the api. During this time
it's possible for someone to delete this security group rule and the
referenced group before the call returned resulting in a 404 error being
raised. This patch addresses this issue by looking up the group name
first and then creating the security group rule in order to avoid this
from occuring.
Note: this patch also adds a test to cover the case where an invalid group
id was passed though this does not really add any real additional coverage
to the change largely because the code is currently using global stubs. That
said, the previous coverage should hopefully be sufficient
Reviewed: https:/ /review. openstack. org/92898 /git.openstack. org/cgit/ openstack/ nova/commit/ ?id=2620a7c74e2 d7e9c904af364a5 9efcd69cb5947f
Committed: https:/
Submitter: Jenkins
Branch: master
commit 2620a7c74e2d7e9 c904af364a59efc d69cb5947f
Author: Aaron Rosen <email address hidden>
Date: Thu May 8 12:07:27 2014 -0700
Fix security group race condition while creating rule
Previously, it was possible for someone to create a security group rule
where the rule references another security group. To do this nova would
first create the security group rule and then look up the referenced group
(group_id's) name in order to return that via the api. During this time
it's possible for someone to delete this security group rule and the
referenced group before the call returned resulting in a 404 error being
raised. This patch addresses this issue by looking up the group name
first and then creating the security group rule in order to avoid this
from occuring.
Note: this patch also adds a test to cover the case where an invalid group
id was passed though this does not really add any real additional coverage
to the change largely because the code is currently using global stubs. That
said, the previous coverage should hopefully be sufficient
Change-Id: If58ffa5629ba51 66f260379ac4792 2974de31be0
Related-bug: 1262566