Allow admin to delete default security groups

Previously there was no way to delete a default security groups which isn't ideal if you want to clean up after deleting a tenant. This patch allows default security groups to be deleted by the admin. Fixes bug 1175393 Change-Id: I2214c7dabf0f2ec960ce10ebbbcdc513bc73664c
2013-05-01 17:12:11 -07:00 · 2013-05-01 17:12:11 -07:00 · b92539646f
commit b92539646f
parent d4f31791c0
4 changed files with 13 additions and 5 deletions
--- a/quantum/db/securitygroups_db.py
+++ b/quantum/db/securitygroups_db.py
@ -180,7 +180,7 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
        # confirm security group exists
        sg = self._get_security_group(context, id)

-        if sg['name'] == 'default':
+        if sg['name'] == 'default' and not context.is_admin:
            raise ext_sg.SecurityGroupCannotRemoveDefault()
        with context.session.begin(subtransactions=True):
            context.session.delete(sg)
--- a/quantum/plugins/midonet/plugin.py
+++ b/quantum/plugins/midonet/plugin.py
@ -1018,7 +1018,7 @@ class MidonetPluginV2(db_base_plugin_v2.QuantumDbPluginV2,
            sg_id = sg_db_entry['id']
            tenant_id = sg_db_entry['tenant_id']

-            if sg_name == 'default':
+            if sg_name == 'default' and not context.is_admin:
                raise ext_sg.SecurityGroupCannotRemoveDefault()

            filters = {'security_group_id': [sg_id]}
--- a/quantum/plugins/nicira/QuantumPlugin.py
+++ b/quantum/plugins/nicira/QuantumPlugin.py
@ -1949,7 +1949,7 @@ class NvpPluginV2(db_base_plugin_v2.QuantumDbPluginV2,
            if not security_group:
                raise ext_sg.SecurityGroupNotFound(id=security_group_id)

-            if security_group['name'] == 'default':
+            if security_group['name'] == 'default' and not context.is_admin:
                raise ext_sg.SecurityGroupCannotRemoveDefault()

            filters = {'security_group_id': [security_group['id']]}
--- a/quantum/tests/unit/test_extension_security_group.py
+++ b/quantum/tests/unit/test_extension_security_group.py
@ -432,12 +432,20 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
            remote_group_id = sg['security_group']['id']
            self._delete('security-groups', remote_group_id, 204)

-    def test_delete_default_security_group_fail(self):
+    def test_delete_default_security_group_admin(self):
        with self.network():
            res = self.new_list_request('security-groups')
            sg = self.deserialize(self.fmt, res.get_response(self.ext_api))
            self._delete('security-groups', sg['security_groups'][0]['id'],
-                         409)
+                         204)
+
+    def test_delete_default_security_group_nonadmin(self):
+        with self.network():
+            res = self.new_list_request('security-groups')
+            sg = self.deserialize(self.fmt, res.get_response(self.ext_api))
+            quantum_context = context.Context('', 'test-tenant')
+            self._delete('security-groups', sg['security_groups'][0]['id'],
+                         409, quantum_context=quantum_context)

    def test_default_security_group_rules(self):
        with self.network():