From d1a3f60f48e504b50180828f35c4b7bef1c51001 Mon Sep 17 00:00:00 2001 From: Sudheendra Murthy Date: Fri, 2 May 2014 15:25:28 -0700 Subject: [PATCH] Optimize querying for security groups In the check for all security groups on port belong to tenant, add a filter to get security groups for the tenant which are in common with the security groups of the port. Change-Id: I66f31755525fca37f9dbce6fb43e475791f82495 Closes-Bug: #1315097 --- neutron/db/securitygroups_db.py | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/neutron/db/securitygroups_db.py b/neutron/db/securitygroups_db.py index 3ea6d9663c..f620d26fbd 100644 --- a/neutron/db/securitygroups_db.py +++ b/neutron/db/securitygroups_db.py @@ -517,13 +517,17 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase): if p.get('device_owner') and p['device_owner'].startswith('network:'): return - valid_groups = self.get_security_groups(context, fields=['id']) - valid_group_map = dict((g['id'], g['id']) for g in valid_groups) - try: - return set([valid_group_map[sg_id] - for sg_id in p.get(ext_sg.SECURITYGROUPS, [])]) - except KeyError as e: - raise ext_sg.SecurityGroupNotFound(id=str(e)) + port_sg = p.get(ext_sg.SECURITYGROUPS, []) + valid_groups = set(g['id'] for g in + self.get_security_groups(context, fields=['id'], + filters={'id': port_sg})) + + requested_groups = set(port_sg) + port_sg_missing = requested_groups - valid_groups + if port_sg_missing: + raise ext_sg.SecurityGroupNotFound(id=str(port_sg_missing[0])) + + return requested_groups def _ensure_default_security_group_on_port(self, context, port): # we don't apply security groups for dhcp, router