4.3. 安全组删除
1、 Neutron-client发送deletesecuritygroup消息(消息中包含要删除的安全组信息)给neutron-server,neutron-server调用securitygroupplugin中的delete_security_group方法处理消息;
2、 在delete_security_group方法中检查安全组是否绑定port,如果绑定,则返回不能删除该安全组;如果没有绑定的port,则直接删除。
3、 securitygroup plugin会回应deletesecuritygroup result给neutron-client。删除成功则返回删除的安全组id;失败则返回失败原因。
代码如下:
neutron.db.securitygroups_db.py
classSecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase)
def delete_security_group(self, context, id):
filters = {'security_group_id': [id]}
#获取安全组绑定的port
ports =self._get_port_security_group_bindings(context, filters)
if ports: #如果存在绑定的port,则不能删除
raiseext_sg.SecurityGroupInUse(id=id)
# confirm security group exists
sg = self._get_security_group(context,id)
if sg['name'] == 'default' and not context.is_admin:
raiseext_sg.SecurityGroupCannotRemoveDefault()
kwargs = {
'context': context,
'security_group_id': id,
'security_group': sg,
}
# NOTE(armax): a callback exceptionhere will prevent the request
# from being processed. This is a hookpoint for backend's validation;
# we raise to propagate the reason forthe failure.
try:
registry.notify(
resources.SECURITY_GROUP, events.BEFORE_DELETE, self,
**kwargs)
except exceptions.CallbackFailure as e:
reason = _('cannot be deleted dueto %s') % e
raiseext_sg.SecurityGroupInUse(id=id, reason=reason)
withcontext.session.begin(subtransactions=True):
context.session.delete(sg) #删除安全组
kwargs.pop('security_group')
registry.notify(resources.SECURITY_GROUP, events.AFTER_DELETE, self,
**kwargs)