Merge "Optimize creating security_group"

nova/api/openstack/compute/security_groups.py

@@ -68,7 +68,9 @@ class SecurityGroupControllerBase(object):
         sg_rule['to_port'] = rule['to_port']
         sg_rule['group'] = {}
         sg_rule['ip_range'] = {}
-        if rule['group_id']:
+        if group_rule_data:
+            sg_rule['group'] = group_rule_data
+        elif rule['group_id']:
             try:
                 source_group = self.security_group_api.get(
                     context, id=rule['group_id'])
@@ -85,8 +87,6 @@ class SecurityGroupControllerBase(object):
                 return
             sg_rule['group'] = {'name': source_group.get('name'),
                                 'tenant_id': source_group.get('project_id')}
-        elif group_rule_data:
-            sg_rule['group'] = group_rule_data
         else:
             sg_rule['ip_range'] = {'cidr': rule['cidr']}
         return sg_rule
@@ -243,6 +243,8 @@ class SecurityGroupRulesController(SecurityGroupControllerBase,
         context = _authorize_context(req)
 
         sg_rule = self._from_body(body, 'security_group_rule')
+        group_id = sg_rule.get('group_id')
+        source_group = {}
 
         try:
             parent_group_id = self.security_group_api.validate_id(
@@ -250,12 +252,17 @@ class SecurityGroupRulesController(SecurityGroupControllerBase,
             security_group = self.security_group_api.get(context, None,
                                                          parent_group_id,
                                                          map_exception=True)
+            if group_id is not None:
+                group_id = self.security_group_api.validate_id(group_id)
+
+                source_group = self.security_group_api.get(
+                    context, id=group_id)
             new_rule = self._rule_args_to_dict(context,
                               to_port=sg_rule.get('to_port'),
                               from_port=sg_rule.get('from_port'),
                               ip_protocol=sg_rule.get('ip_protocol'),
                               cidr=sg_rule.get('cidr'),
-                              group_id=sg_rule.get('group_id'))
+                              group_id=group_id)
         except (exception.Invalid, exception.InvalidCidr) as exp:
             raise exc.HTTPBadRequest(explanation=exp.format_message())
         except exception.SecurityGroupNotFound as exp:
@@ -275,9 +282,7 @@ class SecurityGroupRulesController(SecurityGroupControllerBase,
 
         group_rule_data = None
         try:
-            if sg_rule.get('group_id'):
-                source_group = self.security_group_api.get(
-                            context, id=sg_rule['group_id'])
+            if group_id:
                 group_rule_data = {'name': source_group.get('name'),
                                    'tenant_id': source_group.get('project_id')}
 
@@ -300,10 +305,6 @@ class SecurityGroupRulesController(SecurityGroupControllerBase,
                            ip_protocol=None, cidr=None, group_id=None):
 
         if group_id is not None:
-            group_id = self.security_group_api.validate_id(group_id)
-
-            # check if groupId exists
-            self.security_group_api.get(context, id=group_id)
             return self.security_group_api.new_group_ingress_rule(
                                     group_id, ip_protocol, from_port, to_port)
         else: