Merge "Don't delete security group in use from OS API."

nova/api/openstack/compute/contrib/security_groups.py

@@ -239,6 +239,9 @@ class SecurityGroupController(SecurityGroupControllerBase):
         context = req.environ['nova.context']
         authorize(context)
         security_group = self._get_security_group(context, id)
+        if db.security_group_in_use(context, security_group.id):
+            msg = _("Security group is still in use")
+            raise exc.HTTPBadRequest(explanation=msg)
         LOG.audit(_("Delete security group %s"), id, context=context)
         db.security_group_destroy(context, security_group.id)
         self.sgh.trigger_security_group_destroy_refresh(

nova/tests/api/openstack/compute/contrib/test_security_groups.py

@@ -331,6 +331,25 @@ class TestSecurityGroups(test.TestCase):
         self.assertRaises(webob.exc.HTTPNotFound, self.controller.delete,
                           req, '11111111')
 
+    def test_delete_security_group_in_use(self):
+        sg = security_group_template(id=1, rules=[])
+
+        def security_group_in_use(context, id):
+            return True
+
+        def return_security_group(context, group_id):
+            self.assertEquals(sg['id'], group_id)
+            return security_group_db(sg)
+
+        self.stubs.Set(nova.db, 'security_group_in_use',
+                       security_group_in_use)
+        self.stubs.Set(nova.db, 'security_group_get',
+                       return_security_group)
+
+        req = fakes.HTTPRequest.blank('/v2/fake/os-security-groups/1')
+        self.assertRaises(webob.exc.HTTPBadRequest, self.controller.delete,
+                          req, '1')
+
     def test_associate_by_non_existing_security_group_name(self):
         body = dict(addSecurityGroup=dict(name='non-existing'))