Optimize querying for security groups

In the check for all security groups on port belong to tenant, add a filter to get security groups for the tenant which are in common with the security groups of the port. Change-Id: I66f31755525fca37f9dbce6fb43e475791f82495 Closes-Bug: #1315097 (cherry picked from commit 89b01ca24b)
2014-05-02 15:25:28 -07:00 · 2014-05-02 15:25:28 -07:00 · a8417d78c2
parent f0052b10b4
commit a8417d78c2
1 changed files with 11 additions and 7 deletions
--- a/neutron/db/securitygroups_db.py
+++ b/neutron/db/securitygroups_db.py
@ -517,13 +517,17 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
        if p.get('device_owner') and p['device_owner'].startswith('network:'):
            return

-        valid_groups = self.get_security_groups(context, fields=['id'])
-        valid_group_map = dict((g['id'], g['id']) for g in valid_groups)
-        try:
-            return set([valid_group_map[sg_id]
-                        for sg_id in p.get(ext_sg.SECURITYGROUPS, [])])
-        except KeyError as e:
-            raise ext_sg.SecurityGroupNotFound(id=str(e))
+        port_sg = p.get(ext_sg.SECURITYGROUPS, [])
+        valid_groups = set(g['id'] for g in
+                           self.get_security_groups(context, fields=['id'],
+                                                    filters={'id': port_sg}))
+
+        requested_groups = set(port_sg)
+        port_sg_missing = requested_groups - valid_groups
+        if port_sg_missing:
+            raise ext_sg.SecurityGroupNotFound(id=str(port_sg_missing[0]))
+
+        return requested_groups

    def _ensure_default_security_group_on_port(self, context, port):
        # we don't apply security groups for dhcp, router