Optimize creating security_group

When passing a source group_id for creating a new security group rule, the code is looking up that group twice. We should just look that up once at the beginning and reuse it so we don't have to hit the nova db or neutron twice for the same thing. Change-Id: I3ea4586d11b14da5f6d93e8d20f05171e7e6f0e8 Closes-bug: #1580621
2016-04-20 22:09:30 +08:00 · 2016-04-20 22:09:30 +08:00 · f726163977
parent 0cd67d23bd
commit f726163977
1 changed files with 12 additions and 11 deletions
--- a/nova/api/openstack/compute/security_groups.py
+++ b/nova/api/openstack/compute/security_groups.py
@ -68,7 +68,9 @@ class SecurityGroupControllerBase(object):
        sg_rule['to_port'] = rule['to_port']
        sg_rule['group'] = {}
        sg_rule['ip_range'] = {}
-        if rule['group_id']:
+        if group_rule_data:
+            sg_rule['group'] = group_rule_data
+        elif rule['group_id']:
            try:
                source_group = self.security_group_api.get(
                    context, id=rule['group_id'])
@ -85,8 +87,6 @@ class SecurityGroupControllerBase(object):
                return
            sg_rule['group'] = {'name': source_group.get('name'),
                                'tenant_id': source_group.get('project_id')}
-        elif group_rule_data:
-            sg_rule['group'] = group_rule_data
        else:
            sg_rule['ip_range'] = {'cidr': rule['cidr']}
        return sg_rule
@ -243,6 +243,8 @@ class SecurityGroupRulesController(SecurityGroupControllerBase,
        context = _authorize_context(req)

        sg_rule = self._from_body(body, 'security_group_rule')
+        group_id = sg_rule.get('group_id')
+        source_group = {}

        try:
            parent_group_id = self.security_group_api.validate_id(
@ -250,12 +252,17 @@ class SecurityGroupRulesController(SecurityGroupControllerBase,
            security_group = self.security_group_api.get(context, None,
                                                         parent_group_id,
                                                         map_exception=True)
+            if group_id is not None:
+                group_id = self.security_group_api.validate_id(group_id)
+
+                source_group = self.security_group_api.get(
+                    context, id=group_id)
            new_rule = self._rule_args_to_dict(context,
                              to_port=sg_rule.get('to_port'),
                              from_port=sg_rule.get('from_port'),
                              ip_protocol=sg_rule.get('ip_protocol'),
                              cidr=sg_rule.get('cidr'),
-                              group_id=sg_rule.get('group_id'))
+                              group_id=group_id)
        except (exception.Invalid, exception.InvalidCidr) as exp:
            raise exc.HTTPBadRequest(explanation=exp.format_message())
        except exception.SecurityGroupNotFound as exp:
@ -275,9 +282,7 @@ class SecurityGroupRulesController(SecurityGroupControllerBase,

        group_rule_data = None
        try:
-            if sg_rule.get('group_id'):
-                source_group = self.security_group_api.get(
-                            context, id=sg_rule['group_id'])
+            if group_id:
                group_rule_data = {'name': source_group.get('name'),
                                   'tenant_id': source_group.get('project_id')}

@ -300,10 +305,6 @@ class SecurityGroupRulesController(SecurityGroupControllerBase,
                           ip_protocol=None, cidr=None, group_id=None):

        if group_id is not None:
-            group_id = self.security_group_api.validate_id(group_id)
-
-            # check if groupId exists
-            self.security_group_api.get(context, id=group_id)
            return self.security_group_api.new_group_ingress_rule(
                                    group_id, ip_protocol, from_port, to_port)
        else: