From 5db28c57e49c72953889d9052835e0f1bdba9a41 Mon Sep 17 00:00:00 2001 From: alena Date: Mon, 25 Apr 2011 16:42:27 -0700 Subject: [PATCH] bug 9492: allow security group removal when it has ingress rules, but not assigned to any vms yet status 9492: resolved fixed --- .../security/SecurityGroupManagerImpl.java | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java index 741e0d52375..db46e531980 100755 --- a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java +++ b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java @@ -918,26 +918,21 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG group = _securityGroupDao.lockRow(groupId, true); if (group == null) { - s_logger.info("Not deleting group -- cannot find id " + groupId); - return false; + throw new InvalidParameterValueException("Unable to find security group by id " + groupId); } if (group.getName().equalsIgnoreCase(SecurityGroupManager.DEFAULT_GROUP_NAME)) { - txn.rollback(); throw new InvalidParameterValueException("The network group default is reserved"); } List allowingRules = _ingressRuleDao.listByAllowedSecurityGroupId(groupId); - if (allowingRules.size() != 0) { - txn.rollback(); + List securityGroupVmMap = _securityGroupVMMapDao.listBySecurityGroup(groupId); + if (!allowingRules.isEmpty()) { throw new ResourceInUseException("Cannot delete group when there are ingress rules that allow this group"); + } else if (!securityGroupVmMap.isEmpty()) { + throw new ResourceInUseException("Cannot delete group when it's in use by virtual machines"); } - List rulesInGroup = _ingressRuleDao.listBySecurityGroupId(groupId); - if (rulesInGroup.size() != 0) { - txn.rollback(); - throw new ResourceInUseException("Cannot delete group when there are ingress rules in this group"); - } _securityGroupDao.expunge(groupId); txn.commit();