SecurityGroupsSpec

Summary

Add support for EC2's security groups.

Nova supports network filtering using the security groups concept known from EC2.

People migrating from EC2 (or Eucalyptus) may be using security groups as part of their security model, so this is an important feature.

Dictated by EC2's API.

A filter in libvirt will be created for each security group.
This security group will be defined on each node running an instance belonging to the given customer. This depends highly on the data model/architecture we're going to end up with. The challenge is to effectively and efficiently locate the nodes the are running stuff belonging to a particular user.
Changes to the security group is propagated to the libvirt nwfilter, immediately making it take effect.
Once the last instance owned by a given user is removed from a node, the filter is undefined (removed).