Checking constraints on operations is frighteningly manual.

[zenhack]

Everwhere where we have any kind of constraint on allowed operations -- thing X must be in state Y or not be attached to Z... we're doing all of the checks manually. Given how many of them there are I won't be comfortable relying on this codebase for security until we have a more systematic way of ensuring that we're doing this correctly --- it's too easy to screw up one of these constraints. I almost missed the problem of headnode attachments when reviewing #554.

[henn]

Could you give an example or 2 of better ways to do constraints?
Are you thinking DB triggers/constraints?

[zenhack]

@henn, not sure exactly what the right solution is, will require some thought. we ought to find some systematic way of handling these, rather than checking everything individually. One thing that might go a reasonable distance is to try to abstract out common patterns like requiring there to be no attached objects, so you can just call is_attached() or such on an object and be done with it.

[naved001]

This issue came into my mind after I had that issue with deleting the nic.

One thing that might go a reasonable distance is to try to abstract out common patterns like requiring there to be no attached objects, so you can just call is_attached() or such on an object and be done with it.

This seems like a good starting point. I'll try to refactor the api code to abstract out common patters.