Clean up pxe_filter related deprecations

This removes deprecated [iptables]manage_firewall and code.
Other deprecation markers relate to [firewall] are removed as well.

Change-Id: I449e16975b05a331b08dd160e0dec4a7c3cf6734
Story: #1665666
Task: #11358

ironic_inspector/conf/iptables.py

@@ -17,29 +17,14 @@ from ironic_inspector.common.i18n import _
 
 
 _OPTS = [
-    cfg.BoolOpt('manage_firewall',
-                default=True,
-                # NOTE(milan) this filter driver will be replaced by
-                # a dnsmasq filter driver
-                deprecated_for_removal=True,
-                deprecated_group='firewall',
-                help=_('Whether to manage firewall rules for PXE port. '
-                       'This configuration option was deprecated in favor of '
-                       'the ``driver`` option in the ``pxe_filter`` section. '
-                       'Please, use the ``noop`` filter driver to disable the '
-                       'firewall filtering or the ``iptables`` filter driver '
-                       'to enable it.')),
     cfg.StrOpt('dnsmasq_interface',
                default='br-ctlplane',
-               deprecated_group='firewall',
                help=_('Interface on which dnsmasq listens, the default is for '
                       'VM\'s.')),
     cfg.StrOpt('firewall_chain',
                default='ironic-inspector',
-               deprecated_group='firewall',
                help=_('iptables chain name to use.')),
     cfg.ListOpt('ethoib_interfaces',
-                deprecated_group='firewall',
                 default=[],
                 help=_('List of Etherent Over InfiniBand interfaces '
                        'on the Inspector host which are used for physical '

ironic_inspector/conf/pxe_filter.py

@@ -18,10 +18,10 @@ from ironic_inspector.common.i18n import _
 
 _OPTS = [
     cfg.StrOpt('driver', default='iptables',
-               help=_('PXE boot filter driver to use, such as iptables')),
+               help=_('PXE boot filter driver to use, possible filters are: '
+                      '"iptables", "dnsmasq" and "noop". Set "noop " to '
+                      'disable the firewall filtering.')),
     cfg.IntOpt('sync_period', default=15, min=0,
-               deprecated_name='firewall_update_period',
-               deprecated_group='firewall',
                help=_('Amount of time in seconds, after which repeat periodic '
                       'update of the filter.')),
 ]

ironic_inspector/pxe_filter/base.py

@@ -218,10 +218,6 @@ def _driver_manager():
     global _DRIVER_MANAGER
 
     name = CONF.pxe_filter.driver
-    # FIXME(milan): to be removed after the transition period of deprecating
-    # the firewall option group
-    if name == 'iptables' and not CONF.iptables.manage_firewall:
-        name = 'noop'
 
     if _DRIVER_MANAGER is None:
         _DRIVER_MANAGER = stevedore.driver.DriverManager(

ironic_inspector/test/unit/test_pxe_filter.py

@@ -63,20 +63,6 @@ class TestDriverManager(test_base.BaseTest):
         self.stevedore_driver_mock.assert_not_called()
         self.assertIs(pxe_filter._DRIVER_MANAGER, driver_manager)
 
-    def test_manage_firewall(self):
-        # FIXME(milan): to be removed after the transition period of
-        # deprecating the firewall option group
-        # NOTE(milan) the default filter driver is iptables
-        # this should revert it to noop
-        CONF.set_override('manage_firewall', False, 'iptables')
-        driver_manager = pxe_filter._driver_manager()
-        self.stevedore_driver_mock.assert_called_once_with(
-            pxe_filter._STEVEDORE_DRIVER_NAMESPACE,
-            name='noop',
-            invoke_on_load=True)
-        self.assertIsNotNone(driver_manager)
-        self.assertIs(pxe_filter._DRIVER_MANAGER, driver_manager)
-
 
 class TestDriverManagerLoading(test_base.BaseTest):
     def setUp(self):

releasenotes/notes/remove-opt-group-firewall-96266983e476c29e.yaml

@@ -0,0 +1,5 @@
+---
+other:
+  - |
+    The deprecated configuration option ``[iptables]manage_firewall`` was
+    removed, use ``[pxe_filter]driver`` to set filtering driver.