Browse Source

Merge "nova-net: Remove unused '*_default_rules' security group DB APIs"

changes/10/686810/9
Zuul 2 weeks ago
parent
commit
50d3933b2d
6 changed files with 2 additions and 138 deletions
  1. +0
    -34
      nova/compute/api.py
  2. +0
    -22
      nova/db/api.py
  3. +0
    -58
      nova/db/sqlalchemy/api.py
  4. +2
    -0
      nova/db/sqlalchemy/models.py
  5. +0
    -4
      nova/exception.py
  6. +0
    -20
      nova/network/security_group/neutron_driver.py

+ 0
- 34
nova/compute/api.py View File

@@ -6365,40 +6365,6 @@ class SecurityGroupAPI(base.Base, security_group_base.SecurityGroupBase):
# NOTE(vish): we removed some rules, so refresh
self.trigger_rules_refresh(context, id=security_group['id'])

def remove_default_rules(self, context, rule_ids):
for rule_id in rule_ids:
self.db.security_group_default_rule_destroy(context, rule_id)

def add_default_rules(self, context, vals):
rules = [self.db.security_group_default_rule_create(context, v)
for v in vals]
return rules

def default_rule_exists(self, context, values):
"""Indicates whether the specified rule values are already
defined in the default security group rules.
"""
for rule in self.db.security_group_default_rule_list(context):
keys = ('cidr', 'from_port', 'to_port', 'protocol')
for key in keys:
if rule.get(key) != values.get(key):
break
else:
return rule.get('id') or True
return False

def get_all_default_rules(self, context):
try:
rules = self.db.security_group_default_rule_list(context)
except Exception:
msg = 'cannot get default security group rules'
raise exception.SecurityGroupDefaultRuleNotFound(msg)

return rules

def get_default_rule(self, context, id):
return self.db.security_group_default_rule_get(context, id)

def validate_id(self, id):
try:
return int(id)

+ 0
- 22
nova/db/api.py View File

@@ -1385,28 +1385,6 @@ def security_group_rule_count_by_group(context, security_group_id):
###################


def security_group_default_rule_get(context, security_group_rule_default_id):
return IMPL.security_group_default_rule_get(context,
security_group_rule_default_id)


def security_group_default_rule_destroy(context,
security_group_rule_default_id):
return IMPL.security_group_default_rule_destroy(
context, security_group_rule_default_id)


def security_group_default_rule_create(context, values):
return IMPL.security_group_default_rule_create(context, values)


def security_group_default_rule_list(context):
return IMPL.security_group_default_rule_list(context)


###################


def provider_fw_rule_create(context, rule):
"""Add a firewall rule at the provider level (all hosts & instances)."""
return IMPL.provider_fw_rule_create(context, rule)

+ 0
- 58
nova/db/sqlalchemy/api.py View File

@@ -4116,18 +4116,6 @@ def _security_group_ensure_default(context):
'user_id': context.user_id,
'project_id': context.project_id}
default_group = security_group_create(context, values)

default_rules = _security_group_rule_get_default_query(context).all()
for default_rule in default_rules:
# This is suboptimal, it should be programmatic to know
# the values of the default_rule
rule_values = {'protocol': default_rule.protocol,
'from_port': default_rule.from_port,
'to_port': default_rule.to_port,
'cidr': default_rule.cidr,
'parent_group_id': default_group.id,
}
_security_group_rule_create(context, rule_values)
return default_group


@@ -4229,52 +4217,6 @@ def security_group_rule_count_by_group(context, security_group_id):
###################


def _security_group_rule_get_default_query(context):
return model_query(context, models.SecurityGroupIngressDefaultRule)


@require_context
@pick_context_manager_reader
def security_group_default_rule_get(context, security_group_rule_default_id):
result = _security_group_rule_get_default_query(context).\
filter_by(id=security_group_rule_default_id).\
first()

if not result:
raise exception.SecurityGroupDefaultRuleNotFound(
rule_id=security_group_rule_default_id)

return result


@pick_context_manager_writer
def security_group_default_rule_destroy(context,
security_group_rule_default_id):
count = _security_group_rule_get_default_query(context).\
filter_by(id=security_group_rule_default_id).\
soft_delete()
if count == 0:
raise exception.SecurityGroupDefaultRuleNotFound(
rule_id=security_group_rule_default_id)


@pick_context_manager_writer
def security_group_default_rule_create(context, values):
security_group_default_rule_ref = models.SecurityGroupIngressDefaultRule()
security_group_default_rule_ref.update(values)
security_group_default_rule_ref.save(context.session)
return security_group_default_rule_ref


@require_context
@pick_context_manager_reader
def security_group_default_rule_list(context):
return _security_group_rule_get_default_query(context).all()


###################


@pick_context_manager_writer
def provider_fw_rule_create(context, rule):
fw_rule_ref = models.ProviderFirewallRule()

+ 2
- 0
nova/db/sqlalchemy/models.py View File

@@ -717,6 +717,8 @@ class SecurityGroupIngressRule(BASE, NovaBase, models.SoftDeleteMixin):
'SecurityGroupIngressRule.deleted == 0)')


# TODO(stephenfin): Remove this in the V release or later, once we're sure we
# won't want it back (it's for nova-network, so we won't)
class SecurityGroupIngressDefaultRule(BASE, NovaBase, models.SoftDeleteMixin):
__tablename__ = 'security_group_default_rules'
__table_args__ = ()

+ 0
- 4
nova/exception.py View File

@@ -1164,10 +1164,6 @@ class SecurityGroupNotExistsForInstance(Invalid):
" the instance %(instance_id)s")


class SecurityGroupDefaultRuleNotFound(Invalid):
msg_fmt = _("Security group default rule (%rule_id)s not found.")


class SecurityGroupCannotBeApplied(Invalid):
msg_fmt = _("Network requires port_security_enabled and subnet associated"
" in order to apply security groups.")

+ 0
- 20
nova/network/security_group/neutron_driver.py View File

@@ -558,23 +558,3 @@ class SecurityGroupAPI(security_group_base.SecurityGroupBase):
{'security_group_name': security_group_name,
'instance': instance.uuid})
self.raise_not_found(msg)

def get_default_rule(self, context, id):
msg = _("Network driver does not support this function.")
raise exc.HTTPNotImplemented(explanation=msg)

def get_all_default_rules(self, context):
msg = _("Network driver does not support this function.")
raise exc.HTTPNotImplemented(explanation=msg)

def add_default_rules(self, context, vals):
msg = _("Network driver does not support this function.")
raise exc.HTTPNotImplemented(explanation=msg)

def remove_default_rules(self, context, rule_ids):
msg = _("Network driver does not support this function.")
raise exc.HTTPNotImplemented(explanation=msg)

def default_rule_exists(self, context, values):
msg = _("Network driver does not support this function.")
raise exc.HTTPNotImplemented(explanation=msg)

Loading…
Cancel
Save