@@ -6365,40 +6365,6 @@ class SecurityGroupAPI(base.Base, security_group_base.SecurityGroupBase): | |||
# NOTE(vish): we removed some rules, so refresh | |||
self.trigger_rules_refresh(context, id=security_group['id']) | |||
def remove_default_rules(self, context, rule_ids): | |||
for rule_id in rule_ids: | |||
self.db.security_group_default_rule_destroy(context, rule_id) | |||
def add_default_rules(self, context, vals): | |||
rules = [self.db.security_group_default_rule_create(context, v) | |||
for v in vals] | |||
return rules | |||
def default_rule_exists(self, context, values): | |||
"""Indicates whether the specified rule values are already | |||
defined in the default security group rules. | |||
""" | |||
for rule in self.db.security_group_default_rule_list(context): | |||
keys = ('cidr', 'from_port', 'to_port', 'protocol') | |||
for key in keys: | |||
if rule.get(key) != values.get(key): | |||
break | |||
else: | |||
return rule.get('id') or True | |||
return False | |||
def get_all_default_rules(self, context): | |||
try: | |||
rules = self.db.security_group_default_rule_list(context) | |||
except Exception: | |||
msg = 'cannot get default security group rules' | |||
raise exception.SecurityGroupDefaultRuleNotFound(msg) | |||
return rules | |||
def get_default_rule(self, context, id): | |||
return self.db.security_group_default_rule_get(context, id) | |||
def validate_id(self, id): | |||
try: | |||
return int(id) |
@@ -1385,28 +1385,6 @@ def security_group_rule_count_by_group(context, security_group_id): | |||
################### | |||
def security_group_default_rule_get(context, security_group_rule_default_id): | |||
return IMPL.security_group_default_rule_get(context, | |||
security_group_rule_default_id) | |||
def security_group_default_rule_destroy(context, | |||
security_group_rule_default_id): | |||
return IMPL.security_group_default_rule_destroy( | |||
context, security_group_rule_default_id) | |||
def security_group_default_rule_create(context, values): | |||
return IMPL.security_group_default_rule_create(context, values) | |||
def security_group_default_rule_list(context): | |||
return IMPL.security_group_default_rule_list(context) | |||
################### | |||
def provider_fw_rule_create(context, rule): | |||
"""Add a firewall rule at the provider level (all hosts & instances).""" | |||
return IMPL.provider_fw_rule_create(context, rule) |
@@ -4116,18 +4116,6 @@ def _security_group_ensure_default(context): | |||
'user_id': context.user_id, | |||
'project_id': context.project_id} | |||
default_group = security_group_create(context, values) | |||
default_rules = _security_group_rule_get_default_query(context).all() | |||
for default_rule in default_rules: | |||
# This is suboptimal, it should be programmatic to know | |||
# the values of the default_rule | |||
rule_values = {'protocol': default_rule.protocol, | |||
'from_port': default_rule.from_port, | |||
'to_port': default_rule.to_port, | |||
'cidr': default_rule.cidr, | |||
'parent_group_id': default_group.id, | |||
} | |||
_security_group_rule_create(context, rule_values) | |||
return default_group | |||
@@ -4229,52 +4217,6 @@ def security_group_rule_count_by_group(context, security_group_id): | |||
################### | |||
def _security_group_rule_get_default_query(context): | |||
return model_query(context, models.SecurityGroupIngressDefaultRule) | |||
@require_context | |||
@pick_context_manager_reader | |||
def security_group_default_rule_get(context, security_group_rule_default_id): | |||
result = _security_group_rule_get_default_query(context).\ | |||
filter_by(id=security_group_rule_default_id).\ | |||
first() | |||
if not result: | |||
raise exception.SecurityGroupDefaultRuleNotFound( | |||
rule_id=security_group_rule_default_id) | |||
return result | |||
@pick_context_manager_writer | |||
def security_group_default_rule_destroy(context, | |||
security_group_rule_default_id): | |||
count = _security_group_rule_get_default_query(context).\ | |||
filter_by(id=security_group_rule_default_id).\ | |||
soft_delete() | |||
if count == 0: | |||
raise exception.SecurityGroupDefaultRuleNotFound( | |||
rule_id=security_group_rule_default_id) | |||
@pick_context_manager_writer | |||
def security_group_default_rule_create(context, values): | |||
security_group_default_rule_ref = models.SecurityGroupIngressDefaultRule() | |||
security_group_default_rule_ref.update(values) | |||
security_group_default_rule_ref.save(context.session) | |||
return security_group_default_rule_ref | |||
@require_context | |||
@pick_context_manager_reader | |||
def security_group_default_rule_list(context): | |||
return _security_group_rule_get_default_query(context).all() | |||
################### | |||
@pick_context_manager_writer | |||
def provider_fw_rule_create(context, rule): | |||
fw_rule_ref = models.ProviderFirewallRule() |
@@ -717,6 +717,8 @@ class SecurityGroupIngressRule(BASE, NovaBase, models.SoftDeleteMixin): | |||
'SecurityGroupIngressRule.deleted == 0)') | |||
# TODO(stephenfin): Remove this in the V release or later, once we're sure we | |||
# won't want it back (it's for nova-network, so we won't) | |||
class SecurityGroupIngressDefaultRule(BASE, NovaBase, models.SoftDeleteMixin): | |||
__tablename__ = 'security_group_default_rules' | |||
__table_args__ = () |
@@ -1164,10 +1164,6 @@ class SecurityGroupNotExistsForInstance(Invalid): | |||
" the instance %(instance_id)s") | |||
class SecurityGroupDefaultRuleNotFound(Invalid): | |||
msg_fmt = _("Security group default rule (%rule_id)s not found.") | |||
class SecurityGroupCannotBeApplied(Invalid): | |||
msg_fmt = _("Network requires port_security_enabled and subnet associated" | |||
" in order to apply security groups.") |
@@ -558,23 +558,3 @@ class SecurityGroupAPI(security_group_base.SecurityGroupBase): | |||
{'security_group_name': security_group_name, | |||
'instance': instance.uuid}) | |||
self.raise_not_found(msg) | |||
def get_default_rule(self, context, id): | |||
msg = _("Network driver does not support this function.") | |||
raise exc.HTTPNotImplemented(explanation=msg) | |||
def get_all_default_rules(self, context): | |||
msg = _("Network driver does not support this function.") | |||
raise exc.HTTPNotImplemented(explanation=msg) | |||
def add_default_rules(self, context, vals): | |||
msg = _("Network driver does not support this function.") | |||
raise exc.HTTPNotImplemented(explanation=msg) | |||
def remove_default_rules(self, context, rule_ids): | |||
msg = _("Network driver does not support this function.") | |||
raise exc.HTTPNotImplemented(explanation=msg) | |||
def default_rule_exists(self, context, values): | |||
msg = _("Network driver does not support this function.") | |||
raise exc.HTTPNotImplemented(explanation=msg) |