Merge "nova-net: Remove unused '*_default_rules' security group DB APIs"

nova/compute/api.py

@@ -6365,40 +6365,6 @@ class SecurityGroupAPI(base.Base, security_group_base.SecurityGroupBase):
         # NOTE(vish): we removed some rules, so refresh
         self.trigger_rules_refresh(context, id=security_group['id'])
 
-    def remove_default_rules(self, context, rule_ids):
-        for rule_id in rule_ids:
-            self.db.security_group_default_rule_destroy(context, rule_id)
-
-    def add_default_rules(self, context, vals):
-        rules = [self.db.security_group_default_rule_create(context, v)
-                 for v in vals]
-        return rules
-
-    def default_rule_exists(self, context, values):
-        """Indicates whether the specified rule values are already
-           defined in the default security group rules.
-        """
-        for rule in self.db.security_group_default_rule_list(context):
-            keys = ('cidr', 'from_port', 'to_port', 'protocol')
-            for key in keys:
-                if rule.get(key) != values.get(key):
-                    break
-            else:
-                return rule.get('id') or True
-        return False
-
-    def get_all_default_rules(self, context):
-        try:
-            rules = self.db.security_group_default_rule_list(context)
-        except Exception:
-            msg = 'cannot get default security group rules'
-            raise exception.SecurityGroupDefaultRuleNotFound(msg)
-
-        return rules
-
-    def get_default_rule(self, context, id):
-        return self.db.security_group_default_rule_get(context, id)
-
     def validate_id(self, id):
         try:
             return int(id)

nova/db/api.py

@@ -1385,28 +1385,6 @@ def security_group_rule_count_by_group(context, security_group_id):
 ###################
 
 
-def security_group_default_rule_get(context, security_group_rule_default_id):
-    return IMPL.security_group_default_rule_get(context,
-                                                security_group_rule_default_id)
-
-
-def security_group_default_rule_destroy(context,
-                                        security_group_rule_default_id):
-    return IMPL.security_group_default_rule_destroy(
-        context, security_group_rule_default_id)
-
-
-def security_group_default_rule_create(context, values):
-    return IMPL.security_group_default_rule_create(context, values)
-
-
-def security_group_default_rule_list(context):
-    return IMPL.security_group_default_rule_list(context)
-
-
-###################
-
-
 def provider_fw_rule_create(context, rule):
     """Add a firewall rule at the provider level (all hosts & instances)."""
     return IMPL.provider_fw_rule_create(context, rule)

nova/db/sqlalchemy/api.py

@@ -4116,18 +4116,6 @@ def _security_group_ensure_default(context):
                   'user_id': context.user_id,
                   'project_id': context.project_id}
         default_group = security_group_create(context, values)
-
-        default_rules = _security_group_rule_get_default_query(context).all()
-        for default_rule in default_rules:
-            # This is suboptimal, it should be programmatic to know
-            # the values of the default_rule
-            rule_values = {'protocol': default_rule.protocol,
-                           'from_port': default_rule.from_port,
-                           'to_port': default_rule.to_port,
-                           'cidr': default_rule.cidr,
-                           'parent_group_id': default_group.id,
-            }
-            _security_group_rule_create(context, rule_values)
     return default_group
 
 
@@ -4229,52 +4217,6 @@ def security_group_rule_count_by_group(context, security_group_id):
 ###################
 
 
-def _security_group_rule_get_default_query(context):
-    return model_query(context, models.SecurityGroupIngressDefaultRule)
-
-
-@require_context
-@pick_context_manager_reader
-def security_group_default_rule_get(context, security_group_rule_default_id):
-    result = _security_group_rule_get_default_query(context).\
-                        filter_by(id=security_group_rule_default_id).\
-                        first()
-
-    if not result:
-        raise exception.SecurityGroupDefaultRuleNotFound(
-                                        rule_id=security_group_rule_default_id)
-
-    return result
-
-
-@pick_context_manager_writer
-def security_group_default_rule_destroy(context,
-                                        security_group_rule_default_id):
-    count = _security_group_rule_get_default_query(context).\
-                        filter_by(id=security_group_rule_default_id).\
-                        soft_delete()
-    if count == 0:
-        raise exception.SecurityGroupDefaultRuleNotFound(
-                                    rule_id=security_group_rule_default_id)
-
-
-@pick_context_manager_writer
-def security_group_default_rule_create(context, values):
-    security_group_default_rule_ref = models.SecurityGroupIngressDefaultRule()
-    security_group_default_rule_ref.update(values)
-    security_group_default_rule_ref.save(context.session)
-    return security_group_default_rule_ref
-
-
-@require_context
-@pick_context_manager_reader
-def security_group_default_rule_list(context):
-    return _security_group_rule_get_default_query(context).all()
-
-
-###################
-
-
 @pick_context_manager_writer
 def provider_fw_rule_create(context, rule):
     fw_rule_ref = models.ProviderFirewallRule()

nova/db/sqlalchemy/models.py

@@ -717,6 +717,8 @@ class SecurityGroupIngressRule(BASE, NovaBase, models.SoftDeleteMixin):
         'SecurityGroupIngressRule.deleted == 0)')
 
 
+# TODO(stephenfin): Remove this in the V release or later, once we're sure we
+# won't want it back (it's for nova-network, so we won't)
 class SecurityGroupIngressDefaultRule(BASE, NovaBase, models.SoftDeleteMixin):
     __tablename__ = 'security_group_default_rules'
     __table_args__ = ()

nova/exception.py

@@ -1164,10 +1164,6 @@ class SecurityGroupNotExistsForInstance(Invalid):
                 " the instance %(instance_id)s")
 
 
-class SecurityGroupDefaultRuleNotFound(Invalid):
-    msg_fmt = _("Security group default rule (%rule_id)s not found.")
-
-
 class SecurityGroupCannotBeApplied(Invalid):
     msg_fmt = _("Network requires port_security_enabled and subnet associated"
                 " in order to apply security groups.")

nova/network/security_group/neutron_driver.py

@@ -558,23 +558,3 @@ class SecurityGroupAPI(security_group_base.SecurityGroupBase):
                    {'security_group_name': security_group_name,
                     'instance': instance.uuid})
             self.raise_not_found(msg)
-
-    def get_default_rule(self, context, id):
-        msg = _("Network driver does not support this function.")
-        raise exc.HTTPNotImplemented(explanation=msg)
-
-    def get_all_default_rules(self, context):
-        msg = _("Network driver does not support this function.")
-        raise exc.HTTPNotImplemented(explanation=msg)
-
-    def add_default_rules(self, context, vals):
-        msg = _("Network driver does not support this function.")
-        raise exc.HTTPNotImplemented(explanation=msg)
-
-    def remove_default_rules(self, context, rule_ids):
-        msg = _("Network driver does not support this function.")
-        raise exc.HTTPNotImplemented(explanation=msg)
-
-    def default_rule_exists(self, context, values):
-        msg = _("Network driver does not support this function.")
-        raise exc.HTTPNotImplemented(explanation=msg)