Merge "nova-net: Remove unused '*_default_rules' security group DB APIs"

10 months ago · 50d3933b2d
--- a/nova/compute/api.py
+++ b/nova/compute/api.py
@@ -6365,40 +6365,6 @@ class SecurityGroupAPI(base.Base, security_group_base.SecurityGroupBase):
        # NOTE(vish): we removed some rules, so refresh
        self.trigger_rules_refresh(context, id=security_group['id'])

    def remove_default_rules(self, context, rule_ids):
        for rule_id in rule_ids:
            self.db.security_group_default_rule_destroy(context, rule_id)

    def add_default_rules(self, context, vals):
        rules = [self.db.security_group_default_rule_create(context, v)
                 for v in vals]
        return rules

    def default_rule_exists(self, context, values):
        """Indicates whether the specified rule values are already
           defined in the default security group rules.
        """
        for rule in self.db.security_group_default_rule_list(context):
            keys = ('cidr', 'from_port', 'to_port', 'protocol')
            for key in keys:
                if rule.get(key) != values.get(key):
                    break
            else:
                return rule.get('id') or True
        return False

    def get_all_default_rules(self, context):
        try:
            rules = self.db.security_group_default_rule_list(context)
        except Exception:
            msg = 'cannot get default security group rules'
            raise exception.SecurityGroupDefaultRuleNotFound(msg)

        return rules

    def get_default_rule(self, context, id):
        return self.db.security_group_default_rule_get(context, id)

    def validate_id(self, id):
        try:
            return int(id)
--- a/nova/db/api.py
+++ b/nova/db/api.py
@@ -1385,28 +1385,6 @@ def security_group_rule_count_by_group(context, security_group_id):
 ###################


 def security_group_default_rule_get(context, security_group_rule_default_id):
    return IMPL.security_group_default_rule_get(context,
                                                security_group_rule_default_id)


 def security_group_default_rule_destroy(context,
                                        security_group_rule_default_id):
    return IMPL.security_group_default_rule_destroy(
        context, security_group_rule_default_id)


 def security_group_default_rule_create(context, values):
    return IMPL.security_group_default_rule_create(context, values)


 def security_group_default_rule_list(context):
    return IMPL.security_group_default_rule_list(context)


 ###################


 def provider_fw_rule_create(context, rule):
    """Add a firewall rule at the provider level (all hosts & instances)."""
    return IMPL.provider_fw_rule_create(context, rule)
--- a/nova/db/sqlalchemy/api.py
+++ b/nova/db/sqlalchemy/api.py
@@ -4116,18 +4116,6 @@ def _security_group_ensure_default(context):
                  'user_id': context.user_id,
                  'project_id': context.project_id}
        default_group = security_group_create(context, values)

        default_rules = _security_group_rule_get_default_query(context).all()
        for default_rule in default_rules:
            # This is suboptimal, it should be programmatic to know
            # the values of the default_rule
            rule_values = {'protocol': default_rule.protocol,
                           'from_port': default_rule.from_port,
                           'to_port': default_rule.to_port,
                           'cidr': default_rule.cidr,
                           'parent_group_id': default_group.id,
            }
            _security_group_rule_create(context, rule_values)
    return default_group


@@ -4229,52 +4217,6 @@ def security_group_rule_count_by_group(context, security_group_id):
 ###################


 def _security_group_rule_get_default_query(context):
    return model_query(context, models.SecurityGroupIngressDefaultRule)


@require_context
@pick_context_manager_reader
 def security_group_default_rule_get(context, security_group_rule_default_id):
    result = _security_group_rule_get_default_query(context).\
                        filter_by(id=security_group_rule_default_id).\
                        first()

    if not result:
        raise exception.SecurityGroupDefaultRuleNotFound(
                                        rule_id=security_group_rule_default_id)

    return result


@pick_context_manager_writer
 def security_group_default_rule_destroy(context,
                                        security_group_rule_default_id):
    count = _security_group_rule_get_default_query(context).\
                        filter_by(id=security_group_rule_default_id).\
                        soft_delete()
    if count == 0:
        raise exception.SecurityGroupDefaultRuleNotFound(
                                    rule_id=security_group_rule_default_id)


@pick_context_manager_writer
 def security_group_default_rule_create(context, values):
    security_group_default_rule_ref = models.SecurityGroupIngressDefaultRule()
    security_group_default_rule_ref.update(values)
    security_group_default_rule_ref.save(context.session)
    return security_group_default_rule_ref


@require_context
@pick_context_manager_reader
 def security_group_default_rule_list(context):
    return _security_group_rule_get_default_query(context).all()


 ###################


@pick_context_manager_writer
 def provider_fw_rule_create(context, rule):
    fw_rule_ref = models.ProviderFirewallRule()
--- a/nova/db/sqlalchemy/models.py
+++ b/nova/db/sqlalchemy/models.py
@@ -717,6 +717,8 @@ class SecurityGroupIngressRule(BASE, NovaBase, models.SoftDeleteMixin):
        'SecurityGroupIngressRule.deleted == 0)')


 # TODO(stephenfin): Remove this in the V release or later, once we're sure we
 # won't want it back (it's for nova-network, so we won't)
 class SecurityGroupIngressDefaultRule(BASE, NovaBase, models.SoftDeleteMixin):
    __tablename__ = 'security_group_default_rules'
    __table_args__ = ()
--- a/nova/exception.py
+++ b/nova/exception.py
@@ -1164,10 +1164,6 @@ class SecurityGroupNotExistsForInstance(Invalid):
                " the instance %(instance_id)s")


 class SecurityGroupDefaultRuleNotFound(Invalid):
    msg_fmt = _("Security group default rule (%rule_id)s not found.")


 class SecurityGroupCannotBeApplied(Invalid):
    msg_fmt = _("Network requires port_security_enabled and subnet associated"
                " in order to apply security groups.")
--- a/nova/network/security_group/neutron_driver.py
+++ b/nova/network/security_group/neutron_driver.py
@@ -558,23 +558,3 @@ class SecurityGroupAPI(security_group_base.SecurityGroupBase):
                   {'security_group_name': security_group_name,
                    'instance': instance.uuid})
            self.raise_not_found(msg)

    def get_default_rule(self, context, id):
        msg = _("Network driver does not support this function.")
        raise exc.HTTPNotImplemented(explanation=msg)

    def get_all_default_rules(self, context):
        msg = _("Network driver does not support this function.")
        raise exc.HTTPNotImplemented(explanation=msg)

    def add_default_rules(self, context, vals):
        msg = _("Network driver does not support this function.")
        raise exc.HTTPNotImplemented(explanation=msg)

    def remove_default_rules(self, context, rule_ids):
        msg = _("Network driver does not support this function.")
        raise exc.HTTPNotImplemented(explanation=msg)

    def default_rule_exists(self, context, values):
        msg = _("Network driver does not support this function.")
        raise exc.HTTPNotImplemented(explanation=msg)