diff --git a/nova/compute/api.py b/nova/compute/api.py index 93b7007c63f..9fe27c8e1d8 100644 --- a/nova/compute/api.py +++ b/nova/compute/api.py @@ -6365,40 +6365,6 @@ def remove_rules(self, context, security_group, rule_ids): # NOTE(vish): we removed some rules, so refresh self.trigger_rules_refresh(context, id=security_group['id']) - def remove_default_rules(self, context, rule_ids): - for rule_id in rule_ids: - self.db.security_group_default_rule_destroy(context, rule_id) - - def add_default_rules(self, context, vals): - rules = [self.db.security_group_default_rule_create(context, v) - for v in vals] - return rules - - def default_rule_exists(self, context, values): - """Indicates whether the specified rule values are already - defined in the default security group rules. - """ - for rule in self.db.security_group_default_rule_list(context): - keys = ('cidr', 'from_port', 'to_port', 'protocol') - for key in keys: - if rule.get(key) != values.get(key): - break - else: - return rule.get('id') or True - return False - - def get_all_default_rules(self, context): - try: - rules = self.db.security_group_default_rule_list(context) - except Exception: - msg = 'cannot get default security group rules' - raise exception.SecurityGroupDefaultRuleNotFound(msg) - - return rules - - def get_default_rule(self, context, id): - return self.db.security_group_default_rule_get(context, id) - def validate_id(self, id): try: return int(id) diff --git a/nova/db/api.py b/nova/db/api.py index cc273a0ba6a..5828970b490 100644 --- a/nova/db/api.py +++ b/nova/db/api.py @@ -1385,28 +1385,6 @@ def security_group_rule_count_by_group(context, security_group_id): ################### -def security_group_default_rule_get(context, security_group_rule_default_id): - return IMPL.security_group_default_rule_get(context, - security_group_rule_default_id) - - -def security_group_default_rule_destroy(context, - security_group_rule_default_id): - return IMPL.security_group_default_rule_destroy( - context, security_group_rule_default_id) - - -def security_group_default_rule_create(context, values): - return IMPL.security_group_default_rule_create(context, values) - - -def security_group_default_rule_list(context): - return IMPL.security_group_default_rule_list(context) - - -################### - - def provider_fw_rule_create(context, rule): """Add a firewall rule at the provider level (all hosts & instances).""" return IMPL.provider_fw_rule_create(context, rule) diff --git a/nova/db/sqlalchemy/api.py b/nova/db/sqlalchemy/api.py index 03362d70908..af39e9e234d 100644 --- a/nova/db/sqlalchemy/api.py +++ b/nova/db/sqlalchemy/api.py @@ -4116,18 +4116,6 @@ def _security_group_ensure_default(context): 'user_id': context.user_id, 'project_id': context.project_id} default_group = security_group_create(context, values) - - default_rules = _security_group_rule_get_default_query(context).all() - for default_rule in default_rules: - # This is suboptimal, it should be programmatic to know - # the values of the default_rule - rule_values = {'protocol': default_rule.protocol, - 'from_port': default_rule.from_port, - 'to_port': default_rule.to_port, - 'cidr': default_rule.cidr, - 'parent_group_id': default_group.id, - } - _security_group_rule_create(context, rule_values) return default_group @@ -4229,52 +4217,6 @@ def security_group_rule_count_by_group(context, security_group_id): ################### -def _security_group_rule_get_default_query(context): - return model_query(context, models.SecurityGroupIngressDefaultRule) - - -@require_context -@pick_context_manager_reader -def security_group_default_rule_get(context, security_group_rule_default_id): - result = _security_group_rule_get_default_query(context).\ - filter_by(id=security_group_rule_default_id).\ - first() - - if not result: - raise exception.SecurityGroupDefaultRuleNotFound( - rule_id=security_group_rule_default_id) - - return result - - -@pick_context_manager_writer -def security_group_default_rule_destroy(context, - security_group_rule_default_id): - count = _security_group_rule_get_default_query(context).\ - filter_by(id=security_group_rule_default_id).\ - soft_delete() - if count == 0: - raise exception.SecurityGroupDefaultRuleNotFound( - rule_id=security_group_rule_default_id) - - -@pick_context_manager_writer -def security_group_default_rule_create(context, values): - security_group_default_rule_ref = models.SecurityGroupIngressDefaultRule() - security_group_default_rule_ref.update(values) - security_group_default_rule_ref.save(context.session) - return security_group_default_rule_ref - - -@require_context -@pick_context_manager_reader -def security_group_default_rule_list(context): - return _security_group_rule_get_default_query(context).all() - - -################### - - @pick_context_manager_writer def provider_fw_rule_create(context, rule): fw_rule_ref = models.ProviderFirewallRule() diff --git a/nova/db/sqlalchemy/models.py b/nova/db/sqlalchemy/models.py index 027a04fa900..fcfad5d7a36 100644 --- a/nova/db/sqlalchemy/models.py +++ b/nova/db/sqlalchemy/models.py @@ -717,6 +717,8 @@ class SecurityGroupIngressRule(BASE, NovaBase, models.SoftDeleteMixin): 'SecurityGroupIngressRule.deleted == 0)') +# TODO(stephenfin): Remove this in the V release or later, once we're sure we +# won't want it back (it's for nova-network, so we won't) class SecurityGroupIngressDefaultRule(BASE, NovaBase, models.SoftDeleteMixin): __tablename__ = 'security_group_default_rules' __table_args__ = () diff --git a/nova/exception.py b/nova/exception.py index c7dce6c39d2..11fca3f2856 100644 --- a/nova/exception.py +++ b/nova/exception.py @@ -1164,10 +1164,6 @@ class SecurityGroupNotExistsForInstance(Invalid): " the instance %(instance_id)s") -class SecurityGroupDefaultRuleNotFound(Invalid): - msg_fmt = _("Security group default rule (%rule_id)s not found.") - - class SecurityGroupCannotBeApplied(Invalid): msg_fmt = _("Network requires port_security_enabled and subnet associated" " in order to apply security groups.") diff --git a/nova/network/security_group/neutron_driver.py b/nova/network/security_group/neutron_driver.py index 3dec64cff06..5bd27f5fccf 100644 --- a/nova/network/security_group/neutron_driver.py +++ b/nova/network/security_group/neutron_driver.py @@ -558,23 +558,3 @@ def remove_from_instance(self, context, instance, security_group_name): {'security_group_name': security_group_name, 'instance': instance.uuid}) self.raise_not_found(msg) - - def get_default_rule(self, context, id): - msg = _("Network driver does not support this function.") - raise exc.HTTPNotImplemented(explanation=msg) - - def get_all_default_rules(self, context): - msg = _("Network driver does not support this function.") - raise exc.HTTPNotImplemented(explanation=msg) - - def add_default_rules(self, context, vals): - msg = _("Network driver does not support this function.") - raise exc.HTTPNotImplemented(explanation=msg) - - def remove_default_rules(self, context, rule_ids): - msg = _("Network driver does not support this function.") - raise exc.HTTPNotImplemented(explanation=msg) - - def default_rule_exists(self, context, values): - msg = _("Network driver does not support this function.") - raise exc.HTTPNotImplemented(explanation=msg)