Default SG rules for the Security Group "Default"

Added in the API os-security-group-default-rules

This allows create, delete, list, and get (of individual rules) for
rules that will be pre-populated into the Security Group "default"
that is populated in all projects on creation.

These rules will not be applied retroactively, as it is designed
to allow the creation of a "reasonable" base-line set of sg rules.

The new rules live in a separate table that mirrors the relevant
structures of the security_group_rules table.

Added unit tests/API samples for the new API calls

Related to bp default-rules-for-default-security-group

DocImpact

Change-Id: I7ab51e68aff562bb869538197a0eca158fc3220c

1 files changed, 9 insertions, 0 deletions

diff --git a/nova/db/sqlalchemy/models.py b/nova/db/sqlalchemy/models.py
index 28d8f0882..f0dcd3307 100644
--- a/nova/db/sqlalchemy/models.py
+++ b/nova/db/sqlalchemy/models.py
@@ -541,6 +541,15 @@ class SecurityGroupIngressRule(BASE, NovaBase):
         'SecurityGroupIngressRule.deleted == 0)')
 
 
+class SecurityGroupIngressDefaultRule(BASE, NovaBase):
+    __tablename__ = 'security_group_default_rules'
+    id = Column(Integer, primary_key=True)
+    protocol = Column(String(5))  # "tcp", "udp" or "icmp"
+    from_port = Column(Integer)
+    to_port = Column(Integer)
+    cidr = Column(types.CIDR())
+
+
 class ProviderFirewallRule(BASE, NovaBase):
     """Represents a rule in a security group."""
     __tablename__ = 'provider_fw_rules'