def _validate_ports_for_firewall_group(self, context, tenant_id,
fwg_ports):
"""Validate firewall group associated ports
Check if the firewall group associated ports have the same project
owner and is router interface type or a compute layer 2 and supported
by the firewall driver
:param context: neutron context
:param tenant_id: firewall group project ID
:param fwg_ports: firewall group associated ports
"""
# TODO(sridar): elevated context and do we want to use public ?
for port_id in fwg_ports:
port = self._core_plugin.get_port(context, port_id)
if port['tenant_id'] != tenant_id:
raise f_exc.FirewallGroupPortInvalidProject(
port_id=port_id, project_id=port['tenant_id'])
device_owner = port.get('device_owner', '')
if device_owner in nl_constants.ROUTER_INTERFACE_OWNERS:
if not self.driver.is_supported_l3_port(port):
raise exceptions.FirewallGroupPortNotSupported(
driver_name=self.driver_name, port_id=port_id)
elif device_owner.startswith(
nl_constants.DEVICE_OWNER_COMPUTE_PREFIX):
if not self._is_supported_l2_port(context, port_id):
raise exceptions.FirewallGroupPortNotSupported(
driver_name=self.driver_name, port_id=port_id)
else:
raise f_exc.FirewallGroupPortInvalid(port_id=port_id)
def _validate_ports_for_firewall_group(self, context, tenant_id,
fwg_ports):
# TODO(sridar): elevated context and do we want to use public ?
for port_id in fwg_ports:
port_db = self._core_plugin._get_port(context, port_id)
if port_db['tenant_id'] != tenant_id:
raise f_exc.FirewallGroupPortInvalidProject(
port_id=port_id, project_id=port_db['tenant_id'])
device_owner = port_db.get('device_owner', '')
if (device_owner not in [nl_constants.DEVICE_OWNER_ROUTER_INTF]
and not device_owner.startswith(
nl_constants.DEVICE_OWNER_COMPUTE_PREFIX)):
raise f_exc.FirewallGroupPortInvalid(port_id=port_id)
if (device_owner.startswith(
nl_constants.DEVICE_OWNER_COMPUTE_PREFIX) and
not self._is_supported_by_fw_l2_driver(context, port_id)):
raise exceptions.FirewallGroupPortNotSupported(port_id=port_id)