def _add_rule_below(self, context, ref_rule_id, edge_id, firewall_rule):
rule_map = nsxv_db.get_nsxv_edge_firewallrule_binding(context.session, ref_rule_id, edge_id)
ref_vcns_rule_id = rule_map.rule_vseid
fwr_vse_next = self._get_firewall_rule_next(context, edge_id, ref_vcns_rule_id)
fwr_req = self._convert_firewall_rule(context, firewall_rule)
if fwr_vse_next:
ref_vcns_rule_id = fwr_vse_next["ruleId"]
try:
header = self.vcns.add_firewall_rule_above(edge_id, int(ref_vcns_rule_id), fwr_req)[0]
except vcns_exc.VcnsApiException:
with excutils.save_and_reraise_exception():
LOG.exception(
_LE("Failed to add firewall rule above: " "%(rule_id)s with edge_id: %(edge_id)s"),
{"rule_id": ref_vcns_rule_id, "edge_id": edge_id},
)
else:
# append the rule at the bottom
try:
header = self.vcns.add_firewall_rule(edge_id, fwr_req)[0]
except vcns_exc.VcnsApiException:
with excutils.save_and_reraise_exception():
LOG.exception(_LE("Failed to append a firewall rule" "with edge_id: %s"), edge_id)
objuri = header["location"]
fwr_vseid = objuri[objuri.rfind("/") + 1 :]
map_info = {"rule_id": firewall_rule["id"], "rule_vseid": fwr_vseid, "edge_id": edge_id}
nsxv_db.add_nsxv_edge_firewallrule_binding(context.session, map_info)
def _create_rule_id_mapping(self, context, edge_id, firewall, vcns_fw):
for rule in vcns_fw["firewallRules"]["firewallRules"]:
index = rule["ruleTag"] - 1
# TODO(linb):a simple filter of the retrived rules which may be
# created by other operations unintentionally
if index < len(firewall["firewall_rule_list"]):
rule_vseid = rule["ruleId"]
rule_id = firewall["firewall_rule_list"][index]["id"]
map_info = {"rule_id": rule_id, "rule_vseid": rule_vseid, "edge_id": edge_id}
nsxv_db.add_nsxv_edge_firewallrule_binding(context.session, map_info)
def _create_rule_id_mapping(
self, context, edge_id, firewall, vcns_fw):
for rule in vcns_fw['firewallRules']['firewallRules']:
index = rule['ruleTag'] - 1
#TODO(linb):a simple filter of the retrived rules which may be
#created by other operations unintentionally
if index < len(firewall['firewall_rule_list']):
rule_vseid = rule['ruleId']
rule_id = firewall['firewall_rule_list'][index]['id']
map_info = {
'rule_id': rule_id,
'rule_vseid': rule_vseid,
'edge_id': edge_id
}
nsxv_db.add_nsxv_edge_firewallrule_binding(
context.session, map_info)
def _add_rule_above(self, context, ref_rule_id, edge_id, firewall_rule):
rule_map = nsxv_db.get_nsxv_edge_firewallrule_binding(
context.session, ref_rule_id, edge_id)
ref_vcns_rule_id = rule_map.rule_vseid
fwr_req = self._convert_firewall_rule(context, firewall_rule)
try:
header = self.vcns.add_firewall_rule_above(
edge_id, ref_vcns_rule_id, fwr_req)[0]
except vcns_exc.VcnsApiException:
with excutils.save_and_reraise_exception():
LOG.exception(_LE("Failed to add firewall rule above: "
"%(rule_id)s with edge_id: %(edge_id)s"),
{'rule_id': ref_vcns_rule_id,
'edge_id': edge_id})
objuri = header['location']
fwr_vseid = objuri[objuri.rfind("/") + 1:]
map_info = {
'rule_id': firewall_rule['id'],
'rule_vseid': fwr_vseid,
'edge_id': edge_id}
nsxv_db.add_nsxv_edge_firewallrule_binding(
context.session, map_info)
