def test_set_port_for_default_firewall_group_raised_port_in_use(self):
port_id = 'fake_port_id_already_associated_to_default_fw'
port = {
"id": port_id,
"device_owner": "compute:nova",
"binding:vif_type": "ovs",
"binding:vif_details": {
"ovs_hybrid_plug": False
},
"project_id": "fake_project",
"port_security_enabled": True,
}
self.plugin._core_plugin.get_port = mock.Mock(return_value=port)
self.plugin.get_firewall_groups = mock.Mock(return_value=[])
self.plugin.update_firewall_group = mock.Mock(
side_effect=f_exc.FirewallGroupPortInUse(port_ids=[port_id]))
kwargs = {
"context": mock.ANY,
"port": port,
"original_port": {
"binding:vif_type": "unbound"
}
}
try:
self.plugin.handle_update_port("PORT", "after_update",
"test_plugin", **kwargs)
except f_exc.FirewallGroupPortInUse:
self.fail("Associating port to default firewall group raises "
"'FirewallGroupPortInUse' while it should ignore it")
def _validate_if_firewall_group_on_ports(self,
context,
firewall_group,
id=None):
"""Validate if ports are not associated with any firewall_group.
If any of the ports in the list is already associated with
a firewall group, raise an exception else just return.
:param context: neutron context
:param fwg: firewall group to validate
"""
if 'ports' not in firewall_group or not firewall_group['ports']:
return
filters = {
'tenant_id': [firewall_group['tenant_id']],
'ports': firewall_group['ports'],
}
ports_in_use = set()
for fwg in self.get_firewall_groups(context, filters=filters):
if id is not None and fwg['id'] == id:
continue
ports_in_use |= set(fwg.get('ports', [])) & \
set(firewall_group['ports'])
if ports_in_use:
raise f_exc.FirewallGroupPortInUse(port_ids=list(ports_in_use))
def _validate_if_firewall_group_on_ports(self,
context,
port_ids,
fwg_id=None):
"""Validate if ports are not associated with any firewall_group.
If any of the ports in the list is already associated with
a firewall_group, raise an exception else just return.
"""
fwg_port_qry = context.session.query(
FirewallGroupPortAssociation.port_id)
fwg_ports = fwg_port_qry.filter(
FirewallGroupPortAssociation.port_id.in_(port_ids),
FirewallGroupPortAssociation.firewall_group_id != fwg_id).all()
if fwg_ports:
port_ids = [entry.port_id for entry in fwg_ports]
raise f_exc.FirewallGroupPortInUse(port_ids=port_ids)
def _set_ports_for_firewall_group(self, context, fwg_db, fwg):
port_id_list = fwg['ports']
if not port_id_list:
return
exc_ports = []
for port_id in port_id_list:
try:
with context.session.begin(subtransactions=True):
fwg_port_db = FirewallGroupPortAssociation(
firewall_group_id=fwg_db['id'], port_id=port_id)
context.session.add(fwg_port_db)
except db_exc.DBDuplicateEntry:
exc_ports.append(port_id)
if exc_ports:
raise f_exc.FirewallGroupPortInUse(port_ids=exc_ports)