def remove_rule(self, context, id, rule_info): LOG.debug(_("remove_rule() called")) self._validate_insert_remove_rule_request(id, rule_info) firewall_rule_id = rule_info['firewall_rule_id'] if not firewall_rule_id: raise firewall.FirewallRuleNotFound(firewall_rule_id=None) with context.session.begin(subtransactions=True): fwr_db = self._get_firewall_rule(context, firewall_rule_id) if fwr_db.firewall_policy_id != id: raise firewall.FirewallRuleNotAssociatedWithPolicy( firewall_rule_id=fwr_db['id'], firewall_policy_id=id) return self._process_rule_for_policy(context, id, fwr_db, None)
def insert_rule(self, context, id, rule_info): LOG.debug(_("insert_rule() called")) self._validate_insert_remove_rule_request(id, rule_info) firewall_rule_id = rule_info['firewall_rule_id'] insert_before = True ref_firewall_rule_id = None if not firewall_rule_id: raise firewall.FirewallRuleNotFound(firewall_rule_id=None) if 'insert_before' in rule_info: ref_firewall_rule_id = rule_info['insert_before'] if not ref_firewall_rule_id and 'insert_after' in rule_info: # If insert_before is set, we will ignore insert_after. ref_firewall_rule_id = rule_info['insert_after'] insert_before = False with context.session.begin(subtransactions=True): fwr_db = self._get_firewall_rule(context, firewall_rule_id) fwp_db = self._get_firewall_policy(context, id) if fwr_db.firewall_policy_id: raise firewall.FirewallRuleInUse(firewall_rule_id=fwr_db['id']) self._check_firewall_rule_conflict(fwr_db, fwp_db) if ref_firewall_rule_id: # If reference_firewall_rule_id is set, the new rule # is inserted depending on the value of insert_before. # If insert_before is set, the new rule is inserted before # reference_firewall_rule_id, and if it is not set the new # rule is inserted after reference_firewall_rule_id. ref_fwr_db = self._get_firewall_rule( context, ref_firewall_rule_id) if ref_fwr_db.firewall_policy_id != id: raise firewall.FirewallRuleNotAssociatedWithPolicy( firewall_rule_id=ref_fwr_db['id'], firewall_policy_id=id) if insert_before: position = ref_fwr_db.position else: position = ref_fwr_db.position + 1 else: # If reference_firewall_rule_id is not set, it is assumed # that the new rule needs to be inserted at the top. # insert_before field is ignored. # So default insertion is always at the top. # Also note that position numbering starts at 1. position = 1 return self._process_rule_for_policy(context, id, fwr_db, position)