コード例 #1
0
def validate_security_group_request(context, log_data):
    """Validate a log request

    This method validates log request is satisfied or not.

    A ResourceNotFound will be raised if resource_id in log_data not exists or
    a TargetResourceNotFound will be raised if target_id in log_data not
    exists. This method will also raise a LoggingTypeNotSupported, if there is
    no log_driver supporting for resource_type in log_data.

    In addition, if log_data specify both resource_id and target_id. A
    InvalidResourceConstraint will be raised if there is no constraint between
    resource_id and target_id.

    """

    resource_id = log_data.get('resource_id')
    target_id = log_data.get('target_id')
    if resource_id:
        _check_sg_exists(context, resource_id)
    if target_id:
        port = _get_port(context, target_id)
        if not validators.validate_log_type_for_port(log_const.SECURITY_GROUP,
                                                     port):
            raise log_exc.LoggingTypeNotSupported(
                log_type=log_const.SECURITY_GROUP, port_id=target_id)
    if resource_id and target_id:
        _check_port_bound_sg(context, resource_id, target_id)
コード例 #2
0
def _check_fwg_port(context, port_id):

    # Checking port exists
    port = ports.Port.get_object(context, id=port_id)
    if not port:
        raise log_exc.TargetResourceNotFound(target_id=port_id)

    device_owner = port.get('device_owner', '')
    # Checking supported firewall group logging for vm port
    if device_owner.startswith(nl_const.DEVICE_OWNER_COMPUTE_PREFIX):
        if not validators.validate_log_type_for_port(
                log_const.FIREWALL_GROUP, port):
            raise log_exc.LoggingTypeNotSupported(
                log_type=log_const.FIREWALL_GROUP,
                port_id=port_id)
    # Checking supported firewall group for router interface, DVR interface,
    # and HA replicated interface
    elif device_owner not in nl_const.ROUTER_INTERFACE_OWNERS:
        raise log_exc.LoggingTypeNotSupported(
            log_type=log_const.FIREWALL_GROUP, port_id=port_id)

    # Checking port status
    port_status = port.get('status')
    if port_status != nl_const.PORT_STATUS_ACTIVE:
        raise fwg_log_exc.PortIsNotReadyForLogging(target_id=port_id,
                                                   port_status=port_status)

    # Checking whether router port or vm port binding with any firewall group
    fwg_id = fwg_plugin.driver.firewall_db.get_fwg_attached_to_port(
        context, port_id=port_id)

    if not fwg_id:
        raise fwg_log_exc.TargetResourceNotAssociated(target_id=port_id)

    fwg = fwg_plugin.get_firewall_group(context, id=fwg_id)

    if fwg['status'] != nl_const.ACTIVE:
        raise fwg_log_exc.FWGIsNotReadyForLogging(fwg_id=fwg_id,
                                                  fwg_status=fwg['status'])