def _check_rules_for_policy_is_valid(self, context, fwp, fwp_db,
rule_id_list, filters):
rules_in_fwr_db = self._get_collection_query(context,
FirewallRuleV2,
filters=filters)
rules_dict = dict((fwr_db['id'], fwr_db) for fwr_db in rules_in_fwr_db)
for fwrule_id in rule_id_list:
if fwrule_id not in rules_dict:
# Bail as soon as we find an invalid rule.
raise f_exc.FirewallRuleNotFound(firewall_rule_id=fwrule_id)
if 'shared' in fwp:
if fwp['shared'] and not rules_dict[fwrule_id]['shared']:
raise f_exc.FirewallRuleSharingConflict(
firewall_rule_id=fwrule_id,
firewall_policy_id=fwp_db['id'])
elif fwp_db['shared'] and not rules_dict[fwrule_id]['shared']:
raise f_exc.FirewallRuleSharingConflict(
firewall_rule_id=fwrule_id,
firewall_policy_id=fwp_db['id'])
else:
# the policy is not shared, the rule and policy should be in
# the same project if the rule is not shared.
if not rules_dict[fwrule_id]['shared']:
if (rules_dict[fwrule_id]['tenant_id'] !=
fwp_db['tenant_id']):
raise f_exc.FirewallRuleConflict(
firewall_rule_id=fwrule_id,
project_id=rules_dict[fwrule_id]['tenant_id'])
def _check_firewall_rule_conflict(self, fwr_db, fwp_db):
if not fwr_db['shared']:
if fwr_db['tenant_id'] != fwp_db['tenant_id']:
raise f_exc.FirewallRuleConflict(
firewall_rule_id=fwr_db['id'],
project_id=fwr_db['tenant_id'])