def remove_rule(self, context, id, rule_info):
     LOG.debug("remove_rule() called")
     self._validate_insert_remove_rule_request(id, rule_info)
     firewall_rule_id = rule_info['firewall_rule_id']
     if not firewall_rule_id:
         raise fw_ext.FirewallRuleNotFound(firewall_rule_id=None)
     with context.session.begin(subtransactions=True):
         fwr_db = self._get_firewall_rule(context, firewall_rule_id)
         if fwr_db.firewall_policy_id != id:
             raise fw_ext.FirewallRuleNotAssociatedWithPolicy(
                 firewall_rule_id=fwr_db['id'], firewall_policy_id=id)
         return self._process_rule_for_policy(context, id, fwr_db, None)
 def insert_rule(self, context, id, rule_info):
     LOG.debug("insert_rule() called")
     self._validate_insert_remove_rule_request(id, rule_info)
     firewall_rule_id = rule_info['firewall_rule_id']
     insert_before = True
     ref_firewall_rule_id = None
     if not firewall_rule_id:
         raise fw_ext.FirewallRuleNotFound(firewall_rule_id=None)
     if 'insert_before' in rule_info:
         ref_firewall_rule_id = rule_info['insert_before']
     if not ref_firewall_rule_id and 'insert_after' in rule_info:
         # If insert_before is set, we will ignore insert_after.
         ref_firewall_rule_id = rule_info['insert_after']
         insert_before = False
     with context.session.begin(subtransactions=True):
         fwr_db = self._get_firewall_rule(context, firewall_rule_id)
         fwp_db = self._get_firewall_policy(context, id)
         if fwr_db.firewall_policy_id:
             raise fw_ext.FirewallRuleInUse(firewall_rule_id=fwr_db['id'])
         self._check_firewall_rule_conflict(fwr_db, fwp_db)
         if ref_firewall_rule_id:
             # If reference_firewall_rule_id is set, the new rule
             # is inserted depending on the value of insert_before.
             # If insert_before is set, the new rule is inserted before
             # reference_firewall_rule_id, and if it is not set the new
             # rule is inserted after reference_firewall_rule_id.
             ref_fwr_db = self._get_firewall_rule(context,
                                                  ref_firewall_rule_id)
             if ref_fwr_db.firewall_policy_id != id:
                 raise fw_ext.FirewallRuleNotAssociatedWithPolicy(
                     firewall_rule_id=ref_fwr_db['id'],
                     firewall_policy_id=id)
             if insert_before:
                 position = ref_fwr_db.position
             else:
                 position = ref_fwr_db.position + 1
         else:
             # If reference_firewall_rule_id is not set, it is assumed
             # that the new rule needs to be inserted at the top.
             # insert_before field is ignored.
             # So default insertion is always at the top.
             # Also note that position numbering starts at 1.
             position = 1
         return self._process_rule_for_policy(context, id, fwr_db, position)