def update_firewall_rule(self, context, id, firewall_rule):
     LOG.debug("update_firewall_rule() called")
     fwr = firewall_rule['firewall_rule']
     fwr_db = self._get_firewall_rule(context, id)
     if fwr_db.firewall_policy_id:
         fwp_db = self._get_firewall_policy(context,
                                            fwr_db.firewall_policy_id)
         if 'shared' in fwr and not fwr['shared']:
             if fwr_db['tenant_id'] != fwp_db['tenant_id']:
                 raise fw_ext.FirewallRuleInUse(firewall_rule_id=id)
     if 'source_port' in fwr:
         src_port_min, src_port_max = self._get_min_max_ports_from_range(
             fwr['source_port'])
         fwr['source_port_range_min'] = src_port_min
         fwr['source_port_range_max'] = src_port_max
         del fwr['source_port']
     if 'destination_port' in fwr:
         dst_port_min, dst_port_max = self._get_min_max_ports_from_range(
             fwr['destination_port'])
         fwr['destination_port_range_min'] = dst_port_min
         fwr['destination_port_range_max'] = dst_port_max
         del fwr['destination_port']
     with context.session.begin(subtransactions=True):
         protocol = fwr.get('protocol', fwr_db['protocol'])
         if not protocol:
             sport = fwr.get('source_port_range_min',
                             fwr_db['source_port_range_min'])
             dport = fwr.get('destination_port_range_min',
                             fwr_db['destination_port_range_min'])
             if sport or dport:
                 raise fw_ext.FirewallRuleWithPortWithoutProtocolInvalid()
         fwr_db.update(fwr)
         if fwr_db.firewall_policy_id:
             fwp_db.audited = False
     return self._make_firewall_rule_dict(fwr_db)
 def create_firewall_rule(self, context, firewall_rule):
     LOG.debug("create_firewall_rule() called")
     fwr = firewall_rule['firewall_rule']
     self._validate_fwr_protocol_parameters(fwr)
     self._validate_fwr_src_dst_ip_version(fwr)
     if not fwr['protocol'] and (fwr['source_port']
                                 or fwr['destination_port']):
         raise fw_ext.FirewallRuleWithPortWithoutProtocolInvalid()
     src_port_min, src_port_max = self._get_min_max_ports_from_range(
         fwr['source_port'])
     dst_port_min, dst_port_max = self._get_min_max_ports_from_range(
         fwr['destination_port'])
     with context.session.begin(subtransactions=True):
         fwr_db = FirewallRule(
             id=uuidutils.generate_uuid(),
             tenant_id=fwr['tenant_id'],
             name=fwr['name'],
             description=fwr['description'],
             shared=fwr['shared'],
             protocol=fwr['protocol'],
             ip_version=fwr['ip_version'],
             source_ip_address=fwr['source_ip_address'],
             destination_ip_address=fwr['destination_ip_address'],
             source_port_range_min=src_port_min,
             source_port_range_max=src_port_max,
             destination_port_range_min=dst_port_min,
             destination_port_range_max=dst_port_max,
             action=fwr['action'],
             enabled=fwr['enabled'])
         context.session.add(fwr_db)
     return self._make_firewall_rule_dict(fwr_db)