def test_set_port_for_default_firewall_group_raised_port_in_use(self): port_id = 'fake_port_id_already_associated_to_default_fw' port = { "id": port_id, "device_owner": "compute:nova", "binding:vif_type": "ovs", "binding:vif_details": { "ovs_hybrid_plug": False }, "project_id": "fake_project", "port_security_enabled": True, } self.plugin._core_plugin.get_port = mock.Mock(return_value=port) self.plugin.get_firewall_groups = mock.Mock(return_value=[]) self.plugin.update_firewall_group = mock.Mock( side_effect=f_exc.FirewallGroupPortInUse(port_ids=[port_id])) kwargs = { "context": mock.ANY, "port": port, "original_port": { "binding:vif_type": "unbound" } } try: self.plugin.handle_update_port("PORT", "after_update", "test_plugin", **kwargs) except f_exc.FirewallGroupPortInUse: self.fail("Associating port to default firewall group raises " "'FirewallGroupPortInUse' while it should ignore it")
def _validate_if_firewall_group_on_ports(self, context, firewall_group, id=None): """Validate if ports are not associated with any firewall_group. If any of the ports in the list is already associated with a firewall group, raise an exception else just return. :param context: neutron context :param fwg: firewall group to validate """ if 'ports' not in firewall_group or not firewall_group['ports']: return filters = { 'tenant_id': [firewall_group['tenant_id']], 'ports': firewall_group['ports'], } ports_in_use = set() for fwg in self.get_firewall_groups(context, filters=filters): if id is not None and fwg['id'] == id: continue ports_in_use |= set(fwg.get('ports', [])) & \ set(firewall_group['ports']) if ports_in_use: raise f_exc.FirewallGroupPortInUse(port_ids=list(ports_in_use))
def _validate_if_firewall_group_on_ports(self, context, port_ids, fwg_id=None): """Validate if ports are not associated with any firewall_group. If any of the ports in the list is already associated with a firewall_group, raise an exception else just return. """ fwg_port_qry = context.session.query( FirewallGroupPortAssociation.port_id) fwg_ports = fwg_port_qry.filter( FirewallGroupPortAssociation.port_id.in_(port_ids), FirewallGroupPortAssociation.firewall_group_id != fwg_id).all() if fwg_ports: port_ids = [entry.port_id for entry in fwg_ports] raise f_exc.FirewallGroupPortInUse(port_ids=port_ids)
def _set_ports_for_firewall_group(self, context, fwg_db, fwg): port_id_list = fwg['ports'] if not port_id_list: return exc_ports = [] for port_id in port_id_list: try: with context.session.begin(subtransactions=True): fwg_port_db = FirewallGroupPortAssociation( firewall_group_id=fwg_db['id'], port_id=port_id) context.session.add(fwg_port_db) except db_exc.DBDuplicateEntry: exc_ports.append(port_id) if exc_ports: raise f_exc.FirewallGroupPortInUse(port_ids=exc_ports)