Пример #1
0
    def _validate_fwg_parameters(self, context, fwg, fwg_tenant_id):
        # On updates, all keys will not be present so check and validate.
        if 'ingress_firewall_policy_id' in fwg:
            fwp_id = fwg['ingress_firewall_policy_id']
            if fwp_id is not None:
                fwp = self._get_firewall_policy(context, fwp_id)
                if fwg_tenant_id != fwp['tenant_id'] and not fwp['shared']:
                    raise f_exc.FirewallPolicyConflict(
                        firewall_policy_id=fwp_id)

        if 'egress_firewall_policy_id' in fwg:
            fwp_id = fwg['egress_firewall_policy_id']
            if fwp_id is not None:
                fwp = self._get_firewall_policy(context, fwp_id)
                if fwg_tenant_id != fwp['tenant_id'] and not fwp['shared']:
                    raise f_exc.FirewallPolicyConflict(
                        firewall_policy_id=fwp_id)
        return
Пример #2
0
    def _validate_firewall_policies_for_firewall_group(self, context, fwg):
        """Validate firewall group and policy owner

        Check if the firewall policy is not shared, it have the same project
        owner than the friewall group.
        :param context: neutron context
        :param fwg: firewall group to validate
        """
        for policy_type in ['ingress_firewall_policy_id',
                            'egress_firewall_policy_id']:
            if fwg.get(policy_type):
                fwp = self.get_firewall_policy(context, fwg[policy_type])
                if fwg['tenant_id'] != fwp['tenant_id'] and not fwp['shared']:
                    raise f_exc.FirewallPolicyConflict(
                        firewall_policy_id=fwg[policy_type])