示例#1
0
 def _set_rules_for_policy(self, context, firewall_policy_db, rule_id_list):
     fwp_db = firewall_policy_db
     with context.session.begin(subtransactions=True):
         if not rule_id_list:
             fwp_db.firewall_rules = []
             fwp_db.audited = False
             return
         # We will first check if the new list of rules is valid
         filters = {'id': [r_id for r_id in rule_id_list]}
         rules_in_db = self._get_collection_query(context, FirewallRule,
                                                  filters=filters)
         rules_dict = dict((fwr_db['id'], fwr_db) for fwr_db in rules_in_db)
         for fwrule_id in rule_id_list:
             if fwrule_id not in rules_dict:
                 # If we find an invalid rule in the list we
                 # do not perform the update since this breaks
                 # the integrity of this list.
                 raise firewall.FirewallRuleNotFound(firewall_rule_id=
                                                     fwrule_id)
             elif rules_dict[fwrule_id]['firewall_policy_id']:
                 if (rules_dict[fwrule_id]['firewall_policy_id'] !=
                         fwp_db['id']):
                     raise firewall.FirewallRuleInUse(
                         firewall_rule_id=fwrule_id)
         # New list of rules is valid so we will first reset the existing
         # list and then add each rule in order.
         # Note that the list could be empty in which case we interpret
         # it as clearing existing rules.
         fwp_db.firewall_rules = []
         for fwrule_id in rule_id_list:
             fwp_db.firewall_rules.append(rules_dict[fwrule_id])
         fwp_db.firewall_rules.reorder()
         fwp_db.audited = False
示例#2
0
 def remove_rule(self, context, id, rule_info):
     LOG.debug(_("remove_rule() called"))
     self._validate_insert_remove_rule_request(id, rule_info)
     firewall_rule_id = rule_info['firewall_rule_id']
     if not firewall_rule_id:
         raise firewall.FirewallRuleNotFound(firewall_rule_id=None)
     with context.session.begin(subtransactions=True):
         fwr_db = self._get_firewall_rule(context, firewall_rule_id)
         if fwr_db.firewall_policy_id != id:
             raise firewall.FirewallRuleNotAssociatedWithPolicy(
                 firewall_rule_id=fwr_db['id'], firewall_policy_id=id)
         return self._process_rule_for_policy(context, id, fwr_db, None)
示例#3
0
 def insert_rule(self, context, id, rule_info):
     LOG.debug(_("insert_rule() called"))
     self._validate_insert_remove_rule_request(id, rule_info)
     firewall_rule_id = rule_info['firewall_rule_id']
     insert_before = True
     ref_firewall_rule_id = None
     if not firewall_rule_id:
         raise firewall.FirewallRuleNotFound(firewall_rule_id=None)
     if 'insert_before' in rule_info:
         ref_firewall_rule_id = rule_info['insert_before']
     if not ref_firewall_rule_id and 'insert_after' in rule_info:
         # If insert_before is set, we will ignore insert_after.
         ref_firewall_rule_id = rule_info['insert_after']
         insert_before = False
     with context.session.begin(subtransactions=True):
         fwr_db = self._get_firewall_rule(context, firewall_rule_id)
         fwp_db = self._get_firewall_policy(context, id)
         if fwr_db.firewall_policy_id:
             raise firewall.FirewallRuleInUse(firewall_rule_id=fwr_db['id'])
         self._check_firewall_rule_conflict(fwr_db, fwp_db)
         if ref_firewall_rule_id:
             # If reference_firewall_rule_id is set, the new rule
             # is inserted depending on the value of insert_before.
             # If insert_before is set, the new rule is inserted before
             # reference_firewall_rule_id, and if it is not set the new
             # rule is inserted after reference_firewall_rule_id.
             ref_fwr_db = self._get_firewall_rule(
                 context, ref_firewall_rule_id)
             if ref_fwr_db.firewall_policy_id != id:
                 raise firewall.FirewallRuleNotAssociatedWithPolicy(
                     firewall_rule_id=ref_fwr_db['id'],
                     firewall_policy_id=id)
             if insert_before:
                 position = ref_fwr_db.position
             else:
                 position = ref_fwr_db.position + 1
         else:
             # If reference_firewall_rule_id is not set, it is assumed
             # that the new rule needs to be inserted at the top.
             # insert_before field is ignored.
             # So default insertion is always at the top.
             # Also note that position numbering starts at 1.
             position = 1
         return self._process_rule_for_policy(context, id, fwr_db,
                                              position)
示例#4
0
 def _get_firewall_rule(self, context, id):
     try:
         return self._get_by_id(context, FirewallRule, id)
     except exc.NoResultFound:
         raise firewall.FirewallRuleNotFound(firewall_rule_id=id)