def validate_security_group_request(context, log_data): """Validate a log request This method validates log request is satisfied or not. A ResourceNotFound will be raised if resource_id in log_data not exists or a TargetResourceNotFound will be raised if target_id in log_data not exists. This method will also raise a LoggingTypeNotSupported, if there is no log_driver supporting for resource_type in log_data. In addition, if log_data specify both resource_id and target_id. A InvalidResourceConstraint will be raised if there is no constraint between resource_id and target_id. """ resource_id = log_data.get('resource_id') target_id = log_data.get('target_id') if resource_id: _check_sg_exists(context, resource_id) if target_id: port = _get_port(context, target_id) if not validators.validate_log_type_for_port(log_const.SECURITY_GROUP, port): raise log_exc.LoggingTypeNotSupported( log_type=log_const.SECURITY_GROUP, port_id=target_id) if resource_id and target_id: _check_port_bound_sg(context, resource_id, target_id)
def _check_fwg_port(context, port_id): # Checking port exists port = ports.Port.get_object(context, id=port_id) if not port: raise log_exc.TargetResourceNotFound(target_id=port_id) device_owner = port.get('device_owner', '') # Checking supported firewall group logging for vm port if device_owner.startswith(nl_const.DEVICE_OWNER_COMPUTE_PREFIX): if not validators.validate_log_type_for_port( log_const.FIREWALL_GROUP, port): raise log_exc.LoggingTypeNotSupported( log_type=log_const.FIREWALL_GROUP, port_id=port_id) # Checking supported firewall group for router interface, DVR interface, # and HA replicated interface elif device_owner not in nl_const.ROUTER_INTERFACE_OWNERS: raise log_exc.LoggingTypeNotSupported( log_type=log_const.FIREWALL_GROUP, port_id=port_id) # Checking port status port_status = port.get('status') if port_status != nl_const.PORT_STATUS_ACTIVE: raise fwg_log_exc.PortIsNotReadyForLogging(target_id=port_id, port_status=port_status) # Checking whether router port or vm port binding with any firewall group fwg_id = fwg_plugin.driver.firewall_db.get_fwg_attached_to_port( context, port_id=port_id) if not fwg_id: raise fwg_log_exc.TargetResourceNotAssociated(target_id=port_id) fwg = fwg_plugin.get_firewall_group(context, id=fwg_id) if fwg['status'] != nl_const.ACTIVE: raise fwg_log_exc.FWGIsNotReadyForLogging(fwg_id=fwg_id, fwg_status=fwg['status'])