def delete_firewall_policy(self, context, id): LOG.debug("delete_firewall_policy() called") with context.session.begin(subtransactions=True): fwp = self._get_firewall_policy(context, id) # Ensure that the firewall_policy is not # being used qry = context.session.query(Firewall) if qry.filter_by(firewall_policy_id=id).first(): raise fw_ext.FirewallPolicyInUse(firewall_policy_id=id) else: context.session.delete(fwp)
def update_firewall_policy(self, context, id, firewall_policy): LOG.debug("update_firewall_policy() called") fwp = firewall_policy['firewall_policy'] with context.session.begin(subtransactions=True): fwp_db = self._get_firewall_policy(context, id) # check tenant ids are same for fw and fwp or not if not fwp.get('shared', True) and fwp_db.firewalls: for fw in fwp_db['firewalls']: if fwp_db['tenant_id'] != fw['tenant_id']: raise fw_ext.FirewallPolicyInUse(firewall_policy_id=id) # check any existing rules are not shared if 'shared' in fwp and 'firewall_rules' not in fwp: self._check_unshared_rules_for_policy(fwp_db, fwp) elif 'firewall_rules' in fwp: self._set_rules_for_policy(context, fwp_db, fwp) del fwp['firewall_rules'] if 'audited' not in fwp: fwp['audited'] = False fwp_db.update(fwp) return self._make_firewall_policy_dict(fwp_db)