def _validate_fwg_parameters(self, context, fwg, fwg_tenant_id):
# On updates, all keys will not be present so check and validate.
if 'ingress_firewall_policy_id' in fwg:
fwp_id = fwg['ingress_firewall_policy_id']
if fwp_id is not None:
fwp = self._get_firewall_policy(context, fwp_id)
if fwg_tenant_id != fwp['tenant_id'] and not fwp['shared']:
raise f_exc.FirewallPolicyConflict(
firewall_policy_id=fwp_id)
if 'egress_firewall_policy_id' in fwg:
fwp_id = fwg['egress_firewall_policy_id']
if fwp_id is not None:
fwp = self._get_firewall_policy(context, fwp_id)
if fwg_tenant_id != fwp['tenant_id'] and not fwp['shared']:
raise f_exc.FirewallPolicyConflict(
firewall_policy_id=fwp_id)
return
def _validate_firewall_policies_for_firewall_group(self, context, fwg):
"""Validate firewall group and policy owner
Check if the firewall policy is not shared, it have the same project
owner than the friewall group.
:param context: neutron context
:param fwg: firewall group to validate
"""
for policy_type in ['ingress_firewall_policy_id',
'egress_firewall_policy_id']:
if fwg.get(policy_type):
fwp = self.get_firewall_policy(context, fwg[policy_type])
if fwg['tenant_id'] != fwp['tenant_id'] and not fwp['shared']:
raise f_exc.FirewallPolicyConflict(
firewall_policy_id=fwg[policy_type])