def delete_firewall_policy(self, context, id): with context.session.begin(subtransactions=True): fwp_db = self._get_firewall_policy(context, id) # check if policy in use qry = context.session.query(FirewallGroup) if qry.filter_by(ingress_firewall_policy_id=id).first(): raise f_exc.FirewallPolicyInUse(firewall_policy_id=id) elif qry.filter_by(egress_firewall_policy_id=id).first(): raise f_exc.FirewallPolicyInUse(firewall_policy_id=id) else: fwp_db = self._delete_all_rules_from_policy(context, fwp_db) context.session.delete(fwp_db)
def delete_firewall_policy(self, context, id): LOG.debug("delete_firewall_policy() called") with context.session.begin(subtransactions=True): fwp_db = self._get_firewall_policy(context, id) # check if policy in use qry = context.session.query(FirewallGroup) if qry.filter_by(ingress_firewall_policy_id=id).first(): raise f_exc.FirewallPolicyInUse(firewall_policy_id=id) elif qry.filter_by(egress_firewall_policy_id=id).first(): raise f_exc.FirewallPolicyInUse(firewall_policy_id=id) else: # Policy is not being used, delete. self._delete_rules_in_policy(context, id) context.session.delete(fwp_db)
def _check_fwgs_associated_with_policy_in_same_project( self, context, fwp_id, fwp_tenant_id): with context.session.begin(subtransactions=True): fwg_with_fwp_id_db = context.session.query(FirewallGroup).filter( or_(FirewallGroup.ingress_firewall_policy_id == fwp_id, FirewallGroup.egress_firewall_policy_id == fwp_id)) for entry in fwg_with_fwp_id_db: if entry.tenant_id != fwp_tenant_id: raise f_exc.FirewallPolicyInUse(firewall_policy_id=fwp_id)
def _check_fwgs_associated_with_policy_in_same_project( self, context, fwp_id, fwp_tenant_id): filters = { 'ingress_firewall_rule_id': [fwp_id], 'ingress_firewall_rule_id': [fwp_id] } with context.session.begin(subtransactions=True): fwg_with_fwp_id_db = self._get_collection_query(context, FirewallGroup, filters=filters) for entry in fwg_with_fwp_id_db: if entry.tenant_id != fwp_tenant_id: raise f_exc.FirewallPolicyInUse(firewall_policy_id=fwp_id)