def delete_firewall_policy(self, context, id):
with context.session.begin(subtransactions=True):
fwp_db = self._get_firewall_policy(context, id)
# check if policy in use
qry = context.session.query(FirewallGroup)
if qry.filter_by(ingress_firewall_policy_id=id).first():
raise f_exc.FirewallPolicyInUse(firewall_policy_id=id)
elif qry.filter_by(egress_firewall_policy_id=id).first():
raise f_exc.FirewallPolicyInUse(firewall_policy_id=id)
else:
fwp_db = self._delete_all_rules_from_policy(context, fwp_db)
context.session.delete(fwp_db)
def delete_firewall_policy(self, context, id):
LOG.debug("delete_firewall_policy() called")
with context.session.begin(subtransactions=True):
fwp_db = self._get_firewall_policy(context, id)
# check if policy in use
qry = context.session.query(FirewallGroup)
if qry.filter_by(ingress_firewall_policy_id=id).first():
raise f_exc.FirewallPolicyInUse(firewall_policy_id=id)
elif qry.filter_by(egress_firewall_policy_id=id).first():
raise f_exc.FirewallPolicyInUse(firewall_policy_id=id)
else:
# Policy is not being used, delete.
self._delete_rules_in_policy(context, id)
context.session.delete(fwp_db)
def _check_fwgs_associated_with_policy_in_same_project(
self, context, fwp_id, fwp_tenant_id):
with context.session.begin(subtransactions=True):
fwg_with_fwp_id_db = context.session.query(FirewallGroup).filter(
or_(FirewallGroup.ingress_firewall_policy_id == fwp_id,
FirewallGroup.egress_firewall_policy_id == fwp_id))
for entry in fwg_with_fwp_id_db:
if entry.tenant_id != fwp_tenant_id:
raise f_exc.FirewallPolicyInUse(firewall_policy_id=fwp_id)
def _check_fwgs_associated_with_policy_in_same_project(
self, context, fwp_id, fwp_tenant_id):
filters = {
'ingress_firewall_rule_id': [fwp_id],
'ingress_firewall_rule_id': [fwp_id]
}
with context.session.begin(subtransactions=True):
fwg_with_fwp_id_db = self._get_collection_query(context,
FirewallGroup,
filters=filters)
for entry in fwg_with_fwp_id_db:
if entry.tenant_id != fwp_tenant_id:
raise f_exc.FirewallPolicyInUse(firewall_policy_id=fwp_id)
