示例#1
0
 def _check_rules_for_policy_is_valid(self, context, fwp, fwp_db,
                                      rule_id_list, filters):
     rules_in_fwr_db = self._get_collection_query(context,
                                                  FirewallRuleV2,
                                                  filters=filters)
     rules_dict = dict((fwr_db['id'], fwr_db) for fwr_db in rules_in_fwr_db)
     for fwrule_id in rule_id_list:
         if fwrule_id not in rules_dict:
             # Bail as soon as we find an invalid rule.
             raise f_exc.FirewallRuleNotFound(firewall_rule_id=fwrule_id)
         if 'shared' in fwp:
             if fwp['shared'] and not rules_dict[fwrule_id]['shared']:
                 raise f_exc.FirewallRuleSharingConflict(
                     firewall_rule_id=fwrule_id,
                     firewall_policy_id=fwp_db['id'])
         elif fwp_db['shared'] and not rules_dict[fwrule_id]['shared']:
             raise f_exc.FirewallRuleSharingConflict(
                 firewall_rule_id=fwrule_id,
                 firewall_policy_id=fwp_db['id'])
         else:
             # the policy is not shared, the rule and policy should be in
             # the same project if the rule is not shared.
             if not rules_dict[fwrule_id]['shared']:
                 if (rules_dict[fwrule_id]['tenant_id'] !=
                         fwp_db['tenant_id']):
                     raise f_exc.FirewallRuleConflict(
                         firewall_rule_id=fwrule_id,
                         project_id=rules_dict[fwrule_id]['tenant_id'])
示例#2
0
 def _check_firewall_rule_conflict(self, fwr_db, fwp_db):
     if not fwr_db['shared']:
         if fwr_db['tenant_id'] != fwp_db['tenant_id']:
             raise f_exc.FirewallRuleConflict(
                 firewall_rule_id=fwr_db['id'],
                 project_id=fwr_db['tenant_id'])