Merge "FWaaS - fix policy association of firewall rule"

2013-09-16 18:14:06 +00:00 · 2013-09-16 18:14:06 +00:00 · 2eb1d7e8fe
commit 2eb1d7e8fe
parent 76bc2cac37 dded354a5f
2 changed files with 27 additions and 0 deletions
--- a/neutron/db/firewall/firewall_db.py
+++ b/neutron/db/firewall/firewall_db.py
@ -183,6 +183,9 @@ class Firewall_db_mixin(firewall.FirewallPluginBase, base_db.CommonDbMixin):
                    # the integrity of this list.
                    raise firewall.FirewallRuleNotFound(firewall_rule_id=
                                                        fwrule_id)
+                elif rules_dict[fwrule_id]['firewall_policy_id']:
+                    raise firewall.FirewallRuleInUse(
+                        firewall_rule_id=fwrule_id)
            # New list of rules is valid so we will first reset the existing
            # list and then add each rule in order.
            # Note that the list could be empty in which case we interpret
--- a/neutron/tests/unit/db/firewall/test_db_firewall.py
+++ b/neutron/tests/unit/db/firewall/test_db_firewall.py
@ -316,6 +316,16 @@ class TestFirewallDBPlugin(FirewallPluginDbTestCase):
                for k, v in attrs.iteritems():
                    self.assertEqual(fwp['firewall_policy'][k], v)

+    def test_create_firewall_policy_with_previously_associated_rule(self):
+        with self.firewall_rule() as fwr:
+            fw_rule_ids = [fwr['firewall_rule']['id']]
+            with self.firewall_policy(firewall_rules=fw_rule_ids):
+                res = self._create_firewall_policy(
+                    None, 'firewall_policy2', description=DESCRIPTION,
+                    shared=SHARED, firewall_rules=fw_rule_ids,
+                    audited=AUDITED)
+                self.assertEqual(res.status_int, 409)
+
    def test_show_firewall_policy(self):
        name = "firewall_policy1"
        attrs = self._get_test_firewall_policy_attrs(name)
@ -815,6 +825,20 @@ class TestFirewallDBPlugin(FirewallPluginDbTestCase):
                                  expected_code=webob.exc.HTTPBadRequest.code,
                                  expected_body=None)

+    def test_insert_rule_for_previously_associated_rule(self):
+        with self.firewall_rule() as fwr:
+            fwr_id = fwr['firewall_rule']['id']
+            fw_rule_ids = [fwr_id]
+            with self.firewall_policy(firewall_rules=fw_rule_ids):
+                with self.firewall_policy(name='firewall_policy2') as fwp:
+                    fwp_id = fwp['firewall_policy']['id']
+                    insert_data = {'firewall_rule_id': fwr_id}
+                    self._rule_action(
+                        'insert', fwp_id, fwr_id, insert_before=None,
+                        insert_after=None,
+                        expected_code=webob.exc.HTTPConflict.code,
+                        expected_body=None, body_data=insert_data)
+
    def test_insert_rule_in_policy(self):
        attrs = self._get_test_firewall_policy_attrs()
        attrs['audited'] = False