Proper validation for inserting firewall rule

Say rule r2 is associated with policy p2. If user tries to insert rule r1
into a policy p1 before/after r2, error should be thrown saying that rule
r2 is not associated with policy p1.

Change-Id: Ifa415acc9533b7a323f966ee42d476460e68c9d3
Closes-bug: 1330898
This commit is contained in:
Koteswara Rao Kelam 2014-06-17 07:03:10 -07:00 committed by Koteswara Rao Kelam
parent 305dadf75e
commit 738a8531b9
2 changed files with 29 additions and 0 deletions

View File

@ -452,6 +452,10 @@ class Firewall_db_mixin(firewall.FirewallPluginBase, base_db.CommonDbMixin):
# rule is inserted after reference_firewall_rule_id.
ref_fwr_db = self._get_firewall_rule(
context, ref_firewall_rule_id)
if ref_fwr_db.firewall_policy_id != id:
raise firewall.FirewallRuleNotAssociatedWithPolicy(
firewall_rule_id=ref_fwr_db['id'],
firewall_policy_id=id)
if insert_before:
position = ref_fwr_db.position
else:

View File

@ -929,6 +929,31 @@ class TestFirewallDBPlugin(FirewallPluginDbTestCase):
expected_code=webob.exc.HTTPConflict.code,
expected_body=None, body_data=insert_data)
def test_insert_rule_for_prev_associated_ref_rule(self):
with contextlib.nested(self.firewall_rule(name='fwr0'),
self.firewall_rule(name='fwr1')) as fwr:
fwr0_id = fwr[0]['firewall_rule']['id']
fwr1_id = fwr[1]['firewall_rule']['id']
with contextlib.nested(
self.firewall_policy(name='fwp0'),
self.firewall_policy(name='fwp1',
firewall_rules=[fwr1_id])) as fwp:
fwp0_id = fwp[0]['firewall_policy']['id']
#test inserting before a rule which is associated
#with different policy
self._rule_action(
'insert', fwp0_id, fwr0_id,
insert_before=fwr1_id,
expected_code=webob.exc.HTTPBadRequest.code,
expected_body=None)
#test inserting after a rule which is associated
#with different policy
self._rule_action(
'insert', fwp0_id, fwr0_id,
insert_after=fwr1_id,
expected_code=webob.exc.HTTPBadRequest.code,
expected_body=None)
def test_insert_rule_in_policy(self):
attrs = self._get_test_firewall_policy_attrs()
attrs['audited'] = False