Merge "Proper validation for inserting firewall rule"
This commit is contained in:
Jenkins
Gerrit Code Review
commit
9523391fbb
@ -452,6 +452,10 @@ class Firewall_db_mixin(firewall.FirewallPluginBase, base_db.CommonDbMixin):
|
||||
# rule is inserted after reference_firewall_rule_id.
|
||||
ref_fwr_db = self._get_firewall_rule(
|
||||
context, ref_firewall_rule_id)
|
||||
if ref_fwr_db.firewall_policy_id != id:
|
||||
raise firewall.FirewallRuleNotAssociatedWithPolicy(
|
||||
firewall_rule_id=ref_fwr_db['id'],
|
||||
firewall_policy_id=id)
|
||||
if insert_before:
|
||||
position = ref_fwr_db.position
|
||||
else:
|
||||
|
||||
@ -927,6 +927,31 @@ class TestFirewallDBPlugin(FirewallPluginDbTestCase):
|
||||
expected_code=webob.exc.HTTPConflict.code,
|
||||
expected_body=None, body_data=insert_data)
|
||||
|
||||
def test_insert_rule_for_prev_associated_ref_rule(self):
|
||||
with contextlib.nested(self.firewall_rule(name='fwr0'),
|
||||
self.firewall_rule(name='fwr1')) as fwr:
|
||||
fwr0_id = fwr[0]['firewall_rule']['id']
|
||||
fwr1_id = fwr[1]['firewall_rule']['id']
|
||||
with contextlib.nested(
|
||||
self.firewall_policy(name='fwp0'),
|
||||
self.firewall_policy(name='fwp1',
|
||||
firewall_rules=[fwr1_id])) as fwp:
|
||||
fwp0_id = fwp[0]['firewall_policy']['id']
|
||||
#test inserting before a rule which is associated
|
||||
#with different policy
|
||||
self._rule_action(
|
||||
'insert', fwp0_id, fwr0_id,
|
||||
insert_before=fwr1_id,
|
||||
expected_code=webob.exc.HTTPBadRequest.code,
|
||||
expected_body=None)
|
||||
#test inserting after a rule which is associated
|
||||
#with different policy
|
||||
self._rule_action(
|
||||
'insert', fwp0_id, fwr0_id,
|
||||
insert_after=fwr1_id,
|
||||
expected_code=webob.exc.HTTPBadRequest.code,
|
||||
expected_body=None)
|
||||
|
||||
def test_insert_rule_in_policy(self):
|
||||
attrs = self._get_test_firewall_policy_attrs()
|
||||
attrs['audited'] = False
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user