From 9844e5e09cd10c45e7ec391a2f5af8b9fae1dd96 Mon Sep 17 00:00:00 2001 From: Yushiro FURUKAWA Date: Thu, 21 Feb 2019 20:01:56 +0900 Subject: [PATCH] Fix firewall rule 'shared' check in updating fwp This commit fixes 'shared' validation for existing firewall rules in updating firewall policy with 'non-shared' to 'shared'. Change-Id: I172632679f59e2aff79624753e1ef01f7ba1fdab Closes-Bug: #1816740 --- .../db/firewall/v2/firewall_db_v2.py | 2 +- .../db/firewall/v2/test_firewall_db_v2.py | 22 ++++++++++++++----- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/neutron_fwaas/db/firewall/v2/firewall_db_v2.py b/neutron_fwaas/db/firewall/v2/firewall_db_v2.py index f2e28df22..ee8f8173c 100644 --- a/neutron_fwaas/db/firewall/v2/firewall_db_v2.py +++ b/neutron_fwaas/db/firewall/v2/firewall_db_v2.py @@ -647,7 +647,7 @@ class FirewallPluginDb(common_db_mixin.CommonDbMixin): for entry in rules_in_db: fwr_db = self._get_firewall_rule(context, entry.firewall_rule_id) - if not fwp_db['shared']: + if not fwr_db['shared']: raise f_exc.FirewallPolicySharingConflict( firewall_rule_id=fwr_db['id'], firewall_policy_id=fwp_db['id']) diff --git a/neutron_fwaas/tests/unit/db/firewall/v2/test_firewall_db_v2.py b/neutron_fwaas/tests/unit/db/firewall/v2/test_firewall_db_v2.py index ad4402af2..fea07d08d 100644 --- a/neutron_fwaas/tests/unit/db/firewall/v2/test_firewall_db_v2.py +++ b/neutron_fwaas/tests/unit/db/firewall/v2/test_firewall_db_v2.py @@ -282,18 +282,30 @@ class TestFirewallDBPluginV2(test_fwaas_plugin_v2.FirewallPluginV2TestCase): res = req.get_response(self.ext_api) self.assertEqual(webob.exc.HTTPNotFound.code, res.status_int) - def test_update_firewall_policy_with_shared_attr_exist_unshare_rule(self): - with self.firewall_rule(name='fwr1', shared=False) as fr: - fw_rule_ids = [fr['firewall_rule']['id']] + def test_update_firewall_policy_with_shared_attr_exist_unshared_rule(self): + with self.firewall_rule(name='fwr1', shared=False) as fwr: + fwr_ids = [fwr['firewall_rule']['id']] with self.firewall_policy(shared=False, - firewall_rules=fw_rule_ids) as fwp: - # update policy with shared attr + firewall_rules=fwr_ids) as fwp: + # Update policy with shared attr data = {'firewall_policy': {'shared': self.SHARED}} req = self.new_update_request('firewall_policies', data, fwp['firewall_policy']['id']) res = req.get_response(self.ext_api) self.assertEqual(webob.exc.HTTPConflict.code, res.status_int) + def test_update_firewall_policy_with_shared_and_shared_rules(self): + with self.firewall_rule(name='fwr1', shared=self.SHARED) as fwr: + fwr_ids = [fwr['firewall_rule']['id']] + with self.firewall_policy(shared=False, + firewall_rules=fwr_ids) as fwp: + # Update policy with shared attr + data = {'firewall_policy': {'shared': self.SHARED}} + req = self.new_update_request('firewall_policies', data, + fwp['firewall_policy']['id']) + res = req.get_response(self.ext_api) + self.assertEqual(webob.exc.HTTPOk.code, res.status_int) + def test_update_firewall_policy_assoc_with_other_tenant_firewall(self): with self.firewall_policy(shared=self.SHARED, tenant_id='tenant1') as fwp: