FWaaS plugin doesn't need to handle firewall rule del ops
If firewall rule is attached to firewall policy, it would raise FirewallRuleInUse excpetion in DB ops, else it is a pure DB delete ops. So it is useless to handle delete_firewall_rule ops in fwaas plugin. Closes-Bug: #1322076 Change-Id: I55a000d206f232c79b41230f526007f684db8f4f
This commit is contained in:
berlin
@@ -214,8 +214,7 @@ class FirewallPlugin(firewall_db.Firewall_db_mixin):
|
|||||||
for firewall_id in firewall_policy['firewall_list']:
|
for firewall_id in firewall_policy['firewall_list']:
|
||||||
self._ensure_update_firewall(context, firewall_id)
|
self._ensure_update_firewall(context, firewall_id)
|
||||||
|
|
||||||
def _ensure_update_or_delete_firewall_rule(self, context,
|
def _ensure_update_firewall_rule(self, context, firewall_rule_id):
|
||||||
firewall_rule_id):
|
|
||||||
fw_rule = self.get_firewall_rule(context, firewall_rule_id)
|
fw_rule = self.get_firewall_rule(context, firewall_rule_id)
|
||||||
if 'firewall_policy_id' in fw_rule and fw_rule['firewall_policy_id']:
|
if 'firewall_policy_id' in fw_rule and fw_rule['firewall_policy_id']:
|
||||||
self._ensure_update_firewall_policy(context,
|
self._ensure_update_firewall_policy(context,
|
||||||
@@ -270,7 +269,7 @@ class FirewallPlugin(firewall_db.Firewall_db_mixin):
|
|||||||
|
|
||||||
def update_firewall_rule(self, context, id, firewall_rule):
|
def update_firewall_rule(self, context, id, firewall_rule):
|
||||||
LOG.debug(_("update_firewall_rule() called"))
|
LOG.debug(_("update_firewall_rule() called"))
|
||||||
self._ensure_update_or_delete_firewall_rule(context, id)
|
self._ensure_update_firewall_rule(context, id)
|
||||||
fwr = super(FirewallPlugin,
|
fwr = super(FirewallPlugin,
|
||||||
self).update_firewall_rule(context, id, firewall_rule)
|
self).update_firewall_rule(context, id, firewall_rule)
|
||||||
firewall_policy_id = fwr['firewall_policy_id']
|
firewall_policy_id = fwr['firewall_policy_id']
|
||||||
@@ -278,25 +277,6 @@ class FirewallPlugin(firewall_db.Firewall_db_mixin):
|
|||||||
self._rpc_update_firewall_policy(context, firewall_policy_id)
|
self._rpc_update_firewall_policy(context, firewall_policy_id)
|
||||||
return fwr
|
return fwr
|
||||||
|
|
||||||
def delete_firewall_rule(self, context, id):
|
|
||||||
LOG.debug(_("delete_firewall_rule() called"))
|
|
||||||
self._ensure_update_or_delete_firewall_rule(context, id)
|
|
||||||
fwr = self.get_firewall_rule(context, id)
|
|
||||||
firewall_policy_id = fwr['firewall_policy_id']
|
|
||||||
super(FirewallPlugin, self).delete_firewall_rule(context, id)
|
|
||||||
# At this point we have already deleted the rule in the DB,
|
|
||||||
# however it's still not deleted on the backend firewall.
|
|
||||||
# Until it gets deleted on the backend we will be setting
|
|
||||||
# the firewall in PENDING_UPDATE state. The backend firewall
|
|
||||||
# implementation is responsible for setting the appropriate
|
|
||||||
# configuration (e.g. do not allow any traffic) until the rule
|
|
||||||
# is deleted. Once the rule is deleted, the backend should put
|
|
||||||
# the firewall back in ACTIVE state. While the firewall is in
|
|
||||||
# PENDING_UPDATE state, the firewall behavior might differ based
|
|
||||||
# on the backend implementation.
|
|
||||||
if firewall_policy_id:
|
|
||||||
self._rpc_update_firewall_policy(context, firewall_policy_id)
|
|
||||||
|
|
||||||
def insert_rule(self, context, id, rule_info):
|
def insert_rule(self, context, id, rule_info):
|
||||||
LOG.debug(_("insert_rule() called"))
|
LOG.debug(_("insert_rule() called"))
|
||||||
self._ensure_update_firewall_policy(context, id)
|
self._ensure_update_firewall_policy(context, id)
|
||||||
|
|||||||
Reference in New Issue
Block a user