x
/
vmware-nsx
Code Issues Proposed changes

Merge "NSX-V| prevent rules creation for SG with policies"

This commit is contained in:
Jenkins 2017-01-15 16:32:51 +00:00 committed by Gerrit Code Review
parent 55168e957e 5efdfab892
commit e5c9fab873
1 changed files with 6 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
vmware_nsx/plugins/nsx_v/plugin.py
View File

@ -3554,13 +3554,6 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
sg_rules = security_group_rules['security_group_rules']
sg_id = sg_rules[0]['security_group_rule']['security_group_id']
if (self._use_nsx_policies and
self._is_policy_security_group(context, sg_id)):
# If policies are enabled - creating rules is forbidden
msg = (_('Cannot create rules for security group %s with'
' a policy') % sg_id)
raise n_exc.InvalidInput(error_message=msg)
self._prevent_non_admin_delete_provider_sg(context, sg_id)
ruleids = set()
@ -3568,6 +3561,12 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
self._validate_security_group_rules(context, security_group_rules)
if self._is_policy_security_group(context, sg_id):
# If policies are/were enabled - creating rules is forbidden
msg = (_('Cannot create rules for security group %s with'
' a policy') % sg_id)
raise n_exc.InvalidInput(error_message=msg)
# Querying DB for associated dfw section id
section_uri = self._get_section_uri(context.session, sg_id)
logging = self._is_security_group_logged(context, sg_id)