Fix firewall rule 'shared' check in updating fwp

This commit fixes 'shared' validation for existing firewall rules in updating firewall policy with 'non-shared' to 'shared'. Change-Id: I172632679f59e2aff79624753e1ef01f7ba1fdab Closes-Bug: #1816740
2019-02-21 20:01:56 +09:00 · 2019-02-21 20:01:56 +09:00 · 9844e5e09c
parent cc3bf9f4c1
commit 9844e5e09c
2 changed files with 18 additions and 6 deletions
--- a/neutron_fwaas/db/firewall/v2/firewall_db_v2.py
+++ b/neutron_fwaas/db/firewall/v2/firewall_db_v2.py
@ -647,7 +647,7 @@ class FirewallPluginDb(common_db_mixin.CommonDbMixin):
            for entry in rules_in_db:
                fwr_db = self._get_firewall_rule(context,
                                                 entry.firewall_rule_id)
-                if not fwp_db['shared']:
+                if not fwr_db['shared']:
                    raise f_exc.FirewallPolicySharingConflict(
                        firewall_rule_id=fwr_db['id'],
                        firewall_policy_id=fwp_db['id'])
--- a/neutron_fwaas/tests/unit/db/firewall/v2/test_firewall_db_v2.py
+++ b/neutron_fwaas/tests/unit/db/firewall/v2/test_firewall_db_v2.py
@ -282,18 +282,30 @@ class TestFirewallDBPluginV2(test_fwaas_plugin_v2.FirewallPluginV2TestCase):
                res = req.get_response(self.ext_api)
                self.assertEqual(webob.exc.HTTPNotFound.code, res.status_int)

-    def test_update_firewall_policy_with_shared_attr_exist_unshare_rule(self):
-        with self.firewall_rule(name='fwr1', shared=False) as fr:
-            fw_rule_ids = [fr['firewall_rule']['id']]
+    def test_update_firewall_policy_with_shared_attr_exist_unshared_rule(self):
+        with self.firewall_rule(name='fwr1', shared=False) as fwr:
+            fwr_ids = [fwr['firewall_rule']['id']]
            with self.firewall_policy(shared=False,
-                                      firewall_rules=fw_rule_ids) as fwp:
-                # update policy with shared attr
+                                      firewall_rules=fwr_ids) as fwp:
+                # Update policy with shared attr
                data = {'firewall_policy': {'shared': self.SHARED}}
                req = self.new_update_request('firewall_policies', data,
                                              fwp['firewall_policy']['id'])
                res = req.get_response(self.ext_api)
                self.assertEqual(webob.exc.HTTPConflict.code, res.status_int)

+    def test_update_firewall_policy_with_shared_and_shared_rules(self):
+        with self.firewall_rule(name='fwr1', shared=self.SHARED) as fwr:
+            fwr_ids = [fwr['firewall_rule']['id']]
+            with self.firewall_policy(shared=False,
+                                      firewall_rules=fwr_ids) as fwp:
+                # Update policy with shared attr
+                data = {'firewall_policy': {'shared': self.SHARED}}
+                req = self.new_update_request('firewall_policies', data,
+                                              fwp['firewall_policy']['id'])
+                res = req.get_response(self.ext_api)
+                self.assertEqual(webob.exc.HTTPOk.code, res.status_int)
+
    def test_update_firewall_policy_assoc_with_other_tenant_firewall(self):
        with self.firewall_policy(shared=self.SHARED,
                                  tenant_id='tenant1') as fwp: