Make sure ACLs are name-unique in both directions

2019-12-22 22:31:44 -05:00 · 2019-12-22 22:31:44 -05:00 · 91cb542e37
parent 66078223a4
commit 91cb542e37
1 changed files with 10 additions and 8 deletions
--- a/client-common/network.py
+++ b/client-common/network.py
@ -391,19 +391,21 @@ def add_acl(zk_conn, network, direction, description, rule, order):
    if not net_vni:
        return False, 'ERROR: Could not find network "{}" in the cluster!'.format(network)

+    # Check if the ACL matches a description currently in the database
+    full_acl_list = getNetworkACLs(zk_conn, net_vni, 'both')
+    for acl in full_acl_list:
+        if acl['description'] == description:
+            match_description = acl['description']
+
+    if match_description:
+        return False, 'ERROR: A rule with description "{}" already exists!'.format(description)
+
    # Change direction to something more usable
    if direction:
-        if isinstance(direction, bool):
-            direction = "in"
-        else:
-            # Preserve the existing value, which is a text of 'in' or 'out'
-            pass
+        direction = "in"
    else:
        direction = "out"

-    if zkhandler.exists(zk_conn, '/networks/{}/firewall_rules/{}/{}'.format(net_vni, direction, description)):
-        return False, 'ERROR: A rule with description "{}" already exists!'.format(description)
-
    # Handle reordering
    full_acl_list = getNetworkACLs(zk_conn, net_vni, direction)
    acl_list_length = len(full_acl_list)