From 91cb542e376dcda06d768ab8eff35ccff5882191 Mon Sep 17 00:00:00 2001 From: "Joshua M. Boniface" Date: Sun, 22 Dec 2019 22:31:44 -0500 Subject: [PATCH] Make sure ACLs are name-unique in both directions --- client-common/network.py | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/client-common/network.py b/client-common/network.py index 27088789..d4cad1c0 100644 --- a/client-common/network.py +++ b/client-common/network.py @@ -391,19 +391,21 @@ def add_acl(zk_conn, network, direction, description, rule, order): if not net_vni: return False, 'ERROR: Could not find network "{}" in the cluster!'.format(network) + # Check if the ACL matches a description currently in the database + full_acl_list = getNetworkACLs(zk_conn, net_vni, 'both') + for acl in full_acl_list: + if acl['description'] == description: + match_description = acl['description'] + + if match_description: + return False, 'ERROR: A rule with description "{}" already exists!'.format(description) + # Change direction to something more usable if direction: - if isinstance(direction, bool): - direction = "in" - else: - # Preserve the existing value, which is a text of 'in' or 'out' - pass + direction = "in" else: direction = "out" - if zkhandler.exists(zk_conn, '/networks/{}/firewall_rules/{}/{}'.format(net_vni, direction, description)): - return False, 'ERROR: A rule with description "{}" already exists!'.format(description) - # Handle reordering full_acl_list = getNetworkACLs(zk_conn, net_vni, direction) acl_list_length = len(full_acl_list)