parallelvirtualcluster
/
pvc
1
0
Fork 0
Code Issues 11 Pull Requests Projects Releases 111 Wiki Activity

Make sure ACLs are name-unique in both directions

This commit is contained in:
Joshua Boniface 2019-12-22 22:31:44 -05:00
parent 66078223a4
commit 91cb542e37
1 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
client-common/network.py
View File

@ -391,19 +391,21 @@ def add_acl(zk_conn, network, direction, description, rule, order):
if not net_vni: if not net_vni:
return False, 'ERROR: Could not find network "{}" in the cluster!'.format(network) return False, 'ERROR: Could not find network "{}" in the cluster!'.format(network)
# Check if the ACL matches a description currently in the database
full_acl_list = getNetworkACLs(zk_conn, net_vni, 'both')
for acl in full_acl_list:
if acl['description'] == description:
match_description = acl['description']
if match_description:
return False, 'ERROR: A rule with description "{}" already exists!'.format(description)
# Change direction to something more usable # Change direction to something more usable
if direction: if direction:
if isinstance(direction, bool):
direction = "in" direction = "in"
else:
# Preserve the existing value, which is a text of 'in' or 'out'
pass
else: else:
direction = "out" direction = "out"
if zkhandler.exists(zk_conn, '/networks/{}/firewall_rules/{}/{}'.format(net_vni, direction, description)):
return False, 'ERROR: A rule with description "{}" already exists!'.format(description)
# Handle reordering # Handle reordering
full_acl_list = getNetworkACLs(zk_conn, net_vni, direction) full_acl_list = getNetworkACLs(zk_conn, net_vni, direction)
acl_list_length = len(full_acl_list) acl_list_length = len(full_acl_list)