From df21f67a978cbfc295c2aeed551693426b0ef16a Mon Sep 17 00:00:00 2001
From: Adit Sarfaty <asarfaty@vmware.com>
Date: Mon, 22 Oct 2018 15:46:09 +0300
Subject: [PATCH] NSX|P: Fix security group rule validation

Duplicate rule validation failed since _check_local_ip_prefix should
be called before adding the rules to the DB

Change-Id: I931ad9e42ff76dd5fd7582ddad0ffbb3f4e8fc45
---
 vmware_nsx/plugins/nsx_p/plugin.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/vmware_nsx/plugins/nsx_p/plugin.py b/vmware_nsx/plugins/nsx_p/plugin.py
index 55ba203364..9bbd606ef2 100644
--- a/vmware_nsx/plugins/nsx_p/plugin.py
+++ b/vmware_nsx/plugins/nsx_p/plugin.py
@@ -1142,6 +1142,9 @@ class NsxPolicyPlugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
 
     def create_security_group_rule_bulk(self, context, security_group_rules):
         sg_rules = security_group_rules['security_group_rules']
+        for r in sg_rules:
+            self._check_local_ip_prefix(context, r['security_group_rule'])
+
         # Tenant & security group are the same for all rules in the bulk
         example_rule = sg_rules[0]['security_group_rule']
         sg_id = example_rule['security_group_id']
@@ -1160,7 +1163,6 @@ class NsxPolicyPlugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
         for sg_rule in sg_rules:
             # create the NSX rule
             rule_data = sg_rule['security_group_rule']
-            self._check_local_ip_prefix(context, rule_data)
             rule_data['id'] = rule_data.get('id') or uuidutils.generate_uuid()
             self._create_security_group_backend_rule(
                 domain_id, sg_id, rule_data, secgroup_logging)