Admin util: fix spoofguard issues

The patch does the following:
1. Fixes output when there are mismatches

2. Enables a 'clean' option
nsxadmin -r spoofguard-policy -o clean --property policy-id=spoofguardpolicy-10

3. Enables a option to determine if there are additional entries on
   the NSXv and not in Neutron
nsxadmin -r spoofguard-policy -o list --property reverse

Change-Id: Icfcd83734fbb68e60acb3dbf48ef5530ff565307

vmware_nsx/shell/admin/plugins/nsxv/resources/spoofguard_policy.py

@@ -24,11 +24,13 @@ import vmware_nsx.shell.admin.plugins.nsxv.resources.utils as utils
 import vmware_nsx.shell.nsxadmin as shell
 
 from neutron.callbacks import registry
+from neutron.common import exceptions
 
-from vmware_nsx._i18n import _LI
+from vmware_nsx._i18n import _LE, _LI
 from vmware_nsx.db import nsxv_db
 
 LOG = logging.getLogger(__name__)
+nsxv = utils.get_nsxv_client()
 
 
 def get_spoofguard_policies():
@@ -58,7 +60,7 @@ def neutron_list_spoofguard_policy_mappings(resource, event, trigger,
                                          ['network_id', 'policy_id']))
 
 
-def get_missing_spoofguard_policy_mappings():
+def get_missing_spoofguard_policy_mappings(reverse=None):
     nsxv_spoofguard_policies = set()
     for spg in get_spoofguard_policies():
         nsxv_spoofguard_policies.add(spg.get('policyId'))
@@ -67,7 +69,10 @@ def get_missing_spoofguard_policy_mappings():
     for binding in get_spoofguard_policy_network_mappings():
         neutron_spoofguard_policy_mappings.add(binding.policy_id)
 
-    return neutron_spoofguard_policy_mappings - nsxv_spoofguard_policies
+    if reverse:
+        return nsxv_spoofguard_policies - neutron_spoofguard_policy_mappings
+    else:
+        return neutron_spoofguard_policy_mappings - nsxv_spoofguard_policies
 
 
 @admin_utils.output_header
@@ -78,16 +83,55 @@ def nsx_list_missing_spoofguard_policies(resource, event, trigger,
     Spoofguard policies that have a binding in Neutron Db but there is
     no policy on NSXv backend to back it.
     """
-    LOG.info(_LI("Spoofguard policies in Neutron Db but not present on NSXv"))
-    missing_policies = get_missing_spoofguard_policy_mappings()
+    props = kwargs.get('property')
+    reverse = True if props and props[0] == 'reverse' else False
+    if reverse:
+        LOG.info(_LI("Spoofguard policies on NSXv but not present in "
+                     "Neutron Db"))
+    else:
+        LOG.info(_LI("Spoofguard policies in Neutron Db but not present "
+                     "on NSXv"))
+    missing_policies = get_missing_spoofguard_policy_mappings(reverse)
     if not missing_policies:
         LOG.info(_LI("\nNo missing spoofguard policies found."
                      "\nNeutron DB and NSXv backend are in sync\n"))
     else:
+        LOG.info(missing_policies)
+        missing_policies = [{'policy_id': pid} for pid in missing_policies]
         LOG.info(formatters.output_formatter(
             constants.SPOOFGUARD_POLICY, missing_policies, ['policy_id']))
 
 
+def nsx_clean_spoofguard_policy(resource, event, trigger, **kwargs):
+    """Delete spoofguard policy"""
+    errmsg = ("Need to specify policy-id. Add --property "
+              "policy-id=<policy-id>")
+    if not kwargs.get('property'):
+        LOG.error(_LE("%s"), errmsg)
+        return
+    properties = admin_utils.parse_multi_keyval_opt(kwargs['property'])
+    policy_id = properties.get('policy-id')
+    if not policy_id:
+        LOG.error(_LE("%s"), errmsg)
+        return
+    try:
+        nsxv.get_spoofguard_policy(policy_id)
+    except exceptions.NeutronException as e:
+        LOG.error(_LE("%s"), str(e))
+    else:
+        confirm = admin_utils.query_yes_no(
+            "Do you want to delete spoofguard-policy: %s" % policy_id,
+            default="no")
+        if not confirm:
+            LOG.info(_LI("spoofguard-policy deletion aborted by user"))
+            return
+        try:
+            nsxv.delete_spoofguard_policy(policy_id)
+        except Exception as e:
+            LOG.error(_LE("%s"), str(e))
+        LOG.info(_LI('spoofguard-policy successfully deleted.'))
+
+
 registry.subscribe(neutron_list_spoofguard_policy_mappings,
                    constants.SPOOFGUARD_POLICY,
                    shell.Operations.LIST.value)
@@ -97,3 +141,6 @@ registry.subscribe(nsx_list_spoofguard_policies,
 registry.subscribe(nsx_list_missing_spoofguard_policies,
                    constants.SPOOFGUARD_POLICY,
                    shell.Operations.LIST.value)
+registry.subscribe(nsx_clean_spoofguard_policy,
+                   constants.SPOOFGUARD_POLICY,
+                   shell.Operations.CLEAN.value)

vmware_nsx/shell/nsxadmin.py

@@ -93,7 +93,8 @@ nsxv_resources = {
                                        [Operations.LIST.value,
                                         Operations.CLEAN.value]),
     constants.SPOOFGUARD_POLICY: Resource(constants.SPOOFGUARD_POLICY,
-                                          [Operations.LIST.value]),
+                                          [Operations.LIST.value,
+                                           Operations.CLEAN.value]),
     constants.DHCP_BINDING: Resource(constants.DHCP_BINDING,
                                      [Operations.LIST.value,
                                       Operations.NSX_UPDATE.value]),