From 0977b90e1d0135da7f3bcd6284a7c4de58bb9c79 Mon Sep 17 00:00:00 2001 From: Roey Chen Date: Wed, 9 Mar 2016 01:57:59 -0800 Subject: [PATCH] NSXv3: Update existing default firewall section on init When Neutron service starts, we want to make sure that the default firewall section is applied to the right nested-groups, in case that new groups were created at initialization and the default section exists, we'll have to update the list of nested-group which the section is applied to. Change-Id: I9d67b3385d691680e170c9a12b180c537404dfc7 --- vmware_nsx/nsxlib/v3/dfw_api.py | 3 ++- vmware_nsx/nsxlib/v3/security.py | 5 ++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/vmware_nsx/nsxlib/v3/dfw_api.py b/vmware_nsx/nsxlib/v3/dfw_api.py index 7e3a07cfb4..e8eb1d3f32 100644 --- a/vmware_nsx/nsxlib/v3/dfw_api.py +++ b/vmware_nsx/nsxlib/v3/dfw_api.py @@ -186,7 +186,8 @@ def update_section(section_id, display_name, description, applied_tos=None): section.update({'display_name': display_name, 'description': description}) if applied_tos is not None: - section['applied_tos'] = applied_tos + section['applied_tos'] = [get_nsgroup_reference(nsg_id) + for nsg_id in applied_tos] return nsxclient.update_resource(resource, section) diff --git a/vmware_nsx/nsxlib/v3/security.py b/vmware_nsx/nsxlib/v3/security.py index b1d3c90bc3..882be4a73e 100644 --- a/vmware_nsx/nsxlib/v3/security.py +++ b/vmware_nsx/nsxlib/v3/security.py @@ -227,7 +227,10 @@ def init_nsgroup_manager_and_default_section_rules(): def _init_default_section(name, description, nested_groups): fw_sections = firewall.list_sections() for section in fw_sections: - if section.get('display_name') == name: + if section['display_name'] == name: + firewall.update_section(section['id'], + name, section['description'], + applied_tos=nested_groups) break else: tags = utils.build_v3_api_version_tag()