From 0d4258651bd29a475e2e7f9dcd4786f10f81cbb7 Mon Sep 17 00:00:00 2001
From: Adit Sarfaty <asarfaty@vmware.com>
Date: Thu, 1 Feb 2018 13:00:03 +0200
Subject: [PATCH] AdminUtils NSX-v: Fix SG migration to policy

Admin utility for migrating security group from rules to NSX policy fails becasue
of an api change.

Change-Id: I7d23640f3262d5602245c1d00468e82ec53d34ea
---
 .../admin/plugins/nsxv/resources/securitygroups.py    | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/vmware_nsx/shell/admin/plugins/nsxv/resources/securitygroups.py b/vmware_nsx/shell/admin/plugins/nsxv/resources/securitygroups.py
index b91aacbe61..0962146b12 100644
--- a/vmware_nsx/shell/admin/plugins/nsxv/resources/securitygroups.py
+++ b/vmware_nsx/shell/admin/plugins/nsxv/resources/securitygroups.py
@@ -330,7 +330,8 @@ def fix_security_groups(resource, event, trigger, **kwargs):
             neutron_sg.delete_security_group_backend_mapping(sg_id)
             plugin._process_security_group_create_backend_resources(context_,
                                                                     secgroup)
-            nsx_id = nsx_db.get_nsx_security_group_id(context_.session, sg_id)
+            nsx_id = nsx_db.get_nsx_security_group_id(context_.session, sg_id,
+                                                      moref=False)
             for vnic_id in neutron_sg.get_vnics_in_security_group(sg_id):
                 plugin._add_member_to_security_group(nsx_id, vnic_id)
 
@@ -371,6 +372,13 @@ def migrate_sg_to_policy(resource, event, trigger, **kwargs):
             LOG.error("NSX policy %s was not found", policy_id)
             return
 
+        # get the nsx id from the backend
+        nsx_sg_id = nsx_db.get_nsx_security_group_id(context_.session, sg_id,
+                                                     moref=True)
+        if not nsx_sg_id:
+            LOG.error("Did not find security groups %s neutron ID", sg_id)
+            return
+
         # Delete the rules from the security group
         LOG.info("Deleting the rules of security group: %s", sg_id)
         for rule in secgroup.get('security_group_rules', []):
@@ -396,7 +404,6 @@ def migrate_sg_to_policy(resource, event, trigger, **kwargs):
             # continue anyway
 
         # bind this security group to the policy in the backend and DB
-        nsx_sg_id = nsx_db.get_nsx_security_group_id(context_.session, sg_id)
         LOG.info("Binding the NSX security group %(nsx)s to policy "
                  "%(pol)s",
                  {'nsx': nsx_sg_id, 'pol': policy_id})