NSX|P: Add neutron object ID to NSX tags

Change-Id: I75b2b1412cf32445f9b2ab0ba65e04b44e6a4dc9

vmware_nsx/plugins/nsx_p/plugin.py

@@ -326,8 +326,9 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
         # update the network name to indicate the neutron id too.
         net_name = utils.get_name_and_uuid(net_data['name'] or 'network',
                                            net_data['id'])
-        tags = self.nsxpolicy.build_v3_api_version_project_tag(
-            context.tenant_name)
+        tags = self.nsxpolicy.build_v3_tags_payload(
+            net_data, resource_type='os-neutron-net-id',
+            project_name=context.tenant_name)
 
         admin_state = net_data.get('admin_state_up', True)
         LOG.debug('create_network: %(net_name)s, %(physical_net)s, '
@@ -666,8 +667,15 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
             attachment_type = policy_constants.ATTACHMENT_INDEPENDENT
 
         tags = self._build_port_tags(port_data)
-        tags.extend(self.nsxpolicy.build_v3_api_version_project_tag(
-            context.tenant_name, project_id=port_data.get('tenant_id')))
+        if device_owner == const.DEVICE_OWNER_DHCP:
+            tag_resource_type = 'os-neutron-dport-id'
+        elif device_owner == l3_db.DEVICE_OWNER_ROUTER_INTF:
+            tag_resource_type = 'os-neutron-rport-id'
+        else:
+            tag_resource_type = 'os-neutron-port-id'
+        tags.extend(self.nsxpolicy.build_v3_tags_payload(
+            port_data, resource_type=tag_resource_type,
+            project_name=context.tenant_name))
 
         if self._is_excluded_port(device_owner, is_psec_on):
             tags.append({'scope': security.PORT_SG_SCOPE,
@@ -1225,8 +1233,9 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
 
         router_name = utils.get_name_and_uuid(router['name'] or 'router',
                                               router['id'])
-        tags = self.nsxpolicy.build_v3_api_version_project_tag(
-            context.tenant_name, project_id=r.get('tenant_id'))
+        tags = self.nsxpolicy.build_v3_tags_payload(
+            r, resource_type='os-neutron-router-id',
+            project_name=context.tenant_name)
         try:
             self.nsxpolicy.tier1.create_or_overwrite(
                 router_name, router['id'],
@@ -1650,8 +1659,9 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
         Both will have the security group id as their NSX id.
         """
         sg_id = secgroup['id']
-        tags = self.nsxpolicy.build_v3_api_version_project_tag(
-            context.tenant_name, project_id=secgroup.get('tenant_id'))
+        tags = self.nsxpolicy.build_v3_tags_payload(
+            secgroup, resource_type='os-neutron-secg-id',
+            project_name=secgroup.get('tenant_id'))
         nsx_name = utils.get_name_and_uuid(secgroup['name'] or 'securitygroup',
                                            sg_id)
         # Create the groups membership criteria for ports by scope & tag
@@ -1686,13 +1696,11 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
             self.nsxpolicy.group.delete(domain_id, sg_id)
             raise nsx_exc.NsxPluginException(err_msg=msg)
 
-    def _get_rule_service_id(self, context, sg_rule):
+    def _get_rule_service_id(self, context, sg_rule, tags):
         """Return the NSX Policy service id matching the SG rule"""
         srv_id = None
         l4_protocol = nsxlib_utils.get_l4_protocol_name(sg_rule['protocol'])
         srv_name = 'Service for OS rule %s' % sg_rule['id']
-        tags = self.nsxpolicy.build_v3_api_version_project_tag(
-            context.tenant_name, project_id=sg_rule.get('tenant_id'))
 
         if l4_protocol in [nsxlib_consts.TCP, nsxlib_consts.UDP]:
             # If port_range_min is not specified then we assume all ports are
@@ -1753,8 +1761,11 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
         self._fix_sg_rule_dict_ips(sg_rule)
         source = None
         destination = this_group_id
-        tags = self.nsxpolicy.build_v3_api_version_project_tag(
-            context.tenant_name, project_id=sg_rule.get('tenant_id'))
+
+        tags = self.nsxpolicy.build_v3_tags_payload(
+            sg_rule, resource_type='os-neutron-secgr-id',
+            project_name=sg_rule.get('tenant_id'))
+
         if sg_rule.get('remote_group_id'):
             # This is the ID of a security group that already exists,
             # so it should be known to the policy manager
@@ -1786,7 +1797,7 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
             # Swap source and destination
             source, destination = destination, source
 
-        service = self._get_rule_service_id(context, sg_rule)
+        service = self._get_rule_service_id(context, sg_rule, tags)
         logging = (cfg.CONF.nsx_p.log_security_groups_allowed_traffic or
                    secgroup_logging)
         self.nsxpolicy.comm_map.create_entry(

vmware_nsx/services/qos/nsx_v3/pol_utils.py

@@ -49,10 +49,15 @@ class PolicyQosNotificationsHandler(object):
     def _nsxpolicy(self):
         return self.core_plugin.nsxpolicy
 
+    def _get_tags(self, context, policy):
+        policy_dict = {'id': policy.id, 'tenant_id': policy.tenant_id}
+        return self._nsxpolicy.build_v3_tags_payload(
+            policy_dict, resource_type='os-neutron-qos-id',
+            project_name=context.tenant_name)
+
     def create_or_update_policy(self, context, policy):
         policy_id = policy.id
-        tags = self._nsxpolicy.build_v3_api_version_project_tag(
-            context.tenant_name, project_id=policy.tenant_id)
+        tags = self._get_tags(context, policy)
         pol_name = utils.get_name_and_uuid(policy.name or 'policy',
                                            policy.id)
 

vmware_nsx/tests/unit/services/qos/test_nsxp_notification.py

@@ -93,6 +93,12 @@ class TestQosNsxPNotification(base.BaseQosTestCase,
 
         self.nsxlib = v3_utils.get_nsxlib_wrapper()
 
+    def _get_expected_tags(self):
+        policy_dict = {'id': self.policy.id, 'tenant_id': self.project_id}
+        return self.nsxlib.build_v3_tags_payload(
+            policy_dict, resource_type='os-neutron-qos-id',
+            project_name=self.ctxt.tenant_name)
+
     @mock.patch.object(QoSPolicy, 'create_rbac_policy')
     def test_policy_create_profile(self, *mocks):
         # test the profile creation when a QoS policy is created
@@ -103,9 +109,6 @@ class TestQosNsxPNotification(base.BaseQosTestCase,
                               return_value=self.policy),\
             mock.patch.object(QoSPolicy, 'create'):
             self.qos_plugin.create_policy(self.ctxt, self.policy_data)
-            expected_tags = self.nsxlib.build_v3_api_version_project_tag(
-                project_name=self.ctxt.tenant_name,
-                project_id=self.project_id)
             exp_name = utils.get_name_and_uuid(self.policy.name,
                                                self.policy.id)
 
@@ -115,7 +118,7 @@ class TestQosNsxPNotification(base.BaseQosTestCase,
                 description=self.policy_data["policy"]["description"],
                 dscp=None,
                 shaper_configurations=[],
-                tags=expected_tags)
+                tags=self._get_expected_tags())
 
     @mock.patch.object(QoSPolicy, '_reload_rules')
     def test_bw_rule_create_profile(self, *mocks):
@@ -139,9 +142,6 @@ class TestQosNsxPNotification(base.BaseQosTestCase,
                 rule_dict['max_kbps']) / 1024))
             expected_burst = rule_dict['max_burst_kbps'] * 128
             expected_peak = int(expected_bw * self.peak_bw_multiplier)
-            expected_tags = self.nsxlib.build_v3_api_version_project_tag(
-                project_name=self.ctxt.tenant_name,
-                project_id=self.project_id)
             exp_name = utils.get_name_and_uuid(self.policy.name,
                                                self.policy.id)
             # egress neutron rule -> ingress nsx args
@@ -158,7 +158,7 @@ class TestQosNsxPNotification(base.BaseQosTestCase,
                 description=self.policy_data["policy"]["description"],
                 dscp=None,
                 shaper_configurations=[mock.ANY],
-                tags=expected_tags)
+                tags=self._get_expected_tags())
             # Compare the shaper
             actual_shaper = create_profile.call_args[1][
                 'shaper_configurations'][0]
@@ -190,9 +190,6 @@ class TestQosNsxPNotification(base.BaseQosTestCase,
             expected_peak = int(expected_bw * self.peak_bw_multiplier)
             exp_name = utils.get_name_and_uuid(self.policy.name,
                                                self.policy.id)
-            expected_tags = self.nsxlib.build_v3_api_version_project_tag(
-                project_name=self.ctxt.tenant_name,
-                project_id=self.project_id)
             # ingress neutron rule -> egress nsx args
             shaper_type = policy_defs.QoSRateLimiter.EGRESS_RATE_LIMITER_TYPE
             expected_shaper = policy_defs.QoSRateLimiter(
@@ -207,7 +204,7 @@ class TestQosNsxPNotification(base.BaseQosTestCase,
                 description=self.policy_data["policy"]["description"],
                 dscp=None,
                 shaper_configurations=[mock.ANY],
-                tags=expected_tags)
+                tags=self._get_expected_tags())
             # Compare the shaper
             actual_shaper = create_profile.call_args[1][
                 'shaper_configurations'][0]
@@ -287,9 +284,6 @@ class TestQosNsxPNotification(base.BaseQosTestCase,
 
             exp_name = utils.get_name_and_uuid(self.policy.name,
                                                self.policy.id)
-            expected_tags = self.nsxlib.build_v3_api_version_project_tag(
-                project_name=self.ctxt.tenant_name,
-                project_id=self.project_id)
             expected_dscp = policy_defs.QoSDscp(
                 mode=policy_defs.QoSDscp.QOS_DSCP_UNTRUSTED,
                 priority=dscp_mark)
@@ -299,7 +293,7 @@ class TestQosNsxPNotification(base.BaseQosTestCase,
                 description=self.policy_data["policy"]["description"],
                 dscp=mock.ANY,
                 shaper_configurations=[],
-                tags=expected_tags)
+                tags=self._get_expected_tags())
             # Compare the dscp obj
             actual_dscp = create_profile.call_args[1]['dscp']
             self.assertEqual(expected_dscp.get_obj_dict(),
@@ -342,9 +336,6 @@ class TestQosNsxPNotification(base.BaseQosTestCase,
             self.qos_plugin.delete_policy_bandwidth_limit_rule(
                 self.ctxt, self.rule.id, self.policy.id)
             # validate the data on the profile
-            expected_tags = self.nsxlib.build_v3_api_version_project_tag(
-                project_name=self.ctxt.tenant_name,
-                project_id=self.project_id)
             exp_name = utils.get_name_and_uuid(self.policy.name,
                                                self.policy.id)
 
@@ -354,7 +345,7 @@ class TestQosNsxPNotification(base.BaseQosTestCase,
                 description=self.policy_data["policy"]["description"],
                 dscp=None,
                 shaper_configurations=[],
-                tags=expected_tags)
+                tags=self._get_expected_tags())
 
     @mock.patch('neutron.objects.db.api.get_object', return_value=None)
     def test_policy_delete_profile(self, *mocks):