From 6f68b516269d0e5dc13f31f8ffcf65d4b3ef2620 Mon Sep 17 00:00:00 2001
From: Roey Chen <roeyc@vmware.com>
Date: Wed, 17 Feb 2016 02:46:16 -0800
Subject: [PATCH] Don't assume backend resource was created if no ManagerError
 raised

A backend call may fail with ServiceClusterUnavailable, which is not a
ManagerError, therefore, we should not assume that backend resources were
succesfully created if no ManagerError was raised.

This patch only changes the create_security_group method with that
logic, other methods may also require a similar change.

Change-Id: I0170b910f246e8bb0d05fca12d4d8de3cbb26a4f
Closes-Bug: #1546474
---
 vmware_nsx/plugins/nsx_v3/plugin.py | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/vmware_nsx/plugins/nsx_v3/plugin.py b/vmware_nsx/plugins/nsx_v3/plugin.py
index b801f5a0ef..609f25531a 100644
--- a/vmware_nsx/plugins/nsx_v3/plugin.py
+++ b/vmware_nsx/plugins/nsx_v3/plugin.py
@@ -1651,12 +1651,16 @@ class NsxV3Plugin(addr_pair_db.AllowedAddressPairsMixin,
                     firewall.delete_nsgroup(ns_group['id'])
         except Exception:
             with excutils.save_and_reraise_exception():
+                section_id = firewall_section.get('id')
+                nsgroup_id = ns_group.get('id')
                 LOG.debug("Neutron failed to create security-group, "
                           "deleting backend resources: "
                           "section %s, ns-group %s.",
-                          firewall_section['id'], ns_group['id'])
-                firewall.delete_nsgroup(ns_group['id'])
-                firewall.delete_section(firewall_section['id'])
+                          section_id, nsgroup_id)
+                if nsgroup_id:
+                    firewall.delete_nsgroup(nsgroup_id)
+                if section_id:
+                    firewall.delete_section(section_id)
         try:
             sg_rules = secgroup_db['security_group_rules']
             # translate and creates firewall rules.