Merge "Fix VPN api as the NSX api changed"

vmware_nsx/services/vpnaas/nsxv3/ipsec_driver.py

@@ -186,7 +186,6 @@ class NSXv3IPsecVpnDriver(service_drivers.VpnDriver):
                 ike_version=ipsec_utils.IKE_VERSION_MAP[
                     ikepolicy['ike_version']],
                 dh_group=ipsec_utils.PFS_MAP[ikepolicy['pfs']],
-                pfs=True,
                 sa_life_time=ikepolicy['lifetime']['value'],
                 tags=self._nsx_tags(context, connection))
         except nsx_lib_exc.ManagerError as e:
@@ -593,7 +592,7 @@ class NSXv3IPsecVpnDriver(service_drivers.VpnDriver):
         # Note(asarfaty) we expect only a small number of services
         services = self._nsx_vpn.service.list()['results']
         for srv in services:
-            if srv['logical_router_id']['target_id'] == tier0_uuid:
+            if srv['logical_router_id'] == tier0_uuid:
                 # if it exists but disabled: issue an error
                 if not srv.get('enabled', True):
                     msg = _("NSX vpn service %s must be enabled") % srv['id']

vmware_nsx/services/vpnaas/nsxv3/ipsec_utils.py

@@ -26,8 +26,6 @@ AUTH_ALGORITHM_MAP = {
 }
 
 PFS_MAP = {
-    'group2': vpn_ipsec.DHGroupTypes.DH_GROUP_2,
-    'group5': vpn_ipsec.DHGroupTypes.DH_GROUP_5,
     'group14': vpn_ipsec.DHGroupTypes.DH_GROUP_14
 }
 

vmware_nsx/services/vpnaas/nsxv3/ipsec_validator.py

@@ -71,14 +71,18 @@ class IPsecV3Validator(vpn_validator.VpnReferenceValidator):
                         'val': lifetime, 'pol': policy_type}
             raise nsx_exc.NsxVpnValidationError(details=msg)
         value = lifetime.get('value')
-        if (value and (value < vpn_ipsec.SALifetimeLimits.SA_LIFETIME_MIN or
+        if policy_type == 'IKE':
-            value > vpn_ipsec.SALifetimeLimits.SA_LIFETIME_MAX)):
+            limits = vpn_ipsec.IkeSALifetimeLimits
+        else:
+            limits = vpn_ipsec.IPsecSALifetimeLimits
+        if (value and (value < limits.SA_LIFETIME_MIN or
+            value > limits.SA_LIFETIME_MAX)):
             msg = _("Unsupported policy lifetime %(value)s in %(pol)s policy. "
                     "Value range is [%(min)s-%(max)s].") % {
                         'value': value,
                         'pol': policy_type,
-                        'min': vpn_ipsec.SALifetimeLimits.SA_LIFETIME_MIN,
+                        'min': limits.SA_LIFETIME_MIN,
-                        'max': vpn_ipsec.SALifetimeLimits.SA_LIFETIME_MAX}
+                        'max': limits.SA_LIFETIME_MAX}
             raise nsx_exc.NsxVpnValidationError(details=msg)
 
     def _validate_policy_auth_algorithm(self, policy_info, policy_type):

vmware_nsx/tests/unit/services/vpnaas/test_nsxv3_vpnaas.py

@@ -54,7 +54,7 @@ class TestDriverValidation(base.BaseTestCase):
             self.validator.validate_ipsec_policy)
 
     def _test_lifetime_seconds_values_at_limits(self, validation_func):
-        policy_info = {'lifetime': {'units': 'seconds', 'value': 90}}
+        policy_info = {'lifetime': {'units': 'seconds', 'value': 21600}}
         validation_func(self.context, policy_info)
         policy_info = {'lifetime': {'units': 'seconds', 'value': 86400}}
         validation_func(self.context, policy_info)
@@ -128,7 +128,7 @@ class TestDriverValidation(base.BaseTestCase):
                           validation_func,
                           self.context, policy_info)
 
-        policy_info = {'pfs': 'group5'}
+        policy_info = {'pfs': 'group14'}
         validation_func(self.context, policy_info)
 
     def test_ipsec_pfs(self):
@@ -243,7 +243,7 @@ class TestDriverValidation(base.BaseTestCase):
         self._test_conn_validation(conn_params=params, success=False)
 
         params = {'dpd': {'action': 'hold',
-                          'timeout': 5}}
+                          'timeout': 2}}
         self._test_conn_validation(conn_params=params, success=False)
 
     def test_check_unique_addresses(self):