From 214513d7265b3703b30fbaa05daa40133baba761 Mon Sep 17 00:00:00 2001 From: Salvatore Orlando Date: Mon, 23 Aug 2021 09:23:42 -0700 Subject: [PATCH] Use Ids for predefined NSX switching profiles As these profiles have hardcoded Ids, it is much safer and efficient to use directly the resource Ids rather than fetching resources by name. Change-Id: Iba462a1fe1209f5e31be93eef3ecd450e16a5138 --- vmware_nsx/plugins/nsx_v3/plugin.py | 33 ++++++++++++++--------------- 1 file changed, 16 insertions(+), 17 deletions(-) diff --git a/vmware_nsx/plugins/nsx_v3/plugin.py b/vmware_nsx/plugins/nsx_v3/plugin.py index cd2178a39b..64407d20c5 100644 --- a/vmware_nsx/plugins/nsx_v3/plugin.py +++ b/vmware_nsx/plugins/nsx_v3/plugin.py @@ -115,16 +115,17 @@ from vmware_nsxlib.v3 import utils as nsxlib_utils LOG = log.getLogger(__name__) -NSX_V3_NO_PSEC_PROFILE_NAME = 'nsx-default-spoof-guard-vif-profile' +# Hardcoded NSX Profile IDs +NSX_V3_NO_PSEC_PROFILE_ID = 'fad98876-d7ff-11e4-b9d6-1681e6b88ec1' +NSX_V3_NON_VIF_PROFILE_ID = '47ffda0e-035f-4900-83e4-0a2086813ede' +NSX_V3_NON_VIF_ENS_PROFILE_ID = '04b4dd63-0eba-47f2-a310-2dde25471c51' +# Plugin-created profiles and firewall sections NSX_V3_MAC_LEARNING_PROFILE_NAME = 'neutron_port_mac_learning_profile' NSX_V3_MAC_DISABLED_PROFILE_NAME = 'neutron_port_mac_learning_disabled_profile' NSX_V3_FW_DEFAULT_SECTION = 'OS Default Section for Neutron Security-Groups' NSX_V3_FW_DEFAULT_NS_GROUP = 'os_default_section_ns_group' NSX_V3_DEFAULT_SECTION = 'OS-Default-Section' NSX_V3_EXCLUDED_PORT_NSGROUP_NAME = 'neutron_excluded_port_nsgroup' -NSX_V3_NON_VIF_PROFILE = 'nsx-default-switch-security-non-vif-profile' -NSX_V3_NON_VIF_ENS_PROFILE = \ - 'nsx-default-switch-security-non-vif-profile-for-ens' NSX_V3_SERVER_SSL_PROFILE = 'nsx-default-server-ssl-profile' NSX_V3_CLIENT_SSL_PROFILE = 'nsx-default-client-ssl-profile' @@ -480,11 +481,10 @@ class NsxV3Plugin(nsx_plugin_common.NsxPluginV3Base, msg = _("Unable to initialize NSX v3 port spoofguard switching " "profile: %s") % v3_utils.NSX_V3_PSEC_PROFILE_NAME raise nsx_exc.NsxPluginException(err_msg=msg) - profile_client = self.nsxlib.switching_profile - no_psec_prof = profile_client.find_by_display_name( - NSX_V3_NO_PSEC_PROFILE_NAME)[0] - self._no_psec_profile_id = profile_client.build_switch_profile_ids( - profile_client, no_psec_prof)[0] + + self._no_psec_profile_id = nsx_resources.SwitchingProfileTypeId( + profile_type=(nsx_resources.SwitchingProfileTypes.SPOOF_GUARD), + profile_id=NSX_V3_NO_PSEC_PROFILE_ID) LOG.debug("Initializing NSX v3 DHCP switching profile") try: @@ -510,14 +510,13 @@ class NsxV3Plugin(nsx_plugin_common.NsxPluginV3Base, {'name': NSX_V3_MAC_LEARNING_PROFILE_NAME, 'reason': e}) - no_switch_security_prof = profile_client.find_by_display_name( - NSX_V3_NON_VIF_PROFILE)[0] - self._no_switch_security = profile_client.build_switch_profile_ids( - profile_client, no_switch_security_prof)[0] - no_switch_security_prof = profile_client.find_by_display_name( - NSX_V3_NON_VIF_ENS_PROFILE)[0] - self._no_switch_security_ens = profile_client.build_switch_profile_ids( - profile_client, no_switch_security_prof)[0] + self._no_switch_security = nsx_resources.SwitchingProfileTypeId( + profile_type=(nsx_resources.SwitchingProfileTypes.SWITCH_SECURITY), + profile_id=NSX_V3_NON_VIF_PROFILE_ID) + + self._no_switch_security_ens = nsx_resources.SwitchingProfileTypeId( + profile_type=(nsx_resources.SwitchingProfileTypes.SWITCH_SECURITY), + profile_id=NSX_V3_NON_VIF_ENS_PROFILE_ID) self.server_ssl_profile = None self.client_ssl_profile = None