Use Ids for predefined NSX switching profiles

As these profiles have hardcoded Ids, it is much safer and efficient to use directly the resource Ids rather than fetching resources by name. Change-Id: Iba462a1fe1209f5e31be93eef3ecd450e16a5138
2021-08-23 09:23:42 -07:00 · 2021-08-23 09:23:42 -07:00 · 214513d726
commit 214513d726
parent f38f0f30d9
1 changed files with 16 additions and 17 deletions
--- a/vmware_nsx/plugins/nsx_v3/plugin.py
+++ b/vmware_nsx/plugins/nsx_v3/plugin.py
@ -115,16 +115,17 @@ from vmware_nsxlib.v3 import utils as nsxlib_utils


 LOG = log.getLogger(__name__)
-NSX_V3_NO_PSEC_PROFILE_NAME = 'nsx-default-spoof-guard-vif-profile'
+# Hardcoded NSX Profile IDs
+NSX_V3_NO_PSEC_PROFILE_ID = 'fad98876-d7ff-11e4-b9d6-1681e6b88ec1'
+NSX_V3_NON_VIF_PROFILE_ID = '47ffda0e-035f-4900-83e4-0a2086813ede'
+NSX_V3_NON_VIF_ENS_PROFILE_ID = '04b4dd63-0eba-47f2-a310-2dde25471c51'
+# Plugin-created profiles and firewall sections
 NSX_V3_MAC_LEARNING_PROFILE_NAME = 'neutron_port_mac_learning_profile'
 NSX_V3_MAC_DISABLED_PROFILE_NAME = 'neutron_port_mac_learning_disabled_profile'
 NSX_V3_FW_DEFAULT_SECTION = 'OS Default Section for Neutron Security-Groups'
 NSX_V3_FW_DEFAULT_NS_GROUP = 'os_default_section_ns_group'
 NSX_V3_DEFAULT_SECTION = 'OS-Default-Section'
 NSX_V3_EXCLUDED_PORT_NSGROUP_NAME = 'neutron_excluded_port_nsgroup'
-NSX_V3_NON_VIF_PROFILE = 'nsx-default-switch-security-non-vif-profile'
-NSX_V3_NON_VIF_ENS_PROFILE = \
-    'nsx-default-switch-security-non-vif-profile-for-ens'
 NSX_V3_SERVER_SSL_PROFILE = 'nsx-default-server-ssl-profile'
 NSX_V3_CLIENT_SSL_PROFILE = 'nsx-default-client-ssl-profile'

@ -480,11 +481,10 @@ class NsxV3Plugin(nsx_plugin_common.NsxPluginV3Base,
            msg = _("Unable to initialize NSX v3 port spoofguard switching "
                    "profile: %s") % v3_utils.NSX_V3_PSEC_PROFILE_NAME
            raise nsx_exc.NsxPluginException(err_msg=msg)
-        profile_client = self.nsxlib.switching_profile
-        no_psec_prof = profile_client.find_by_display_name(
-            NSX_V3_NO_PSEC_PROFILE_NAME)[0]
-        self._no_psec_profile_id = profile_client.build_switch_profile_ids(
-            profile_client, no_psec_prof)[0]
+
+        self._no_psec_profile_id = nsx_resources.SwitchingProfileTypeId(
+            profile_type=(nsx_resources.SwitchingProfileTypes.SPOOF_GUARD),
+            profile_id=NSX_V3_NO_PSEC_PROFILE_ID)

        LOG.debug("Initializing NSX v3 DHCP switching profile")
        try:
@ -510,14 +510,13 @@ class NsxV3Plugin(nsx_plugin_common.NsxPluginV3Base,
                        {'name': NSX_V3_MAC_LEARNING_PROFILE_NAME,
                         'reason': e})

-        no_switch_security_prof = profile_client.find_by_display_name(
-                NSX_V3_NON_VIF_PROFILE)[0]
-        self._no_switch_security = profile_client.build_switch_profile_ids(
-            profile_client, no_switch_security_prof)[0]
-        no_switch_security_prof = profile_client.find_by_display_name(
-                NSX_V3_NON_VIF_ENS_PROFILE)[0]
-        self._no_switch_security_ens = profile_client.build_switch_profile_ids(
-            profile_client, no_switch_security_prof)[0]
+        self._no_switch_security = nsx_resources.SwitchingProfileTypeId(
+            profile_type=(nsx_resources.SwitchingProfileTypes.SWITCH_SECURITY),
+            profile_id=NSX_V3_NON_VIF_PROFILE_ID)
+
+        self._no_switch_security_ens = nsx_resources.SwitchingProfileTypeId(
+            profile_type=(nsx_resources.SwitchingProfileTypes.SWITCH_SECURITY),
+            profile_id=NSX_V3_NON_VIF_ENS_PROFILE_ID)

        self.server_ssl_profile = None
        self.client_ssl_profile = None