From 30d05980ed1cfb4451d30d010960d1a7f416f065 Mon Sep 17 00:00:00 2001 From: Roey Chen Date: Sun, 17 Apr 2016 05:11:59 -0700 Subject: [PATCH] NSXAdmin-v3: Don't delete internal fw sections and groups Change-Id: I365d34cffee1cc7cb973e9f44d75510aeb0195ac --- .../admin/plugins/nsxv3/resources/securitygroups.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/vmware_nsx/shell/admin/plugins/nsxv3/resources/securitygroups.py b/vmware_nsx/shell/admin/plugins/nsxv3/resources/securitygroups.py index 7f9301c5e3..496b5cc68f 100644 --- a/vmware_nsx/shell/admin/plugins/nsxv3/resources/securitygroups.py +++ b/vmware_nsx/shell/admin/plugins/nsxv3/resources/securitygroups.py @@ -14,6 +14,7 @@ import logging +from vmware_nsx.common import utils from vmware_nsx.shell.admin.plugins.common import constants from vmware_nsx.shell.admin.plugins.common import formatters from vmware_nsx.shell.admin.plugins.common import utils as admin_utils @@ -70,10 +71,10 @@ def nsx_delete_security_groups(resource, event, trigger, **kwargs): return sections = firewall.list_sections() - # NOTE(gangila): We use -1 indexing because we trying to delete default - # security group on NSX Manager raises an exception. + # NOTE(roeyc): We use -2 indexing because don't want to delete the + # default firewall sections. if sections: - NON_DEFAULT_SECURITY_GROUPS = -1 + NON_DEFAULT_SECURITY_GROUPS = -2 for section in sections[:NON_DEFAULT_SECURITY_GROUPS]: LOG.info(_LI("Deleting firewall section %(display_name)s, " "section id %(id)s"), @@ -83,7 +84,8 @@ def nsx_delete_security_groups(resource, event, trigger, **kwargs): nsgroups = firewall.list_nsgroups() if nsgroups: - for nsgroup in nsgroups: + for nsgroup in [nsg for nsg in nsgroups + if not utils.is_internal_resource(nsg)]: LOG.info(_LI("Deleting ns-group %(display_name)s, " "ns-group id %(id)s"), {'display_name': nsgroup['display_name'],