AdminUtils NSXv3: Fix SG admin utils and their documantation

The nsxv3 security groups documentation was wrong. In addition, fixed some function calls. Change-Id: I38a0013775c848ff41fb0771a2114730e1d59cbe
2017-02-21 11:06:52 +02:00 · 2017-02-21 11:06:52 +02:00 · 4f929e8fdb
commit 4f929e8fdb
parent abb76b430a
2 changed files with 24 additions and 23 deletions
--- a/doc/source/admin_util.rst
+++ b/doc/source/admin_util.rst
@ -215,7 +215,7 @@ Metadata
 NSXv3
 -----

-The following resources are supported: 'security-groups', 'routers', 'networks', 'nsx-security-groups', 'dhcp-binding', 'metadata-proxy', 'orphaned-dhcp-servers', and 'ports'.
+The following resources are supported: 'security-groups', 'routers', 'networks', 'nsx-security-groups', 'dhcp-binding', 'metadata-proxy', 'orphaned-dhcp-servers', 'firewall-sections', 'certificate', and 'ports'.

 Networks
 ~~~~~~~~
@ -242,36 +242,39 @@ Ports

    nsxadmin -r ports -o nsx-migrate-v-v3

-Security Groups
-~~~~~~~~~~~~~~~
+Security Groups & NSX Security Groups
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 - List backed security groups::

-    nsx -r security-groups -o nsx-list
+    nsxadmin -r nsx-security-groups -o list

- List neutron DB security groups::
+- List neutron security groups::

-    nsx -r security-groups -o neutron-list
+    nsxadmin -r security-groups -o list

- List both backend and neutron security groups::
+- Fix mismatch sections in security group::

-    nsx -r security-groups -o list
+    nsxadmin -r security-groups -o fix-mismatch

- Cleanup NSX backend sections and nsgroups::
+- List nsx security groups with mismatch sections::

-    nsx -r security-groups -o nsx-clean
-
- Cleanup Neutron DB security groups::
-
-    nsx -r security-groups -o neutron-clean
-
- Cleanup both Neutron DB security groups and NSX backend sections and nsgroups::
-
-    nsx -r security-groups -o clean
+    nsxadmin -r nsx-security-groups -o list-mismatches

 - Update NSX security groups dynamic criteria for NSXv3 CrossHairs::

-    nsx -r nsx-security-groups -o migrate-to-dynamic-criteria
+    nsxadmin -r nsx-security-groups -o migrate-to-dynamic-criteria
+
+Firewall Sections
+~~~~~~~~~~~~~~~~~
+
+- List backed firewall sections::
+
+    nsxadmin -r firewall-sections -o list
+
+- List security groups with missing sections::
+
+    nsxadmin -r firewall-sections -o list-mismatches

 Metadata Proxy
 ~~~~~~~~~~~~~~
--- a/vmware_nsx/shell/admin/plugins/nsxv3/resources/securitygroups.py
+++ b/vmware_nsx/shell/admin/plugins/nsxv3/resources/securitygroups.py
@ -226,8 +226,8 @@ def fix_security_groups(resource, event, trigger, **kwargs):
        # should already have them.
        if not utils.is_nsx_version_1_1_0(plugin._nsx_version):
            members = []
-            for port_id in neutron_db.get_ports_in_security_group(sg_id):
-                lport_id = neutron_db.get_logical_port_id(port_id)
+            for port_id in neutron_sg.get_ports_in_security_group(sg_id):
+                lport_id = neutron_sg.get_logical_port_id(port_id)
                members.append(lport_id)
            nsxlib.ns_group.add_members(
                nsgroup['id'], consts.TARGET_TYPE_LOGICAL_PORT, members)
@ -246,8 +246,6 @@ def fix_security_groups(resource, event, trigger, **kwargs):
            secgroup.get(sg_logging.LOGGING, False), action,
            secgroup['security_group_rules'])
        plugin.save_security_group_rule_mappings(context_, rules['rules'])
-        # Add nsgroup to a nested group
-        plugin.nsgroup_manager.add_nsgroup(nsgroup['id'])


 def _update_ports_dynamic_criteria_tags():