diff --git a/vmware_nsx/db/extended_security_group.py b/vmware_nsx/db/extended_security_group.py index 732220cebc..2a1a48a55c 100644 --- a/vmware_nsx/db/extended_security_group.py +++ b/vmware_nsx/db/extended_security_group.py @@ -24,6 +24,7 @@ from neutron.db import _resource_extend as resource_extend from neutron.db import api as db_api from neutron.db.models import securitygroup as securitygroups_db from neutron.extensions import securitygroup as ext_sg +from neutron.objects import securitygroup as sg_obj from neutron_lib.api.definitions import port as port_def from neutron_lib.api import validators from neutron_lib.callbacks import events @@ -96,19 +97,14 @@ class ExtendedSecurityGroupPropertiesMixin(object): if not default_sg: self._ensure_default_security_group(context, tenant_id) - with db_api.autonested_transaction(context.session): - security_group_db = securitygroups_db.SecurityGroup( - id=s.get('id') or (uuidutils.generate_uuid()), - description=s.get('description', ''), - tenant_id=tenant_id, - name=s.get('name', '')) - context.session.add(security_group_db) - if default_sg: - context.session.add(securitygroups_db.DefaultSecurityGroup( - security_group=security_group_db, - tenant_id=tenant_id)) + with db_api.context_manager.writer.using(context): + sg = sg_obj.SecurityGroup( + context, id=s.get('id') or uuidutils.generate_uuid(), + description=s.get('description', ''), project_id=tenant_id, + name=s.get('name', ''), is_default=default_sg) + sg.create() - secgroup_dict = self._make_security_group_dict(security_group_db) + secgroup_dict = self._make_security_group_dict(sg) secgroup_dict[sg_policy.POLICY] = s.get(sg_policy.POLICY) secgroup_dict[provider_sg.PROVIDER] = is_provider kwargs['security_group'] = secgroup_dict diff --git a/vmware_nsx/plugins/nsx_v/plugin.py b/vmware_nsx/plugins/nsx_v/plugin.py index bbe11c61ef..dd527a51d6 100644 --- a/vmware_nsx/plugins/nsx_v/plugin.py +++ b/vmware_nsx/plugins/nsx_v/plugin.py @@ -77,6 +77,7 @@ from neutron.extensions import multiprovidernet as mpnet from neutron.extensions import providernet from neutron.extensions import securitygroup as ext_sg from neutron.extensions import vlantransparent as ext_vlan +from neutron.objects import securitygroup from neutron.plugins.common import utils from neutron.quota import resource_registry from neutron.services.flavors import flavors_plugin @@ -4154,9 +4155,7 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin, "nsx-rule %(nsx_rule_id)s doesn't exist.", {'id': id, 'nsx_rule_id': nsx_rule_id}) - with db_api.context_manager.writer.using(context): - rule_db = self._get_security_group_rule(context, id) - context.session.delete(rule_db) + securitygroup.SecurityGroupRule.delete_objects(context, id=id) def _remove_vnic_from_spoofguard_policy(self, session, net_id, vnic_id): policy_id = nsxv_db.get_spoofguard_policy_id(session, net_id)