From 5ffb1de1e68c37b0cffec12451ee8da3b36e20c8 Mon Sep 17 00:00:00 2001
From: Gary Kotton <gkotton@vmware.com>
Date: Mon, 12 Feb 2018 08:17:00 -0800
Subject: [PATCH] admin utility enabled nsx-update for security groups (V and
 T)

Provide ability to update security groups on NSX

Change-Id: Ia16dfcd5618a3584bc9d0acfbf8a0de155997e58
---
 doc/source/admin_util.rst                                   | 2 +-
 .../shell/admin/plugins/nsxv/resources/securitygroups.py    | 6 +++++-
 .../shell/admin/plugins/nsxv3/resources/securitygroups.py   | 4 ++++
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/doc/source/admin_util.rst b/doc/source/admin_util.rst
index b4f0159db3..d51634b7f2 100644
--- a/doc/source/admin_util.rst
+++ b/doc/source/admin_util.rst
@@ -219,7 +219,7 @@ Security Groups, Firewall and Spoofguard
 
     nsxadmin --resource security-groups --operation list
     nsxadmin -r nsx-security-groups -o {list, list-missmatches}
-    nsxadmin -r firewall-sections -o {list, list-missmatches}
+    nsxadmin -r firewall-sections -o {list, list-missmatches, nsx-update}
 
 - Spoofguard support::
 
diff --git a/vmware_nsx/shell/admin/plugins/nsxv/resources/securitygroups.py b/vmware_nsx/shell/admin/plugins/nsxv/resources/securitygroups.py
index 0962146b12..30ea8ae90b 100644
--- a/vmware_nsx/shell/admin/plugins/nsxv/resources/securitygroups.py
+++ b/vmware_nsx/shell/admin/plugins/nsxv/resources/securitygroups.py
@@ -95,7 +95,7 @@ class NeutronSecurityGroupDB(
         return False
 
     def delete_security_group_section_mapping(self, sg_id):
-        with self.db_api.context_manager.writer.using(self.context):
+        with db_api.context_manager.writer.using(self.context):
             fw_mapping = self.context.session.query(
                 nsxv_models.NsxvSecurityGroupSectionMapping).filter_by(
                     neutron_id=sg_id).one_or_none()
@@ -433,6 +433,10 @@ registry.subscribe(reorder_firewall_sections,
                    constants.FIREWALL_SECTIONS,
                    shell.Operations.NSX_REORDER.value)
 
+registry.subscribe(fix_security_groups,
+                   constants.FIREWALL_SECTIONS,
+                   shell.Operations.NSX_UPDATE.value)
+
 registry.subscribe(firewall_update_cluster_default_fw_section,
                    constants.FIREWALL_SECTIONS,
                    shell.Operations.NSX_UPDATE.value)
diff --git a/vmware_nsx/shell/admin/plugins/nsxv3/resources/securitygroups.py b/vmware_nsx/shell/admin/plugins/nsxv3/resources/securitygroups.py
index ef5af386c3..7c11a0da47 100644
--- a/vmware_nsx/shell/admin/plugins/nsxv3/resources/securitygroups.py
+++ b/vmware_nsx/shell/admin/plugins/nsxv3/resources/securitygroups.py
@@ -300,3 +300,7 @@ def migrate_nsgroups_to_dynamic_criteria(resource, event, trigger, **kwargs):
 registry.subscribe(migrate_nsgroups_to_dynamic_criteria,
                    constants.FIREWALL_NSX_GROUPS,
                    shell.Operations.MIGRATE_TO_DYNAMIC_CRITERIA.value)
+
+registry.subscribe(fix_security_groups,
+                   constants.FIREWALL_SECTIONS,
+                   shell.Operations.NSX_UPDATE.value)