From 632831a82eb1c76de9a8ca8d72a50c1f56dd8e1f Mon Sep 17 00:00:00 2001
From: Gary Kotton <gkotton@vmware.com>
Date: Thu, 8 Jun 2017 02:15:39 -0700
Subject: [PATCH] NSX|V3: ensure 'exclude' tag is correctly set

An port update with no port security delta resulted in the
exclude tag being dropped from the port.

This ensures that the tag is not dropped.

Change-Id: I98b1e63da82e81d4314a469149f928ae12032998
---
 vmware_nsx/plugins/nsx_v3/plugin.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/vmware_nsx/plugins/nsx_v3/plugin.py b/vmware_nsx/plugins/nsx_v3/plugin.py
index 8a66b5e105..f9823b3b00 100644
--- a/vmware_nsx/plugins/nsx_v3/plugin.py
+++ b/vmware_nsx/plugins/nsx_v3/plugin.py
@@ -2381,6 +2381,12 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
             if not updated_excluded:
                 tags_update.append({'scope': security.PORT_SG_SCOPE,
                                     'tag': NSX_V3_DEFAULT_SECTION})
+            else:
+                # Ensure that the 'exclude' tag is set
+                if self.nsxlib.feature_supported(
+                    nsxlib_consts.FEATURE_EXCLUDE_PORT_BY_TAG):
+                    tags_update.append({'scope': security.PORT_SG_SCOPE,
+                                        'tag': nsxlib_consts.EXCLUDE_PORT})
         else:
             self._update_lport_with_security_groups(
                 context, lport_id,