NSX|V3 prevent router SNAT with VPN service

When updating the router gateway to SNAT enabled, it should be blocked if a VPN service is defined for this router. This patch check for all relevant statuses of the vpn services Change-Id: Ia68f4fdec7359ddd2c7e97d6bcfcf987650fd47e
2018-07-11 09:29:19 +03:00 · 2018-07-11 09:29:19 +03:00 · 6be6f48309
commit 6be6f48309
parent 1a7454a261
1 changed files with 4 additions and 1 deletions
--- a/vmware_nsx/services/vpnaas/nsxv3/ipsec_driver.py
+++ b/vmware_nsx/services/vpnaas/nsxv3/ipsec_driver.py
@ -437,8 +437,11 @@ class NSXv3IPsecVpnDriver(service_drivers.VpnDriver):
        """Upon router gw update - verify no-snat"""
        # check if this router has a vpn service
        admin_con = context.elevated()
+        # get all relevant services, except those waiting to be deleted or in
+        # ERROR state
        filters = {'router_id': [router_id],
-                   'status': [constants.ACTIVE]}
+                   'status': [constants.ACTIVE, constants.PENDING_CREATE,
+                              constants.INACTIVE, constants.PENDING_UPDATE]}
        services = self.vpn_plugin.get_vpnservices(admin_con, filters=filters)
        if services:
            # do not allow enable-snat