Merge "Add tag for os default dfw section"

2015-12-05 00:40:40 +00:00 · 2015-12-05 00:40:40 +00:00 · 79555e941c
commit 79555e941c
parent 4456fab4f0 ffaf285425
3 changed files with 12 additions and 3 deletions
--- a/vmware_nsx/common/nsx_constants.py
+++ b/vmware_nsx/common/nsx_constants.py
@ -54,3 +54,6 @@ VIF_TYPE_DVS = 'dvs'

 # NSXv3 L2 Gateway constants
 BRIDGE_ENDPOINT = "BRIDGEENDPOINT"
+
+# NSXv3 tag constants
+SHARED_TAG_TENANT_ID = "neutron-nsx-plugin"
--- a/vmware_nsx/nsxlib/v3/security.py
+++ b/vmware_nsx/nsxlib/v3/security.py
@ -20,12 +20,15 @@ NSX-V3 Plugin security integration module

 from neutron.db import securitygroups_db

+from vmware_nsx.common import nsx_constants
+from vmware_nsx.common import utils
 from vmware_nsx.db import nsx_models
 from vmware_nsx.nsxlib.v3 import dfw_api as firewall


 NSGROUP_CONTAINER = 'NSGroup Container'
 DEFAULT_SECTION = 'OS default section for security-groups'
+DEFAULT_SECTION_TAG_NAME = 'neutron_default_dfw_section'


 def _get_l4_protocol_name(protocol_number):
@ -230,7 +233,10 @@ def _init_default_section(name, description, nsgroup_id):
            break
    else:
        section = firewall.create_empty_section(
-            name, description, [nsgroup_id], [])
+            name, description, [nsgroup_id],
+            utils.build_v3_tags_payload({
+                'id': DEFAULT_SECTION_TAG_NAME,
+                'tenant_id': nsx_constants.SHARED_TAG_TENANT_ID}))
        block_rule = firewall.get_firewall_rule_dict(
            'Block All', action=firewall.DROP)
        # TODO(roeyc): Add additional rules to allow IPV6 NDP.
--- a/vmware_nsx/plugins/nsx_v3/plugin.py
+++ b/vmware_nsx/plugins/nsx_v3/plugin.py
@ -181,7 +181,7 @@ class NsxV3Plugin(addr_pair_db.AllowedAddressPairsMixin,
                    NSX_V3_DHCP_PROFILE_NAME, 'Neutron DHCP Security Profile',
                    tags=utils.build_v3_tags_payload({
                        'id': NSX_V3_DHCP_PROFILE_NAME,
-                        'tenant_id': 'neutron-nsx-plugin'}))
+                        'tenant_id': nsx_constants.SHARED_TAG_TENANT_ID}))
            return self._get_dhcp_security_profile()

    def _get_dhcp_security_profile(self):
@ -222,7 +222,7 @@ class NsxV3Plugin(addr_pair_db.AllowedAddressPairsMixin,
                whitelist_ports=True, whitelist_switches=False,
                tags=utils.build_v3_tags_payload({
                    'id': NSX_V3_PSEC_PROFILE_NAME,
-                    'tenant_id': 'neutron-nsx-plugin'}))
+                    'tenant_id': nsx_constants.SHARED_TAG_TENANT_ID}))

        return self._get_port_security_profile()