From 7fc8e0da9a49711cb154c3428c5b4fcd341da356 Mon Sep 17 00:00:00 2001
From: asarfaty <asarfaty@vmware.com>
Date: Wed, 11 Nov 2020 10:44:27 +0200
Subject: [PATCH] NSX|V: fix rule ID for FWaaS v2 rules

The DB rule id must contain the vnic as well so there are no DB
duplications when adding the same rule to multiple router interfaces.

Change-Id: I817d9434715d7bd3cba266575321d4c89bf173e4
---
 vmware_nsx/services/fwaas/nsx_v/fwaas_callbacks_v2.py | 6 ++++--
 vmware_nsx/tests/unit/nsx_v/test_fwaas_v2_driver.py   | 6 ++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/vmware_nsx/services/fwaas/nsx_v/fwaas_callbacks_v2.py b/vmware_nsx/services/fwaas/nsx_v/fwaas_callbacks_v2.py
index ef007f3106..69e2aa159a 100644
--- a/vmware_nsx/services/fwaas/nsx_v/fwaas_callbacks_v2.py
+++ b/vmware_nsx/services/fwaas/nsx_v/fwaas_callbacks_v2.py
@@ -157,9 +157,11 @@ class NsxvFwaasCallbacksV2(com_callbacks.NsxFwaasCallbacksV2):
                 # update rules ID to prevent DB duplications in
                 # NsxvEdgeFirewallRuleBinding
                 if is_ingress:
-                    rule['id'] = ('ingress-%s' % rule['id'])[:36]
+                    rule['id'] = ('ingress-%s-%s' % (replace_dest,
+                                                     rule['id']))[:36]
                 else:
-                    rule['id'] = ('egress-%s' % rule['id'])[:36]
+                    rule['id'] = ('egress-%s-%s' % (replace_src,
+                                                    rule['id']))[:36]
             # source & destination should be lists
             if (rule.get('destination_ip_address') and
                 not rule['destination_ip_address'].startswith('0.0.0.0')):
diff --git a/vmware_nsx/tests/unit/nsx_v/test_fwaas_v2_driver.py b/vmware_nsx/tests/unit/nsx_v/test_fwaas_v2_driver.py
index 128f5b5524..70597ffc7a 100644
--- a/vmware_nsx/tests/unit/nsx_v/test_fwaas_v2_driver.py
+++ b/vmware_nsx/tests/unit/nsx_v/test_fwaas_v2_driver.py
@@ -152,9 +152,11 @@ class NsxvFwaasTestCase(test_v_plugin.NsxVPluginV2TestCase):
                             (rule.get('name') or rule['id']))[:30]
             if rule.get('id'):
                 if is_ingress:
-                    rule['id'] = ('ingress-%s' % rule['id'])[:36]
+                    rule['id'] = ('ingress-%s-%s' % (nsx_port_id,
+                                                     rule['id']))[:36]
                 else:
-                    rule['id'] = ('egress-%s' % rule['id'])[:36]
+                    rule['id'] = ('egress-%s-%s' % (nsx_port_id,
+                                                    rule['id']))[:36]
 
         return translated_rules