NSX|V3: fix tags for internal resoucres

Ensure that internal resource created on the NSX do not have data
that is not relevant, for example tenant_id.

Change-Id: Ib5f32f55d87fe1a41e7aba4550294fbfb6e4d367
Closes-bug: #1527084

vmware_nsx/common/nsx_constants.py

@@ -54,6 +54,3 @@ VIF_TYPE_DVS = 'dvs'
 
 # NSXv3 L2 Gateway constants
 BRIDGE_ENDPOINT = "BRIDGEENDPOINT"
-
-# NSXv3 tag constants
-SHARED_TAG_TENANT_ID = "neutron-nsx-plugin"

vmware_nsx/common/utils.py

@@ -88,6 +88,17 @@ def check_and_truncate(display_name):
     return display_name or ''
 
 
+def build_v3_api_version_tag():
+    """
+    Some resources are created on the manager that do not have a corresponding
+    Neutron resource.
+    """
+    return [{'scope': 'os-neutron-id',
+             'tag': 'NSX neutron plug-in'},
+            {'scope': "os-api-version",
+             'tag': version.version_info.release_string()}]
+
+
 def build_v3_tags_payload(logical_entity):
     """
     Construct the tags payload that will be pushed to NSX-v3

vmware_nsx/nsxlib/v3/security.py

@@ -20,7 +20,6 @@ NSX-V3 Plugin security integration module
 
 from neutron.db import securitygroups_db
 
-from vmware_nsx.common import nsx_constants
 from vmware_nsx.common import utils
 from vmware_nsx.db import nsx_models
 from vmware_nsx.nsxlib.v3 import dfw_api as firewall
@@ -234,9 +233,7 @@ def _init_default_section(name, description, nsgroup_id):
     else:
         section = firewall.create_empty_section(
             name, description, [nsgroup_id],
-            utils.build_v3_tags_payload({
-                'id': DEFAULT_SECTION_TAG_NAME,
-                'tenant_id': nsx_constants.SHARED_TAG_TENANT_ID}))
+            utils.build_v3_api_version_tag())
         block_rule = firewall.get_firewall_rule_dict(
             'Block All', action=firewall.DROP)
         # TODO(roeyc): Add additional rules to allow IPV6 NDP.

vmware_nsx/plugins/nsx_v3/plugin.py

@@ -184,9 +184,7 @@ class NsxV3Plugin(addr_pair_db.AllowedAddressPairsMixin,
             if not profile:
                 self._switching_profiles.create_dhcp_profile(
                     NSX_V3_DHCP_PROFILE_NAME, 'Neutron DHCP Security Profile',
-                    tags=utils.build_v3_tags_payload({
-                        'id': NSX_V3_DHCP_PROFILE_NAME,
-                        'tenant_id': nsx_constants.SHARED_TAG_TENANT_ID}))
+                    tags=utils.build_v3_api_version_tag())
             return self._get_dhcp_security_profile()
 
     def _get_dhcp_security_profile(self):
@@ -225,9 +223,7 @@ class NsxV3Plugin(addr_pair_db.AllowedAddressPairsMixin,
             self._switching_profiles.create_spoofguard_profile(
                 NSX_V3_PSEC_PROFILE_NAME, 'Neutron Port Security Profile',
                 whitelist_ports=True, whitelist_switches=False,
-                tags=utils.build_v3_tags_payload({
-                    'id': NSX_V3_PSEC_PROFILE_NAME,
-                    'tenant_id': nsx_constants.SHARED_TAG_TENANT_ID}))
+                tags=utils.build_v3_api_version_tag())
 
         return self._get_port_security_profile()
 

vmware_nsx/tests/unit/nsx_v3/test_plugin.py

@@ -365,3 +365,11 @@ class TestNsxV3Utils(NsxV3PluginTestCaseMixin):
                     {'scope': 'os-api-version',
                      'tag': version.version_info.release_string()}]
         self.assertEqual(expected, result)
+
+    def test_build_v3_api_version_tag(self):
+        result = utils.build_v3_api_version_tag()
+        expected = [{'scope': 'os-neutron-id',
+                     'tag': 'NSX neutron plug-in'},
+                    {'scope': 'os-api-version',
+                     'tag': version.version_info.release_string()}]
+        self.assertEqual(expected, result)