diff --git a/vmware_nsx/common/nsx_constants.py b/vmware_nsx/common/nsx_constants.py index a3033ed83a..f84a8f744f 100644 --- a/vmware_nsx/common/nsx_constants.py +++ b/vmware_nsx/common/nsx_constants.py @@ -54,6 +54,3 @@ VIF_TYPE_DVS = 'dvs' # NSXv3 L2 Gateway constants BRIDGE_ENDPOINT = "BRIDGEENDPOINT" - -# NSXv3 tag constants -SHARED_TAG_TENANT_ID = "neutron-nsx-plugin" diff --git a/vmware_nsx/common/utils.py b/vmware_nsx/common/utils.py index dfed4bb84e..1ffedbc20e 100644 --- a/vmware_nsx/common/utils.py +++ b/vmware_nsx/common/utils.py @@ -88,6 +88,17 @@ def check_and_truncate(display_name): return display_name or '' +def build_v3_api_version_tag(): + """ + Some resources are created on the manager that do not have a corresponding + Neutron resource. + """ + return [{'scope': 'os-neutron-id', + 'tag': 'NSX neutron plug-in'}, + {'scope': "os-api-version", + 'tag': version.version_info.release_string()}] + + def build_v3_tags_payload(logical_entity): """ Construct the tags payload that will be pushed to NSX-v3 diff --git a/vmware_nsx/nsxlib/v3/security.py b/vmware_nsx/nsxlib/v3/security.py index d17a7f126e..b330d3deb8 100644 --- a/vmware_nsx/nsxlib/v3/security.py +++ b/vmware_nsx/nsxlib/v3/security.py @@ -20,7 +20,6 @@ NSX-V3 Plugin security integration module from neutron.db import securitygroups_db -from vmware_nsx.common import nsx_constants from vmware_nsx.common import utils from vmware_nsx.db import nsx_models from vmware_nsx.nsxlib.v3 import dfw_api as firewall @@ -234,9 +233,7 @@ def _init_default_section(name, description, nsgroup_id): else: section = firewall.create_empty_section( name, description, [nsgroup_id], - utils.build_v3_tags_payload({ - 'id': DEFAULT_SECTION_TAG_NAME, - 'tenant_id': nsx_constants.SHARED_TAG_TENANT_ID})) + utils.build_v3_api_version_tag()) block_rule = firewall.get_firewall_rule_dict( 'Block All', action=firewall.DROP) # TODO(roeyc): Add additional rules to allow IPV6 NDP. diff --git a/vmware_nsx/plugins/nsx_v3/plugin.py b/vmware_nsx/plugins/nsx_v3/plugin.py index 0b83205c08..f4be6252d7 100644 --- a/vmware_nsx/plugins/nsx_v3/plugin.py +++ b/vmware_nsx/plugins/nsx_v3/plugin.py @@ -184,9 +184,7 @@ class NsxV3Plugin(addr_pair_db.AllowedAddressPairsMixin, if not profile: self._switching_profiles.create_dhcp_profile( NSX_V3_DHCP_PROFILE_NAME, 'Neutron DHCP Security Profile', - tags=utils.build_v3_tags_payload({ - 'id': NSX_V3_DHCP_PROFILE_NAME, - 'tenant_id': nsx_constants.SHARED_TAG_TENANT_ID})) + tags=utils.build_v3_api_version_tag()) return self._get_dhcp_security_profile() def _get_dhcp_security_profile(self): @@ -225,9 +223,7 @@ class NsxV3Plugin(addr_pair_db.AllowedAddressPairsMixin, self._switching_profiles.create_spoofguard_profile( NSX_V3_PSEC_PROFILE_NAME, 'Neutron Port Security Profile', whitelist_ports=True, whitelist_switches=False, - tags=utils.build_v3_tags_payload({ - 'id': NSX_V3_PSEC_PROFILE_NAME, - 'tenant_id': nsx_constants.SHARED_TAG_TENANT_ID})) + tags=utils.build_v3_api_version_tag()) return self._get_port_security_profile() diff --git a/vmware_nsx/tests/unit/nsx_v3/test_plugin.py b/vmware_nsx/tests/unit/nsx_v3/test_plugin.py index 1aa625c162..ba3f6c3c3e 100644 --- a/vmware_nsx/tests/unit/nsx_v3/test_plugin.py +++ b/vmware_nsx/tests/unit/nsx_v3/test_plugin.py @@ -365,3 +365,11 @@ class TestNsxV3Utils(NsxV3PluginTestCaseMixin): {'scope': 'os-api-version', 'tag': version.version_info.release_string()}] self.assertEqual(expected, result) + + def test_build_v3_api_version_tag(self): + result = utils.build_v3_api_version_tag() + expected = [{'scope': 'os-neutron-id', + 'tag': 'NSX neutron plug-in'}, + {'scope': 'os-api-version', + 'tag': version.version_info.release_string()}] + self.assertEqual(expected, result)