When a compute port with a device-id has no port security, we should
add the device to the nsx exclude list, so the spoof guard will not block it
When the first port with no security is attached to a device, it will be added
to the exclude list. When the last port is detached from the device (or deleted),
the device will be removed from the exclude list
Managing the exclude list is done by retrieving the vm moref from the DVS,
and adding this moref to the exclude list api.
In addition we now allow creating a port without port security, even if the
on the network port security is enabled.
This feature depends on 3 NSXV configuration flags:
spoofguard_enabled=True
use_dvs_features=True
use_exclude_list=True (new flag, True by default)
DocImpact:New configuration flag for this feature use_exclude_list
(True by default)
Change-Id: I3c93c78f8ceca131ee319237d99a90282ab65a3a
14dadb6e3b