Use Ids for predefined NSX switching profiles

As these profiles have hardcoded Ids, it is much safer and efficient to use directly the resource Ids rather than fetching resources by name. Change-Id: Iba462a1fe1209f5e31be93eef3ecd450e16a5138
2021-08-23 09:23:42 -07:00 · 2021-08-23 09:23:42 -07:00 · c0302df414
parent e5e0808cfd
commit c0302df414
1 changed files with 16 additions and 17 deletions
--- a/vmware_nsx/plugins/nsx_v3/plugin.py
+++ b/vmware_nsx/plugins/nsx_v3/plugin.py
@ -115,16 +115,17 @@ from vmware_nsxlib.v3 import utils as nsxlib_utils


 LOG = log.getLogger(__name__)
-NSX_V3_NO_PSEC_PROFILE_NAME = 'nsx-default-spoof-guard-vif-profile'
+# Hardcoded NSX Profile IDs
+NSX_V3_NO_PSEC_PROFILE_ID = 'fad98876-d7ff-11e4-b9d6-1681e6b88ec1'
+NSX_V3_NON_VIF_PROFILE_ID = '47ffda0e-035f-4900-83e4-0a2086813ede'
+NSX_V3_NON_VIF_ENS_PROFILE_ID = '04b4dd63-0eba-47f2-a310-2dde25471c51'
+# Plugin-created profiles and firewall sections
 NSX_V3_MAC_LEARNING_PROFILE_NAME = 'neutron_port_mac_learning_profile'
 NSX_V3_MAC_DISABLED_PROFILE_NAME = 'neutron_port_mac_learning_disabled_profile'
 NSX_V3_FW_DEFAULT_SECTION = 'OS Default Section for Neutron Security-Groups'
 NSX_V3_FW_DEFAULT_NS_GROUP = 'os_default_section_ns_group'
 NSX_V3_DEFAULT_SECTION = 'OS-Default-Section'
 NSX_V3_EXCLUDED_PORT_NSGROUP_NAME = 'neutron_excluded_port_nsgroup'
-NSX_V3_NON_VIF_PROFILE = 'nsx-default-switch-security-non-vif-profile'
-NSX_V3_NON_VIF_ENS_PROFILE = \
-    'nsx-default-switch-security-non-vif-profile-for-ens'
 NSX_V3_SERVER_SSL_PROFILE = 'nsx-default-server-ssl-profile'
 NSX_V3_CLIENT_SSL_PROFILE = 'nsx-default-client-ssl-profile'

@ -488,11 +489,10 @@ class NsxV3Plugin(nsx_plugin_common.NsxPluginV3Base,
            msg = _("Unable to initialize NSX v3 port spoofguard switching "
                    "profile: %s") % v3_utils.NSX_V3_PSEC_PROFILE_NAME
            raise nsx_exc.NsxPluginException(err_msg=msg)
-        profile_client = self.nsxlib.switching_profile
-        no_psec_prof = profile_client.find_by_display_name(
-            NSX_V3_NO_PSEC_PROFILE_NAME)[0]
-        self._no_psec_profile_id = profile_client.build_switch_profile_ids(
-            profile_client, no_psec_prof)[0]
+
+        self._no_psec_profile_id = nsx_resources.SwitchingProfileTypeId(
+            profile_type=(nsx_resources.SwitchingProfileTypes.SPOOF_GUARD),
+            profile_id=NSX_V3_NO_PSEC_PROFILE_ID)

        LOG.debug("Initializing NSX v3 DHCP switching profile")
        try:
@ -519,14 +519,13 @@ class NsxV3Plugin(nsx_plugin_common.NsxPluginV3Base,
                            {'name': NSX_V3_MAC_LEARNING_PROFILE_NAME,
                             'reason': e})

-        no_switch_security_prof = profile_client.find_by_display_name(
-                NSX_V3_NON_VIF_PROFILE)[0]
-        self._no_switch_security = profile_client.build_switch_profile_ids(
-            profile_client, no_switch_security_prof)[0]
-        no_switch_security_prof = profile_client.find_by_display_name(
-                NSX_V3_NON_VIF_ENS_PROFILE)[0]
-        self._no_switch_security_ens = profile_client.build_switch_profile_ids(
-            profile_client, no_switch_security_prof)[0]
+        self._no_switch_security = nsx_resources.SwitchingProfileTypeId(
+            profile_type=(nsx_resources.SwitchingProfileTypes.SWITCH_SECURITY),
+            profile_id=NSX_V3_NON_VIF_PROFILE_ID)
+
+        self._no_switch_security_ens = nsx_resources.SwitchingProfileTypeId(
+            profile_type=(nsx_resources.SwitchingProfileTypes.SWITCH_SECURITY),
+            profile_id=NSX_V3_NON_VIF_ENS_PROFILE_ID)

        self.server_ssl_profile = None
        self.client_ssl_profile = None