NSX|V3: ensure provider securiry updates are done

An update for the dynamic criteria tags is done by comparing the old and the new. The problem is that the provider security groups are part of the security groups and need to be removed from the normal security groups. This would result in the port to be updated but the tags not correctly set on the NSX. Change-Id: Ia100eb7e546124ca588b1306db63ae6f24d39e9f
2017-11-16 20:10:00 +02:00 · 2017-11-16 20:10:00 +02:00 · 20f0f66389
commit 20f0f66389
parent 5d71e0423c
2 changed files with 16 additions and 1 deletions
--- a/vmware_nsx/plugins/nsx_v3/plugin.py
+++ b/vmware_nsx/plugins/nsx_v3/plugin.py
@ -2860,6 +2860,7 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,

        with db_api.context_manager.writer.using(context):
            original_port = super(NsxV3Plugin, self).get_port(context, id)
+            self._remove_provider_security_groups_from_list(original_port)
            port_data = port['port']
            nsx_lswitch_id, nsx_lport_id = nsx_db.get_nsx_switch_and_port_id(
                context.session, id)
@ -2918,6 +2919,7 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
                    raise n_exc.InvalidInput(error_message=msg)
                self._update_mac_learning_state(context, id,
                                                mac_learning_state)
+            self._remove_provider_security_groups_from_list(updated_port)

        address_bindings = self._build_address_bindings(updated_port)
        if port_security and address_bindings:
--- a/vmware_nsx/tests/unit/extensions/test_provider_security_groups.py
+++ b/vmware_nsx/tests/unit/extensions/test_provider_security_groups.py
@ -344,7 +344,20 @@ class ProviderSecurityGroupExtTestCase(

 class TestNSXv3ProviderSecurityGrp(test_nsxv3_plugin.NsxV3PluginTestCaseMixin,
                                   ProviderSecurityGroupExtTestCase):
-    pass
+
+    def test_update_port_remove_provider_sg(self):
+        # need to create provider security group first.
+        self._create_provider_security_group()
+        with self.port(tenant_id=self._tenant_id) as p:
+            body = {'port': {'provider_security_groups': []}}
+            req = self.new_update_request('ports', body, p['port']['id'])
+            port = self.deserialize(self.fmt, req.get_response(self.api))
+            # confirm that the group has been removed.
+            self.assertEqual([], port['port']['provider_security_groups'])
+            # make sure that the security groups did not contain the provider
+            # security group
+            self.assertEqual(p['port']['security_groups'],
+                             port['port']['security_groups'])


 class TestNSXvProviderSecurityGroup(test_nsxv_plugin.NsxVPluginV2TestCase,