From 2af95011d5c8f859195dd652f6b1b2e170edc741 Mon Sep 17 00:00:00 2001
From: asarfaty <asarfaty@vmware.com>
Date: Sun, 7 Mar 2021 09:00:11 +0200
Subject: [PATCH] V2T migration: create SG rules after all groups

Becasue a security group rule can point to anotehr SG with remote-group-id
all the SGs must be created before all the rules.

Change-Id: Ie1eea0565887c2be30ce4a011b20f6724a59256d
---
 vmware_nsx/api_replay/client.py | 26 ++++++++++++++++----------
 1 file changed, 16 insertions(+), 10 deletions(-)

diff --git a/vmware_nsx/api_replay/client.py b/vmware_nsx/api_replay/client.py
index e491f64177..3b8e06be47 100644
--- a/vmware_nsx/api_replay/client.py
+++ b/vmware_nsx/api_replay/client.py
@@ -376,6 +376,7 @@ class ApiReplayClient(utils.PrepareObjectForMigration):
 
         total_num = len(source_sec_groups)
         LOG.info("Migrating %s security groups", total_num)
+        rules_dict = {}
         for count, sg in enumerate(source_sec_groups, 1):
             dest_sec_group = self.have_id(sg['id'], dest_sec_groups)
             # If the security group already exists on the dest_neutron
@@ -434,16 +435,21 @@ class ApiReplayClient(utils.PrepareObjectForMigration):
                         body = self.prepare_security_group_rule(sg_rule)
                         rules.append({'security_group_rule': body})
 
-                if not rules:
-                    continue
-                try:
-                    rules = self.dest_neutron.create_security_group_rule(
-                        {'security_group_rules': rules})
-                    LOG.debug("created %s security group rules for SG %s",
-                              len(rules), sg['id'])
-                except Exception as e:
-                    self.add_error("Failed to create security group %s "
-                                   "rules: %s" % (sg['id'], e))
+                # save rules to create once all the sgs are created
+                if rules:
+                    rules_dict[sg['id']] = rules
+
+        # Create the rules after all security groups are created to allow
+        # dependencies in remote_group_id
+        for sg_id in rules_dict:
+            try:
+                rules = self.dest_neutron.create_security_group_rule(
+                    {'security_group_rules': rules_dict[sg_id]})
+                LOG.debug("created %s security group rules for SG %s",
+                          len(rules), sg_id)
+            except Exception as e:
+                self.add_error("Failed to create security group %s "
+                               "rules: %s" % (sg_id, e))
 
     def get_dest_availablity_zones(self, resource):
         azs = self.dest_neutron.list_availability_zones()['availability_zones']