Fix subnet-deletion issue

Commit 31fa23d84c9054fb4cfebccef953bf6839698a1d changed the way that
subnet deletion worked. This broke the plugin due to the fact that
port was updated when a subnet is deleted. This results in an
exception for port security validations.

So here we have a dodgy way of finding out that we need to skip this
validation

Change-Id: Idf703cb8d5618799306c6e3b4ab144abb0caa665

vmware_nsx/plugins/nsx_v3/plugin.py

@@ -2158,7 +2158,7 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
         super(NsxV3Plugin, self).delete_port(context, port_id)
 
     def _update_port_preprocess_security(
-            self, context, port, id, updated_port):
+            self, context, port, id, updated_port, validate_port_sec=True):
         delete_addr_pairs = self._check_update_deletes_allowed_address_pairs(
             port)
         has_addr_pairs = self._check_update_has_allowed_address_pairs(port)
@@ -2194,7 +2194,8 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
 
         # checks if security groups were updated adding/modifying
         # security groups, port security is set and port has ip
-        if not (has_ip and updated_port[psec.PORTSECURITY]):
+        if (validate_port_sec and
+            not (has_ip and updated_port[psec.PORTSECURITY])):
             if has_security_groups:
                 raise psec.PortSecurityAndIPRequiredForSecurityGroups()
             # Update did not have security groups passed in. Check
@@ -2365,6 +2366,15 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
     def update_port(self, context, id, port):
         switch_profile_ids = None
 
+        # Need to determine if we skip validations for port security.
+        # This is the edge case when the subnet is deleted.
+        validate_port_sec = True
+        fixed_ips = port['port'].get('fixed_ips', [])
+        for fixed_ip in fixed_ips:
+            if 'delete_subnet' in fixed_ip:
+                validate_port_sec = False
+                break
+
         with context.session.begin(subtransactions=True):
             original_port = super(NsxV3Plugin, self).get_port(context, id)
             nsx_lswitch_id, nsx_lport_id = nsx_db.get_nsx_switch_and_port_id(
@@ -2394,7 +2404,7 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
             updated_port.update(port['port'])
 
             updated_port = self._update_port_preprocess_security(
-                context, port, id, updated_port)
+                context, port, id, updated_port, validate_port_sec)
 
             self._update_extra_dhcp_opts_on_port(context, id, port,
                                                  updated_port)

vmware_nsx/tests/unit/nsx_v3/test_plugin.py

@@ -235,9 +235,6 @@ class TestNetworksV2(test_plugin.TestNetworksV2, NsxV3PluginTestCaseMixin):
 
 class TestSubnetsV2(test_plugin.TestSubnetsV2, NsxV3PluginTestCaseMixin):
 
-    def test_delete_subnet_ipv6_slaac_port_exists(self):
-        self.skipTest('No DHCP v6 Support yet')
-
     def test_create_subnet_with_shared_address_space(self):
         with self.network() as network:
             data = {'subnet': {'network_id': network['network']['id'],