Merge "NSX|V: Fix SG icmp rules creation"
This commit is contained in:
commit
4d01aee204
|
@ -117,8 +117,14 @@ class NsxSecurityGroupUtils(object):
|
||||||
svcPortTag = et.SubElement(svcTag, 'subProtocol')
|
svcPortTag = et.SubElement(svcTag, 'subProtocol')
|
||||||
svcPortTag.text = str(icmptype)
|
svcPortTag.text = str(icmptype)
|
||||||
if icmpcode is not None:
|
if icmpcode is not None:
|
||||||
svcPortTag = et.SubElement(svcTag, 'icmpCode')
|
if icmptype in ('0', '8') and icmpcode == '0':
|
||||||
svcPortTag.text = str(icmpcode)
|
# icmpcode 0 should not be sent
|
||||||
|
# TODO(asarfaty): Validate if this is needed for all
|
||||||
|
# NSX versions and all icmp types
|
||||||
|
pass
|
||||||
|
else:
|
||||||
|
svcPortTag = et.SubElement(svcTag, 'icmpCode')
|
||||||
|
svcPortTag.text = str(icmpcode)
|
||||||
|
|
||||||
if application_services:
|
if application_services:
|
||||||
s = et.SubElement(ruleTag, 'services')
|
s = et.SubElement(ruleTag, 'services')
|
||||||
|
@ -150,6 +156,7 @@ class NsxSecurityGroupUtils(object):
|
||||||
|
|
||||||
def fix_existing_section_rules(self, section):
|
def fix_existing_section_rules(self, section):
|
||||||
# fix section existing rules before extending it with new rules
|
# fix section existing rules before extending it with new rules
|
||||||
|
# TODO(asarfaty): Validate if this is needed for all NSX versions
|
||||||
for rule in section.iter('rule'):
|
for rule in section.iter('rule'):
|
||||||
services = rule.find('services')
|
services = rule.find('services')
|
||||||
if services:
|
if services:
|
||||||
|
|
Loading…
Reference in New Issue