From 58b5f0b478c5872a019aa29102a86b87f3576209 Mon Sep 17 00:00:00 2001
From: Adit Sarfaty <asarfaty@vmware.com>
Date: Tue, 16 Jan 2018 11:03:21 +0200
Subject: [PATCH] Fix VPN api as the NSX api changed

Catching up with different VPN api changes done in the NSX

Change-Id: I78263af403056c9282da5799b9f64b3d8f22b80d
Depends-on: I32d6593860844bd23bb251c3fe30957c6efb9c2a
---
 vmware_nsx/services/vpnaas/nsxv3/ipsec_driver.py     |  3 +--
 vmware_nsx/services/vpnaas/nsxv3/ipsec_utils.py      |  2 --
 vmware_nsx/services/vpnaas/nsxv3/ipsec_validator.py  | 12 ++++++++----
 .../tests/unit/services/vpnaas/test_nsxv3_vpnaas.py  |  6 +++---
 4 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/vmware_nsx/services/vpnaas/nsxv3/ipsec_driver.py b/vmware_nsx/services/vpnaas/nsxv3/ipsec_driver.py
index 2c46d71bbf..a21a8a3eeb 100644
--- a/vmware_nsx/services/vpnaas/nsxv3/ipsec_driver.py
+++ b/vmware_nsx/services/vpnaas/nsxv3/ipsec_driver.py
@@ -186,7 +186,6 @@ class NSXv3IPsecVpnDriver(service_drivers.VpnDriver):
                 ike_version=ipsec_utils.IKE_VERSION_MAP[
                     ikepolicy['ike_version']],
                 dh_group=ipsec_utils.PFS_MAP[ikepolicy['pfs']],
-                pfs=True,
                 sa_life_time=ikepolicy['lifetime']['value'],
                 tags=self._nsx_tags(context, connection))
         except nsx_lib_exc.ManagerError as e:
@@ -593,7 +592,7 @@ class NSXv3IPsecVpnDriver(service_drivers.VpnDriver):
         # Note(asarfaty) we expect only a small number of services
         services = self._nsx_vpn.service.list()['results']
         for srv in services:
-            if srv['logical_router_id']['target_id'] == tier0_uuid:
+            if srv['logical_router_id'] == tier0_uuid:
                 # if it exists but disabled: issue an error
                 if not srv.get('enabled', True):
                     msg = _("NSX vpn service %s must be enabled") % srv['id']
diff --git a/vmware_nsx/services/vpnaas/nsxv3/ipsec_utils.py b/vmware_nsx/services/vpnaas/nsxv3/ipsec_utils.py
index 7d89c994b8..4ed12b42ee 100644
--- a/vmware_nsx/services/vpnaas/nsxv3/ipsec_utils.py
+++ b/vmware_nsx/services/vpnaas/nsxv3/ipsec_utils.py
@@ -26,8 +26,6 @@ AUTH_ALGORITHM_MAP = {
 }
 
 PFS_MAP = {
-    'group2': vpn_ipsec.DHGroupTypes.DH_GROUP_2,
-    'group5': vpn_ipsec.DHGroupTypes.DH_GROUP_5,
     'group14': vpn_ipsec.DHGroupTypes.DH_GROUP_14
 }
 
diff --git a/vmware_nsx/services/vpnaas/nsxv3/ipsec_validator.py b/vmware_nsx/services/vpnaas/nsxv3/ipsec_validator.py
index d9fe3ad038..7d0640d308 100644
--- a/vmware_nsx/services/vpnaas/nsxv3/ipsec_validator.py
+++ b/vmware_nsx/services/vpnaas/nsxv3/ipsec_validator.py
@@ -71,14 +71,18 @@ class IPsecV3Validator(vpn_validator.VpnReferenceValidator):
                         'val': lifetime, 'pol': policy_type}
             raise nsx_exc.NsxVpnValidationError(details=msg)
         value = lifetime.get('value')
-        if (value and (value < vpn_ipsec.SALifetimeLimits.SA_LIFETIME_MIN or
-            value > vpn_ipsec.SALifetimeLimits.SA_LIFETIME_MAX)):
+        if policy_type == 'IKE':
+            limits = vpn_ipsec.IkeSALifetimeLimits
+        else:
+            limits = vpn_ipsec.IPsecSALifetimeLimits
+        if (value and (value < limits.SA_LIFETIME_MIN or
+            value > limits.SA_LIFETIME_MAX)):
             msg = _("Unsupported policy lifetime %(value)s in %(pol)s policy. "
                     "Value range is [%(min)s-%(max)s].") % {
                         'value': value,
                         'pol': policy_type,
-                        'min': vpn_ipsec.SALifetimeLimits.SA_LIFETIME_MIN,
-                        'max': vpn_ipsec.SALifetimeLimits.SA_LIFETIME_MAX}
+                        'min': limits.SA_LIFETIME_MIN,
+                        'max': limits.SA_LIFETIME_MAX}
             raise nsx_exc.NsxVpnValidationError(details=msg)
 
     def _validate_policy_auth_algorithm(self, policy_info, policy_type):
diff --git a/vmware_nsx/tests/unit/services/vpnaas/test_nsxv3_vpnaas.py b/vmware_nsx/tests/unit/services/vpnaas/test_nsxv3_vpnaas.py
index 6bb9aa55bf..bc3ab7a6be 100644
--- a/vmware_nsx/tests/unit/services/vpnaas/test_nsxv3_vpnaas.py
+++ b/vmware_nsx/tests/unit/services/vpnaas/test_nsxv3_vpnaas.py
@@ -54,7 +54,7 @@ class TestDriverValidation(base.BaseTestCase):
             self.validator.validate_ipsec_policy)
 
     def _test_lifetime_seconds_values_at_limits(self, validation_func):
-        policy_info = {'lifetime': {'units': 'seconds', 'value': 90}}
+        policy_info = {'lifetime': {'units': 'seconds', 'value': 21600}}
         validation_func(self.context, policy_info)
         policy_info = {'lifetime': {'units': 'seconds', 'value': 86400}}
         validation_func(self.context, policy_info)
@@ -128,7 +128,7 @@ class TestDriverValidation(base.BaseTestCase):
                           validation_func,
                           self.context, policy_info)
 
-        policy_info = {'pfs': 'group5'}
+        policy_info = {'pfs': 'group14'}
         validation_func(self.context, policy_info)
 
     def test_ipsec_pfs(self):
@@ -243,7 +243,7 @@ class TestDriverValidation(base.BaseTestCase):
         self._test_conn_validation(conn_params=params, success=False)
 
         params = {'dpd': {'action': 'hold',
-                          'timeout': 5}}
+                          'timeout': 2}}
         self._test_conn_validation(conn_params=params, success=False)
 
     def test_check_unique_addresses(self):