From 5c3680833224991377d4712f07729796c00c9a72 Mon Sep 17 00:00:00 2001
From: asarfaty <asarfaty@vmware.com>
Date: Wed, 11 Nov 2020 10:44:27 +0200
Subject: [PATCH] NSX|V: fix rule ID for FWaaS v2 rules

The DB rule id must contain the vnic as well so there are no DB
duplications when adding the same rule to multiple router interfaces.

Change-Id: I817d9434715d7bd3cba266575321d4c89bf173e4
---
 vmware_nsx/services/fwaas/nsx_v/fwaas_callbacks_v2.py | 6 ++++--
 vmware_nsx/tests/unit/nsx_v/test_fwaas_v2_driver.py   | 6 ++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/vmware_nsx/services/fwaas/nsx_v/fwaas_callbacks_v2.py b/vmware_nsx/services/fwaas/nsx_v/fwaas_callbacks_v2.py
index ef007f3106..69e2aa159a 100644
--- a/vmware_nsx/services/fwaas/nsx_v/fwaas_callbacks_v2.py
+++ b/vmware_nsx/services/fwaas/nsx_v/fwaas_callbacks_v2.py
@@ -157,9 +157,11 @@ class NsxvFwaasCallbacksV2(com_callbacks.NsxFwaasCallbacksV2):
                 # update rules ID to prevent DB duplications in
                 # NsxvEdgeFirewallRuleBinding
                 if is_ingress:
-                    rule['id'] = ('ingress-%s' % rule['id'])[:36]
+                    rule['id'] = ('ingress-%s-%s' % (replace_dest,
+                                                     rule['id']))[:36]
                 else:
-                    rule['id'] = ('egress-%s' % rule['id'])[:36]
+                    rule['id'] = ('egress-%s-%s' % (replace_src,
+                                                    rule['id']))[:36]
             # source & destination should be lists
             if (rule.get('destination_ip_address') and
                 not rule['destination_ip_address'].startswith('0.0.0.0')):
diff --git a/vmware_nsx/tests/unit/nsx_v/test_fwaas_v2_driver.py b/vmware_nsx/tests/unit/nsx_v/test_fwaas_v2_driver.py
index 378a95f7a7..7e0bed377b 100644
--- a/vmware_nsx/tests/unit/nsx_v/test_fwaas_v2_driver.py
+++ b/vmware_nsx/tests/unit/nsx_v/test_fwaas_v2_driver.py
@@ -152,9 +152,11 @@ class NsxvFwaasTestCase(test_v_plugin.NsxVPluginV2TestCase):
                             (rule.get('name') or rule['id']))[:30]
             if rule.get('id'):
                 if is_ingress:
-                    rule['id'] = ('ingress-%s' % rule['id'])[:36]
+                    rule['id'] = ('ingress-%s-%s' % (nsx_port_id,
+                                                     rule['id']))[:36]
                 else:
-                    rule['id'] = ('egress-%s' % rule['id'])[:36]
+                    rule['id'] = ('egress-%s-%s' % (nsx_port_id,
+                                                    rule['id']))[:36]
 
         return translated_rules