[MP2P] Amend default security group post migration

Ensure the expression captures both migrated ports and newly
created ports.

Change-Id: I0664d7aee37430f4d1c31aac408b2528430e6ab7
This commit is contained in:
Salvatore Orlando 2021-04-26 08:51:30 -07:00
parent 8a14e8a906
commit 7898937cfa

View File

@ -49,6 +49,7 @@ from vmware_nsxlib.v3 import nsx_constants
from vmware_nsxlib.v3.policy import constants as policy_constants from vmware_nsxlib.v3.policy import constants as policy_constants
from vmware_nsxlib.v3.policy import core_resources as policy_resources from vmware_nsxlib.v3.policy import core_resources as policy_resources
from vmware_nsxlib.v3.policy import utils as policy_utils from vmware_nsxlib.v3.policy import utils as policy_utils
from vmware_nsxlib.v3 import security
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
@ -1394,6 +1395,27 @@ def post_migration_actions(nsxlib, nsxpolicy, nsxpolicy_admin, plugin):
LOG.info("Starting post-migration actions") LOG.info("Starting post-migration actions")
ctx = context.get_admin_context() ctx = context.get_admin_context()
# -- Amend default security group criteria
mp_scope_and_tag = "%s|%s" % (security.PORT_SG_SCOPE,
v3_plugin.NSX_V3_DEFAULT_SECTION)
p_scope_and_tag = "%s|" % (p_plugin.NSX_P_PORT_RESOURCE_TYPE)
mp_condition = nsxpolicy.group.build_condition(
cond_val=mp_scope_and_tag,
cond_key=policy_constants.CONDITION_KEY_TAG,
cond_member_type=policy_constants.CONDITION_MEMBER_PORT)
p_condition = nsxpolicy.group.build_condition(
cond_val=p_scope_and_tag,
cond_key=policy_constants.CONDITION_KEY_TAG,
cond_member_type=policy_constants.CONDITION_MEMBER_PORT)
final_conditions = nsxpolicy.group.build_union_condition(
conditions=[mp_condition, p_condition])
nsxpolicy.group.update_with_conditions(
p_plugin.NSX_P_GLOBAL_DOMAIN_ID,
p_plugin.NSX_P_DEFAULT_GROUP,
conditions=final_conditions)
LOG.info("Match criteria for default SG group updated")
# -- Update Lb tags on loadbalancer service # -- Update Lb tags on loadbalancer service
pol_lb_services = nsxpolicy.load_balancer.lb_service.list() pol_lb_services = nsxpolicy.load_balancer.lb_service.list()
for lb_srv in pol_lb_services: for lb_srv in pol_lb_services: