From d85dd105b80047ca0746c121e46d16cfffa5778b Mon Sep 17 00:00:00 2001
From: Gary Kotton <gkotton@vmware.com>
Date: Sun, 9 Apr 2017 06:26:09 -0700
Subject: [PATCH] NSX|V: provide admin utility to update default cluster
 section

Have an admin utility to update the default cluster section. This
will save restarting neutron every time a cluster is added/deleted.

Admin utility command is:
    nsxadmin -r firewall-sections -o nsx-update

The cluster modefs still need to be updated in the nsx.ini file

Change-Id: If750c150a1b624b5a321dc744e0f538b3a58c5b5
---
 doc/source/admin_util.rst                            |  4 ++++
 .../admin/plugins/nsxv/resources/securitygroups.py   | 12 ++++++++++++
 vmware_nsx/shell/resources.py                        |  4 ++++
 3 files changed, 20 insertions(+)

diff --git a/doc/source/admin_util.rst b/doc/source/admin_util.rst
index 26bed49d5d..20ab5303f4 100644
--- a/doc/source/admin_util.rst
+++ b/doc/source/admin_util.rst
@@ -197,6 +197,10 @@ Security Groups, Firewall and Spoofguard
 
     nsxadmin -r firewall-sections -o nsx-reorder
 
+- Update the default cluster section
+
+    nsxadmin -r firewall-sections -o nsx-update
+
 Metadata
 ~~~~~~~~
 
diff --git a/vmware_nsx/shell/admin/plugins/nsxv/resources/securitygroups.py b/vmware_nsx/shell/admin/plugins/nsxv/resources/securitygroups.py
index faa8731fba..075a971d43 100644
--- a/vmware_nsx/shell/admin/plugins/nsxv/resources/securitygroups.py
+++ b/vmware_nsx/shell/admin/plugins/nsxv/resources/securitygroups.py
@@ -406,6 +406,14 @@ def migrate_sg_to_policy(resource, event, trigger, **kwargs):
         LOG.info("Done.")
 
 
+@admin_utils.output_header
+def firewall_update_cluster_default_fw_section(resource, event, trigger,
+                                               **kwargs):
+    with utils.NsxVPluginWrapper() as plugin:
+        plugin._create_cluster_default_fw_section()
+        LOG.info("Cluster default FW section updated.")
+
+
 registry.subscribe(migrate_sg_to_policy,
                    constants.SECURITY_GROUPS,
                    shell.Operations.MIGRATE_TO_POLICY.value)
@@ -413,3 +421,7 @@ registry.subscribe(migrate_sg_to_policy,
 registry.subscribe(reorder_firewall_sections,
                    constants.FIREWALL_SECTIONS,
                    shell.Operations.NSX_REORDER.value)
+
+registry.subscribe(firewall_update_cluster_default_fw_section,
+                   constants.FIREWALL_SECTIONS,
+                   shell.Operations.NSX_UPDATE.value)
diff --git a/vmware_nsx/shell/resources.py b/vmware_nsx/shell/resources.py
index 2b129515bd..a10e4be4cd 100644
--- a/vmware_nsx/shell/resources.py
+++ b/vmware_nsx/shell/resources.py
@@ -150,6 +150,10 @@ nsxv_resources = {
     constants.FIREWALL_NSX_GROUPS: Resource(
         constants.FIREWALL_NSX_GROUPS, [Operations.LIST.value,
                                         Operations.LIST_MISMATCHES.value]),
+    constants.FIREWALL_SECTIONS: Resource(constants.FIREWALL_SECTIONS,
+                                          [Operations.LIST.value,
+                                           Operations.LIST_MISMATCHES.value,
+                                           Operations.NSX_UPDATE.value]),
     constants.METADATA: Resource(
         constants.METADATA, [Operations.NSX_UPDATE.value,
                              Operations.NSX_UPDATE_SECRET.value,