Ignore NotFound response when deleting firewall rule

Change-Id: Ib6496d7fe75f9762724af3f9cc3875632b412a70
2016-11-21 02:36:14 -08:00
parent fb60430e37
commit d86d2112a9
2 changed files with 28 additions and 5 deletions
--- a/vmware_nsx/plugins/nsx_v/plugin.py
+++ b/vmware_nsx/plugins/nsx_v/plugin.py
@@ -3476,11 +3476,10 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
            if nsx_rule_id and section_uri:
                self.nsx_v.vcns.remove_rule_from_section(
                    section_uri, nsx_rule_id)
-        except Exception:
-            # FIXME(roeyc): We assume backend failed because rule was not
-            # found. Should be fixed once backend is able to return the proper
-            # HTTP code.
-            LOG.warning(_LW("Failed to delete security group rule"))
+        except vsh_exc.ResourceNotFound:
+            LOG.debug("Security group rule %(id)s deleted, backend "
+                      "nsx-rule %(nsx_rule_id)s doesn't exist.",
+                      {'id': id, 'nsx_rule_id': nsx_rule_id})

        with context.session.begin(subtransactions=True):
            context.session.delete(rule_db)
--- a/vmware_nsx/plugins/nsx_v/vshield/common/VcnsApiClient.py
+++ b/vmware_nsx/plugins/nsx_v/vshield/common/VcnsApiClient.py
@@ -17,6 +17,7 @@ import base64
 from oslo_serialization import jsonutils
 import requests
 import six
+import xml.etree.ElementTree as et

 from vmware_nsx.plugins.nsx_v.vshield.common import exceptions

@@ -77,6 +78,11 @@ class VcnsApiHelper(object):
        503: exceptions.ServiceUnavailable
    }

+    nsx_errors = {
+        # firewall rule doesn't exists for deletion.
+        100046: exceptions.ResourceNotFound,
+    }
+
    def __init__(self, address, user, password, format='json', ca_file=None,
                 insecure=True):
        self.authToken = base64.encodestring(six.b("%s:%s" % (user, password)))
@@ -97,6 +103,19 @@ class VcnsApiHelper(object):
            else:
                self.verify_cert = True

+    def _get_nsx_errorcode(self, content):
+        try:
+            if self.format == 'xml':
+                error = et.fromstring(content).find('errorCode')
+                errcode = error and int(error.text)
+            else:  # json
+                error = jsonutils.loads(content)
+                errcode = int(error.get('errorCode'))
+            return errcode
+        except (TypeError, ValueError, et.ParseError):
+            # We won't assume that integer error-code value is guaranteed.
+            return None
+
    def request(self, method, uri, params=None, headers=None,
                encodeparams=True):
        uri = self.address + uri
@@ -122,10 +141,15 @@ class VcnsApiHelper(object):
                                    headers=headers)

        status = response.status_code
+
        if 200 <= status < 300:
            return response.headers, response.text
+
+        nsx_errcode = self._get_nsx_errorcode(response.text)
        if status in self.errors:
            cls = self.errors[status]
+        elif nsx_errcode in self.nsx_errors:
+            cls = self.nsx_errors[nsx_errcode]
        else:
            cls = exceptions.VcnsApiException
        raise cls(uri=uri, status=status,