NSX|V: Bug fixing for allowed address_pairs

Remove spoofguard mappings along with spoofguard on backend when network is set without port security. Change-Id: I03eac35ae0dfae1c716c54d972a2441c1d98f50a Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com> (cherry picked from commit 8f852c60f3)
2019-07-03 10:45:14 +03:00 · 2019-07-03 10:45:14 +03:00 · d96b6c6bf0
parent 32de032928
commit d96b6c6bf0
2 changed files with 7 additions and 0 deletions
--- a/vmware_nsx/db/nsxv_db.py
+++ b/vmware_nsx/db/nsxv_db.py
@ -684,6 +684,11 @@ def get_nsxv_spoofguard_policy_network_mappings(session, filters=None,
               filters, like_filters).all()


+def del_nsxv_spoofguard_binding(session, policy_id):
+    return (session.query(nsxv_models.NsxvSpoofGuardPolicyNetworkMapping).
+            filter_by(policy_id=policy_id).delete())
+
+
 def add_nsxv_lbaas_loadbalancer_binding(
        session, loadbalancer_id, edge_id, edge_fw_rule_id, vip_address):
    with session.begin(subtransactions=True):
--- a/vmware_nsx/plugins/nsx_v/plugin.py
+++ b/vmware_nsx/plugins/nsx_v/plugin.py
@ -1696,6 +1696,8 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
            if sg_policy:
                try:
                    self.nsx_v.vcns.delete_spoofguard_policy(sg_policy)
+                    nsxv_db.del_nsxv_spoofguard_binding(context.session,
+                                                        sg_policy)
                except Exception as e:
                    LOG.error('Unable to delete spoofguard policy '
                              '%(sg_policy)s. Error: %(e)s',