V2T: Fix bulk rules creation

Need to remove the default rules or else the entire call will fail Change-Id: I06cfa5d670789eeb7e9613c8f9db5741c7f786c4
2021-02-18 08:49:22 +02:00 · 2021-02-18 08:49:22 +02:00 · e4a7b66502
parent 4c0f3c9a00
commit e4a7b66502
1 changed files with 29 additions and 15 deletions
--- a/vmware_nsx/api_replay/client.py
+++ b/vmware_nsx/api_replay/client.py
@ -384,23 +384,37 @@ class ApiReplayClient(utils.PrepareObjectForMigration):
                    n_errors = n_errors + 1

                # Use bulk rules creation for the rules of the SG
-                if sg_rules:
-                    rules = []
-                    for sg_rule in sg_rules:
+                if not sg_rules:
+                    continue
+                rules = []
+                for sg_rule in sg_rules:
+                    # skip the default rules that were already created
+                    skip = False
+                    created_rules = new_sg['security_group'].get(
+                        'security_group_rules', [])
+                    for rule in created_rules:
+                        if (rule['direction'] == sg_rule['direction'] and
+                            rule['ethertype'] == sg_rule['ethertype'] and
+                            rule['remote_group_id'] ==
+                                sg_rule['remote_group_id'] and
+                            not rule['protocol']):
+                            skip = True
+                            break
+                    if not skip:
                        body = self.prepare_security_group_rule(sg_rule)
                        rules.append({'security_group_rule': body})
-                    try:
-                        rules = self.dest_neutron.create_security_group_rule(
-                            {'security_group_rules': rules})
-                        LOG.debug("created %s security group rules for SG %s",
-                                  len(rules), sg['id'])
-                    except Exception:
-                        # NOTE(arosen): when you create a default
-                        # security group it is automatically populated
-                        # with some rules. When we go to create the rules
-                        # that already exist because of a match an error
-                        # is raised here but that's okay.
-                        pass
+
+                if not rules:
+                    continue
+                try:
+                    rules = self.dest_neutron.create_security_group_rule(
+                        {'security_group_rules': rules})
+                    LOG.debug("created %s security group rules for SG %s",
+                              len(rules), sg['id'])
+                except Exception as e:
+                    LOG.error("Failed to create security group %s "
+                              "rules: %s", sg['id'], e)
+                    n_errors = n_errors + 1

    def get_dest_availablity_zones(self, resource):
        azs = self.dest_neutron.list_availability_zones()['availability_zones']