NSXV: handle missing SG mapping

When creating rules, the plugin fetches the SG mapping from Neutron DB. If this mapping is missing, the plugin should issue a proper error and fail. Change-Id: Icd00116dc6e81949513db18f16eced8a2b125c7d
2021-04-06 16:05:37 +03:00 · 2021-04-06 16:05:37 +03:00 · fe0264d35a
parent 52084e3a2e
commit fe0264d35a
1 changed files with 3 additions and 0 deletions
--- a/vmware_nsx/plugins/nsx_v/plugin.py
+++ b/vmware_nsx/plugins/nsx_v/plugin.py
@ -4814,6 +4814,9 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
        with locking.LockManager.get_lock('rule-update-%s' % sg_id):
            # Querying DB for associated dfw section id
            section_uri = self._get_section_uri(context.session, sg_id)
+            if not section_uri:
+                error = "NSX mapping for security group %s not found" % sg_id
+                raise nsx_exc.NsxPluginException(err_msg=error)
            logged = self._is_security_group_logged(context, sg_id)
            provider = self._is_provider_security_group(context, sg_id)
            log_all_rules = cfg.CONF.nsxv.log_security_groups_allowed_traffic