Add revision_id when creating FW rule

NSXT backend recently enforced POST FW rule API to have the revision id in the request body. This patch added revision id for both add_rule and add_rules method. If the revision is not valid we will do a retry. Change-Id: If343c6f256dda6bcbe300c10863df6cc6cfa4b3e
5 years ago · f5d7d1aa97
parent e483b2d70f
commit f5d7d1aa97
2 changed files with 25 additions and 6 deletions
--- a/vmware_nsxlib/v3/nsx_constants.py
+++ b/vmware_nsxlib/v3/nsx_constants.py
@ -125,6 +125,7 @@ NSX_VERSION_1_1_0 = '1.1.0'
 NSX_VERSION_2_0_0 = '2.0.0'
 NSX_VERSION_2_1_0 = '2.1.0'
 NSX_VERSION_2_2_0 = '2.2.0'
+NSX_VERSION_2_3_0 = '2.3.0'
 NSX_VERSION_3_0_0 = '3.0.0'

 # Features available depending on the backend version
--- a/vmware_nsxlib/v3/security.py
+++ b/vmware_nsxlib/v3/security.py
@ -18,6 +18,8 @@
 NSX-V3 Plugin security & Distributed Firewall integration module
 """

+from distutils import version
+
 from oslo_log import log
 from oslo_utils import excutils

@ -457,14 +459,30 @@ class NsxLibFirewallSection(utils.NsxLibApiBase):
        return rule_dict

    def add_rule(self, rule, section_id, operation=consts.FW_INSERT_BOTTOM):
-        resource = '%s/rules' % self.get_path(section_id)
-        params = '?operation=%s' % operation
-        return self._create_with_retry(resource + params, rule)
+        @utils.retry_upon_exception(exceptions.StaleRevision,
+                                    max_attempts=self.client.max_attempts)
+        def do_add_rule():
+            resource = '%s/rules' % self.get_path(section_id)
+            params = '?operation=%s' % operation
+            if (version.LooseVersion(self.nsxlib.get_version()) >=
+                version.LooseVersion(consts.NSX_VERSION_2_3_0)):
+                rule['_revision'] = self.get(section_id)['_revision']
+            return self._create_with_retry(resource + params, rule)
+        return do_add_rule()

    def add_rules(self, rules, section_id, operation=consts.FW_INSERT_BOTTOM):
-        resource = '%s/rules' % self.get_path(section_id)
-        params = '?action=create_multiple&operation=%s' % operation
-        return self._create_with_retry(resource + params, {'rules': rules})
+        @utils.retry_upon_exception(exceptions.StaleRevision,
+                                    max_attempts=self.client.max_attempts)
+        def do_add_rules():
+            resource = '%s/rules' % self.get_path(section_id)
+            params = '?action=create_multiple&operation=%s' % operation
+            if (version.LooseVersion(self.nsxlib.get_version()) >=
+                version.LooseVersion(consts.NSX_VERSION_2_3_0)):
+                rev_id = self.get(section_id)['_revision']
+                for rule in rules:
+                    rule['_revision'] = rev_id
+            return self._create_with_retry(resource + params, {'rules': rules})
+        return do_add_rules()

    def delete_rule(self, section_id, rule_id):
        resource = '%s/rules/%s' % (section_id, rule_id)