From f5d7d1aa97a6507cf7d059d6ab47b509017483b7 Mon Sep 17 00:00:00 2001
From: Tong Liu <tongl@vmware.com>
Date: Mon, 2 Apr 2018 12:11:02 +0000
Subject: [PATCH] Add revision_id when creating FW rule

NSXT backend recently enforced POST FW rule API to have the
revision id in the request body. This patch added revision id
for both add_rule and add_rules method.

If the revision is not valid we will do a retry.

Change-Id: If343c6f256dda6bcbe300c10863df6cc6cfa4b3e
---
 vmware_nsxlib/v3/nsx_constants.py |  1 +
 vmware_nsxlib/v3/security.py      | 30 ++++++++++++++++++++++++------
 2 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/vmware_nsxlib/v3/nsx_constants.py b/vmware_nsxlib/v3/nsx_constants.py
index 8c2ab30b..435ecfc0 100644
--- a/vmware_nsxlib/v3/nsx_constants.py
+++ b/vmware_nsxlib/v3/nsx_constants.py
@@ -125,6 +125,7 @@ NSX_VERSION_1_1_0 = '1.1.0'
 NSX_VERSION_2_0_0 = '2.0.0'
 NSX_VERSION_2_1_0 = '2.1.0'
 NSX_VERSION_2_2_0 = '2.2.0'
+NSX_VERSION_2_3_0 = '2.3.0'
 NSX_VERSION_3_0_0 = '3.0.0'
 
 # Features available depending on the backend version
diff --git a/vmware_nsxlib/v3/security.py b/vmware_nsxlib/v3/security.py
index 9bd4aca3..7758c07f 100644
--- a/vmware_nsxlib/v3/security.py
+++ b/vmware_nsxlib/v3/security.py
@@ -18,6 +18,8 @@
 NSX-V3 Plugin security & Distributed Firewall integration module
 """
 
+from distutils import version
+
 from oslo_log import log
 from oslo_utils import excutils
 
@@ -457,14 +459,30 @@ class NsxLibFirewallSection(utils.NsxLibApiBase):
         return rule_dict
 
     def add_rule(self, rule, section_id, operation=consts.FW_INSERT_BOTTOM):
-        resource = '%s/rules' % self.get_path(section_id)
-        params = '?operation=%s' % operation
-        return self._create_with_retry(resource + params, rule)
+        @utils.retry_upon_exception(exceptions.StaleRevision,
+                                    max_attempts=self.client.max_attempts)
+        def do_add_rule():
+            resource = '%s/rules' % self.get_path(section_id)
+            params = '?operation=%s' % operation
+            if (version.LooseVersion(self.nsxlib.get_version()) >=
+                version.LooseVersion(consts.NSX_VERSION_2_3_0)):
+                rule['_revision'] = self.get(section_id)['_revision']
+            return self._create_with_retry(resource + params, rule)
+        return do_add_rule()
 
     def add_rules(self, rules, section_id, operation=consts.FW_INSERT_BOTTOM):
-        resource = '%s/rules' % self.get_path(section_id)
-        params = '?action=create_multiple&operation=%s' % operation
-        return self._create_with_retry(resource + params, {'rules': rules})
+        @utils.retry_upon_exception(exceptions.StaleRevision,
+                                    max_attempts=self.client.max_attempts)
+        def do_add_rules():
+            resource = '%s/rules' % self.get_path(section_id)
+            params = '?action=create_multiple&operation=%s' % operation
+            if (version.LooseVersion(self.nsxlib.get_version()) >=
+                version.LooseVersion(consts.NSX_VERSION_2_3_0)):
+                rev_id = self.get(section_id)['_revision']
+                for rule in rules:
+                    rule['_revision'] = rev_id
+            return self._create_with_retry(resource + params, {'rules': rules})
+        return do_add_rules()
 
     def delete_rule(self, section_id, rule_id):
         resource = '%s/rules/%s' % (section_id, rule_id)