Merge "NSX|v3: : ensure that 0.0.0.0/# is treated correctly in SG rules" into stable/ocata

2018-05-09 18:21:21 +00:00 · 2018-05-09 18:21:21 +00:00 · 67a14f7bae
parent 4902c6d00b 5226a855e6
commit 67a14f7bae
1 changed files with 6 additions and 4 deletions
--- a/vmware_nsx/plugins/nsx_v3/plugin.py
+++ b/vmware_nsx/plugins/nsx_v3/plugin.py
@ -3345,11 +3345,13 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
                remote_nsgroup_id = nsx_db.get_nsx_security_group_id(
                    context.session, remote_group_id)
            ruleid_2_remote_nsgroup_map[sg_rule['id']] = remote_nsgroup_id
-            # 0.0.0.0/0 is not a valid entry for local and remote so we need
+            # 0.0.0.0/# is not a valid entry for local and remote so we need
            # to change this to None
-            if sg_rule.get('remote_ip_prefix') == '0.0.0.0/0':
+            if (sg_rule.get('remote_ip_prefix') and
+                sg_rule['remote_ip_prefix'].startswith('0.0.0.0/')):
                sg_rule['remote_ip_prefix'] = None
-            if sg_rule.get('local_ip_prefix') == '0.0.0.0/0':
+            if (sg_rule.get('local_ip_prefix') and
+                sg_rule['local_ip_prefix'].startswith('0.0.0.0/')):
                sg_rule['local_ip_prefix'] = None

        return self.nsxlib.firewall_section.create_rules(
@ -3500,7 +3502,7 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
        sg_rules = security_group_rules['security_group_rules']
        for r in sg_rules:
            self._check_local_ip_prefix(context, r['security_group_rule'])
-            # Generate id for security group rule or use one sepecified,
+            # Generate id for security group rule or use one specified,
            # if specified we are running in api-replay as server doesn't
            # allow id to be specified by default
            r['security_group_rule']['id'] = (