NSX|V: Bug fixing for allowed address_pairs

Remove spoofguard mappings along with spoofguard on backend
when network is set without port security.

Change-Id: I03eac35ae0dfae1c716c54d972a2441c1d98f50a
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
This commit is contained in:
Michal Kelner Mishali 2019-07-03 10:45:14 +03:00
parent 01fa17cddc
commit 8f852c60f3
2 changed files with 7 additions and 0 deletions

View File

@ -683,6 +683,11 @@ def get_nsxv_spoofguard_policy_network_mappings(session, filters=None,
filters, like_filters).all()
def del_nsxv_spoofguard_binding(session, policy_id):
return (session.query(nsxv_models.NsxvSpoofGuardPolicyNetworkMapping).
filter_by(policy_id=policy_id).delete())
def add_nsxv_lbaas_loadbalancer_binding(
session, loadbalancer_id, edge_id, edge_fw_rule_id, vip_address):
with session.begin(subtransactions=True):

View File

@ -1763,6 +1763,8 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
if sg_policy:
try:
self.nsx_v.vcns.delete_spoofguard_policy(sg_policy)
nsxv_db.del_nsxv_spoofguard_binding(context.session,
sg_policy)
except Exception as e:
LOG.error('Unable to delete spoofguard policy '
'%(sg_policy)s. Error: %(e)s',