NSX: passing wrong security_group id mapping to nsx backend

When the async secgroup work was added the update_port() code was not changed
to pass in the nsx security_group uuids. This patch fixes that so that the
nsx uuids are passed in instead of neutron.

Closes-bug: #1287419

Change-Id: I1a075564f2548764de15b85b2970b5f360412eb2

diff --git a/neutron/plugins/vmware/plugins/base.py b/neutron/plugins/vmware/plugins/base.py
index 08d725229bb95f15766b4b1fc48933e15c9b647c..df066a37219a6b94de4b54b15b9914430b87da7d 100644 (file)
--- a/neutron/plugins/vmware/plugins/base.py
+++ b/neutron/plugins/vmware/plugins/base.py
@@ -1290,6 +1290,13 @@ class NsxPluginV2(addr_pair_db.AllowedAddressPairsMixin,
             LOG.warn(_("Update port request: %s"), port)
             nsx_switch_id, nsx_port_id = nsx_utils.get_nsx_switch_and_port_id(
                 context.session, self.cluster, id)
+            # Convert Neutron security groups identifiers into NSX security
+            # profiles identifiers
+            nsx_sec_profile_ids = [
+                nsx_utils.get_nsx_security_group_id(
+                    context.session, self.cluster, neutron_sg_id) for
+                neutron_sg_id in (ret_port[ext_sg.SECURITYGROUPS] or [])]
+
             if nsx_port_id:
                 try:
                     switchlib.update_port(
@@ -1301,7 +1308,7 @@ class NsxPluginV2(addr_pair_db.AllowedAddressPairsMixin,
                         ret_port['mac_address'],
                         ret_port['fixed_ips'],
                         ret_port[psec.PORTSECURITY],
-                        ret_port[ext_sg.SECURITYGROUPS],
+                        nsx_sec_profile_ids,
                         ret_port[qos.QUEUE],
                         ret_port.get(mac_ext.MAC_LEARNING),
                         ret_port.get(addr_pair.ADDRESS_PAIRS))