NSX: Propagate name updates for security profiles

...All the way to the controller.

Change-Id: I4740f632eeafdd165dbd0208e37acc85ff883925
Closes-bug: #1285845

diff --git a/neutron/plugins/vmware/nsxlib/secgroup.py b/neutron/plugins/vmware/nsxlib/secgroup.py
index c7dac80f2a5fb32773d4b70dfd08d1c63760ac0d..29d0951e9375a6782489a9d2e702d6be7230db5e 100644 (file)
--- a/neutron/plugins/vmware/nsxlib/secgroup.py
+++ b/neutron/plugins/vmware/nsxlib/secgroup.py
@@ -124,6 +124,15 @@ def update_security_group_rules(cluster, spid, rules):
     return rsp
 
 
+def update_security_profile(cluster, spid, name):
+    return do_request(HTTP_PUT,
+                      _build_uri_path(SECPROF_RESOURCE, resource_id=spid),
+                      json.dumps({
+                          "display_name": utils.check_and_truncate(name)
+                      }),
+                      cluster=cluster)
+
+
 def delete_security_profile(cluster, spid):
     path = "/ws.v1/security-profile/%s" % spid
 

diff --git a/neutron/plugins/vmware/plugins/base.py b/neutron/plugins/vmware/plugins/base.py
index e378d21c76d3c594ceba94b2bf33f158b323b723..cf4f8af830729f201dfa20c35979e3cedc14efee 100644 (file)
--- a/neutron/plugins/vmware/plugins/base.py
+++ b/neutron/plugins/vmware/plugins/base.py
@@ -2319,6 +2319,28 @@ class NsxPluginV2(addr_pair_db.AllowedAddressPairsMixin,
                 context.session, neutron_id, nsx_secgroup['uuid'])
         return sec_group
 
+    def update_security_group(self, context, secgroup_id, security_group):
+        secgroup = (super(NsxPluginV2, self).
+                    update_security_group(context,
+                                          secgroup_id,
+                                          security_group))
+        if ('name' in security_group['security_group'] and
+            secgroup['name'] != 'default'):
+            nsx_sec_profile_id = nsx_utils.get_nsx_security_group_id(
+                context.session, self.cluster, secgroup_id)
+            try:
+                name = security_group['security_group']['name']
+                secgrouplib.update_security_profile(
+                    self.cluster, nsx_sec_profile_id, name)
+            except (n_exc.NotFound, api_exc.NsxApiException) as e:
+                # Reverting the DB change is not really worthwhile
+                # for a mismatch between names. It's the rules that
+                # we care about.
+                LOG.error(_('Error while updating security profile '
+                            '%(uuid)s with name %(name)s: %(error)s.')
+                          % {'uuid': secgroup_id, 'name': name, 'error': e})
+        return secgroup
+
     def delete_security_group(self, context, security_group_id):
         """Delete a security group.
 

diff --git a/neutron/tests/unit/vmware/nsxlib/test_secgroup.py b/neutron/tests/unit/vmware/nsxlib/test_secgroup.py
index b5020100ef9d7d957156acdff4657054194c9f7d..fb2574ff4cd72f426af980455e3dcdcc3531cec5 100644 (file)
--- a/neutron/tests/unit/vmware/nsxlib/test_secgroup.py
+++ b/neutron/tests/unit/vmware/nsxlib/test_secgroup.py
@@ -51,6 +51,22 @@ class SecurityProfileTestCase(base.NsxlibTestCase):
         self.assertEqual(len(sec_prof_res['logical_port_egress_rules']), 3)
         self.assertEqual(len(sec_prof_res['logical_port_ingress_rules']), 2)
 
+    def test_update_security_profile_raise_not_found(self):
+        self.assertRaises(exceptions.NotFound,
+                          secgrouplib.update_security_profile,
+                          self.fake_cluster,
+                          _uuid(), 'tatore_magno(the great)')
+
+    def test_update_security_profile(self):
+        tenant_id = 'foo_tenant_uuid'
+        secgroup_id = 'foo_secgroup_uuid'
+        old_sec_prof = secgrouplib.create_security_profile(
+            self.fake_cluster, tenant_id, secgroup_id,
+            {'name': 'tatore_magno'})
+        new_sec_prof = secgrouplib.update_security_profile(
+            self.fake_cluster, old_sec_prof['uuid'], 'aaron_magno')
+        self.assertEqual('aaron_magno', new_sec_prof['display_name'])
+
     def test_update_security_profile_rules(self):
         sec_prof = secgrouplib.create_security_profile(
             self.fake_cluster, _uuid(), 'pippo', {'name': 'test'})

diff --git a/neutron/tests/unit/vmware/test_nsx_plugin.py b/neutron/tests/unit/vmware/test_nsx_plugin.py
index 1baa44dd2540916ec8e49ec54baccc440aa80732..6c0cecc609fedb9f4f6b1d36c98049a1dac1c0ad 100644 (file)
--- a/neutron/tests/unit/vmware/test_nsx_plugin.py
+++ b/neutron/tests/unit/vmware/test_nsx_plugin.py
@@ -383,6 +383,13 @@ class TestSecurityGroup(ext_sg.TestSecurityGroups, SecurityGroupsTestCase):
             self.deserialize(self.fmt, res)
             self.assertEqual(res.status_int, 400)
 
+    def test_update_security_group_deal_with_exc(self):
+        name = 'foo security group'
+        with mock.patch.object(nsxlib.switch, 'do_request',
+                               side_effect=api_exc.NsxApiException):
+            with self.security_group(name=name) as sg:
+                self.assertEqual(sg['security_group']['name'], name)
+
 
 class TestL3ExtensionManager(object):