From 8f852c60f31375ffebe83513be05cc8f2287d423 Mon Sep 17 00:00:00 2001
From: Michal Kelner Mishali <mkelnermishal@vmware.com>
Date: Wed, 3 Jul 2019 10:45:14 +0300
Subject: [PATCH] NSX|V: Bug fixing for allowed address_pairs

Remove spoofguard mappings along with spoofguard on backend
when network is set without port security.

Change-Id: I03eac35ae0dfae1c716c54d972a2441c1d98f50a
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
---
 vmware_nsx/db/nsxv_db.py           | 5 +++++
 vmware_nsx/plugins/nsx_v/plugin.py | 2 ++
 2 files changed, 7 insertions(+)

diff --git a/vmware_nsx/db/nsxv_db.py b/vmware_nsx/db/nsxv_db.py
index ebc7620685..5077a6f5f9 100644
--- a/vmware_nsx/db/nsxv_db.py
+++ b/vmware_nsx/db/nsxv_db.py
@@ -683,6 +683,11 @@ def get_nsxv_spoofguard_policy_network_mappings(session, filters=None,
                filters, like_filters).all()
 
 
+def del_nsxv_spoofguard_binding(session, policy_id):
+    return (session.query(nsxv_models.NsxvSpoofGuardPolicyNetworkMapping).
+            filter_by(policy_id=policy_id).delete())
+
+
 def add_nsxv_lbaas_loadbalancer_binding(
         session, loadbalancer_id, edge_id, edge_fw_rule_id, vip_address):
     with session.begin(subtransactions=True):
diff --git a/vmware_nsx/plugins/nsx_v/plugin.py b/vmware_nsx/plugins/nsx_v/plugin.py
index ae7005410e..f4507449c7 100644
--- a/vmware_nsx/plugins/nsx_v/plugin.py
+++ b/vmware_nsx/plugins/nsx_v/plugin.py
@@ -1763,6 +1763,8 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
             if sg_policy:
                 try:
                     self.nsx_v.vcns.delete_spoofguard_policy(sg_policy)
+                    nsxv_db.del_nsxv_spoofguard_binding(context.session,
+                                                        sg_policy)
                 except Exception as e:
                     LOG.error('Unable to delete spoofguard policy '
                               '%(sg_policy)s. Error: %(e)s',