def _convert_to_nsx_rule(session, cluster, rule, with_id=False):
    """Converts a Neutron security group rule to the NSX format.

    This routine also replaces Neutron IDs with NSX UUIDs.
    nsx_rule = {}
    params = ['remote_ip_prefix', 'protocol',
              'remote_group_id', 'port_range_min',
              'port_range_max', 'ethertype']
    if with_id:

    for param in params:
        value = rule.get(param)
        if param not in rule:
            nsx_rule[param] = value
        elif not value:
        elif param == 'remote_ip_prefix':
            nsx_rule['ip_prefix'] = rule['remote_ip_prefix']
        elif param == 'remote_group_id':
            nsx_rule['profile_uuid'] = nsx_utils.get_nsx_security_group_id(
                session, cluster, rule['remote_group_id'])

        elif param == 'protocol':
                nsx_rule['protocol'] = int(rule['protocol'])
            except (ValueError, TypeError):
                nsx_rule['protocol'] = (
            nsx_rule[param] = value
    return nsx_rule
def get_security_group_rules_nsx_format(session, cluster,
                                        security_group_rules, with_id=False):
    """Convert neutron security group rules into NSX format.

    This routine splits Neutron security group rules into two lists, one
    for ingress rules and the other for egress rules.

    def fields(rule):
        _fields = ['remote_ip_prefix', 'remote_group_id', 'protocol',
                   'port_range_min', 'port_range_max', 'protocol', 'ethertype']
        if with_id:
        return dict((k, v) for k, v in rule.iteritems() if k in _fields)

    ingress_rules = []
    egress_rules = []
    for rule in security_group_rules:
        if rule.get('souce_group_id'):
            rule['remote_group_id'] = nsx_utils.get_nsx_security_group_id(
                session, cluster, rule['remote_group_id'])

        if rule['direction'] == 'ingress':
        elif rule['direction'] == 'egress':
    rules = {'logical_port_ingress_rules': egress_rules,
             'logical_port_egress_rules': ingress_rules}
    return _convert_to_nsx_rules(session, cluster, rules, with_id)
 def _verify_get_nsx_sec_profile_id(self, exp_sec_prof_uuid):
     # The nsxlib and db calls are  mocked, therefore the cluster
     # and the neutron_id parameters can be set to None
     sec_prof_uuid = nsx_utils.get_nsx_security_group_id(
         db_api.get_session(), None, None)
     self.assertEqual(exp_sec_prof_uuid, sec_prof_uuid)