From e45647357f9419c014ad0b3dada9a3f69540843b Mon Sep 17 00:00:00 2001
From: Adit Sarfaty <asarfaty@vmware.com>
Date: Tue, 18 Apr 2017 10:55:07 +0300
Subject: [PATCH] NSX-V| Fix FWaaS deployment on distributed router

When deploying a firewall policy of a distributed router, sometimes the
rules are set on the tlr instead of the plr edge by mistake.

Change-Id: I2242394e773c1868a924fe81cc4669d3cf30dbb3
---
 vmware_nsx/services/fwaas/nsx_v/edge_fwaas_driver.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/vmware_nsx/services/fwaas/nsx_v/edge_fwaas_driver.py b/vmware_nsx/services/fwaas/nsx_v/edge_fwaas_driver.py
index 11502fc103..b925aaafec 100644
--- a/vmware_nsx/services/fwaas/nsx_v/edge_fwaas_driver.py
+++ b/vmware_nsx/services/fwaas/nsx_v/edge_fwaas_driver.py
@@ -53,14 +53,16 @@ class EdgeFwaasDriver(fwaas_base.FwaasDriverBase):
             lookup_id = None
             router_id = router_info.router_id
             if router_info.router.get('distributed'):
+                # Distributed router
                 # we need the plr edge id
                 lookup_id = edge_manager.get_plr_by_tlr_id(
                     context, router_id)
-            if router_info.router.get('router_type') == 'shared':
+            elif router_info.router.get('router_type') == 'shared':
+                # Shared router (currently not supported)
                 LOG.info("Cannot apply firewall to shared router %s",
                          router_id)
             else:
-                # exclusive router
+                # Exclusive router
                 lookup_id = router_id
             if lookup_id:
                 # look for the edge id in the DB