Prepend cluster name to Firewall Policies.

This commit prepends cluster name to Contrail Fw policy object.
This is crucial in nested multi-cluster enviroment where netpol with
same name can exist in more than one cluster. Hence the need to qualify
the policy with cluster name so as to avoid collision.

Change-Id: Ia0606fd6436f10c790afbe9c738245827453bb1d
Closes-Bug: #1782541

src/container/kube-manager/kube_manager/vnc/vnc_ingress.py

@@ -951,8 +951,7 @@ def create_ingress_security_policy(self):
         """
         if not VncSecurityPolicy.ingress_svc_fw_policy_uuid:
             VncSecurityPolicy.ingress_svc_fw_policy_uuid =\
-              VncSecurityPolicy.create_firewall_policy(
-                "-".join([vnc_kube_config.cluster_name(), self._k8s_event_type]),
+              VncSecurityPolicy.create_firewall_policy(self._k8s_event_type,
                 None, None, is_global=True)
             VncSecurityPolicy.add_firewall_policy(
                 VncSecurityPolicy.ingress_svc_fw_policy_uuid)

src/container/kube-manager/kube_manager/vnc/vnc_network_policy.py

@@ -560,8 +560,9 @@ def vnc_network_policy_add(self, event, namespace, name, uid):
 
         # Update kube config db entry for the network policy.
         np = NetworkPolicyKM.find_by_name_or_uuid(uid)
-        fw_policy_obj = self._vnc_lib.firewall_policy_read(id=fw_policy_uuid)
-        np.set_vnc_fq_name(":".join(fw_policy_obj.get_fq_name()))
+        if np:
+            fw_policy_obj = self._vnc_lib.firewall_policy_read(id=fw_policy_uuid)
+            np.set_vnc_fq_name(":".join(fw_policy_obj.get_fq_name()))
 
     def _vnc_delete_sg(self, sg):
         for vmi_id in list(sg.virtual_machine_interfaces):

src/container/kube-manager/kube_manager/vnc/vnc_security_policy.py

@@ -480,9 +480,12 @@ def tag_cluster_application_policy_set(cls):
     @classmethod
     def get_firewall_policy_name(cls, name, namespace, is_global):
         if is_global:
-            return name
+            policy_name = name
         else:
-            return "-".join([namespace, name])
+            policy_name = "-".join([namespace, name])
+
+        # Always prepend firewall policy name with cluster name.
+        return "-".join([vnc_kube_config.cluster_name(), policy_name])
 
     @classmethod
     def create_firewall_policy(cls, name, namespace, spec, tag_last=False,
@@ -1003,8 +1006,7 @@ def delete_firewall_rule(cls, fw_policy_uuid, fw_rule_uuid):
     def create_allow_all_security_policy(cls):
         if not cls.allow_all_fw_policy_uuid:
             allow_all_fw_policy_uuid =\
-                VncSecurityPolicy.create_firewall_policy(
-                    "-".join([vnc_kube_config.cluster_name(), "allowall"]),
+                VncSecurityPolicy.create_firewall_policy("allowall",
                  None, None, is_global=True)
             VncSecurityPolicy.add_firewall_policy(allow_all_fw_policy_uuid,
                                                   append_after_tail=True)
@@ -1014,8 +1016,7 @@ def create_allow_all_security_policy(cls):
     def create_deny_all_security_policy(cls):
         if not cls.deny_all_fw_policy_uuid:
             cls.deny_all_fw_policy_uuid =\
-                VncSecurityPolicy.create_firewall_policy(
-                    "-".join([vnc_kube_config.cluster_name(), "denyall"]),
+                VncSecurityPolicy.create_firewall_policy("denyall",
                  None, None, tag_last=True, is_global=True)
             VncSecurityPolicy.add_firewall_policy(cls.deny_all_fw_policy_uuid)