portsecurity_db: Fix a usage of is_attr_set

I believe this is the intention of the original change.
commit a5ccc2358dcc2cee5bc8db6a4448f58bae40b67b

Also, add a test case which would have revealed the problem.

Closes-Bug: #1429754
Change-Id: I1481492404e7388b145860820a308452da24e24f

diff --git a/neutron/db/portsecurity_db.py b/neutron/db/portsecurity_db.py
index 14423a46f300e20d526fff407c73d873a78a923f..800cb4842662a889fe9a391fb579c68e0fbc5bab 100644 (file)
--- a/neutron/db/portsecurity_db.py
+++ b/neutron/db/portsecurity_db.py
@@ -162,7 +162,7 @@ class PortSecurityDbMixin(object):
         # conveniently set port_security_enabled to true this way
         # user doesn't also have to pass in port_security_enabled=True
         # when creating ports.
-        elif (has_ip and attrs.is_attr_set('security_groups')):
+        elif (has_ip and attrs.is_attr_set(port.get('security_groups'))):
             port_security_enabled = True
         else:
             port_security_enabled = self._get_network_security_binding(

diff --git a/neutron/tests/unit/test_extension_portsecurity.py b/neutron/tests/unit/test_extension_portsecurity.py
index b93b5034bda8ffcde94246e7b1e5c2b54e07d48f..591a9fac28e4dfd577a16d8aa2f435bb98842cc8 100644 (file)
--- a/neutron/tests/unit/test_extension_portsecurity.py
+++ b/neutron/tests/unit/test_extension_portsecurity.py
@@ -286,6 +286,17 @@ class TestPortSecurity(PortSecurityDBTestCase):
         self.assertEqual(port['port']['security_groups'], [security_group_id])
         self._delete('ports', port['port']['id'])
 
+    def test_create_port_without_security_group_and_net_sec_false(self):
+        res = self._create_network('json', 'net1', True,
+                                   arg_list=('port_security_enabled',),
+                                   port_security_enabled=False)
+        net = self.deserialize('json', res)
+        self._create_subnet('json', net['network']['id'], '10.0.0.0/24')
+        res = self._create_port('json', net['network']['id'])
+        port = self.deserialize('json', res)
+        self.assertFalse(port['port'][psec.PORTSECURITY])
+        self._delete('ports', port['port']['id'])
+
     def test_update_port_security_off_with_security_group(self):
         if self._skip_security_group:
             self.skipTest("Plugin does not support security groups")