return the dict of port when no sec-group involved

Commit abc16ebf made the get_sg_ids_grouped_by_port function not return
entries for ports without security groups. This causes the agent to not remove
previously created security groups for that port since the port is not
returned in the security_group_info_for_devices data.

This change fixes that by always including a list of security groups for each
port, even if that list is empty.

Change-Id: I9616708462a8b6f3d46ebd76db5cf8cb2826f4ad
Closes-Bug: #1398312

diff --git a/neutron/plugins/ml2/db.py b/neutron/plugins/ml2/db.py
index 7f8dbdcad676b1ffbaa9133db711b78f3f36c26a..f3cfe0f5a6abf0c7d861f3248f6599257a949bba 100644 (file)
--- a/neutron/plugins/ml2/db.py
+++ b/neutron/plugins/ml2/db.py
@@ -13,8 +13,6 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
-import collections
-
 from sqlalchemy import or_
 from sqlalchemy.orm import exc
 
@@ -238,7 +236,7 @@ def get_ports_and_sgs(port_ids):
 
 
 def get_sg_ids_grouped_by_port(port_ids):
-    sg_ids_grouped_by_port = collections.defaultdict(list)
+    sg_ids_grouped_by_port = {}
     session = db_api.get_session()
     sg_binding_port = sg_db.SecurityGroupPortBinding.port_id
 
@@ -260,6 +258,8 @@ def get_sg_ids_grouped_by_port(port_ids):
         query = query.filter(or_(*or_criteria))
 
         for port, sg_id in query:
+            if port not in sg_ids_grouped_by_port:
+                sg_ids_grouped_by_port[port] = []
             if sg_id:
                 sg_ids_grouped_by_port[port].append(sg_id)
     return sg_ids_grouped_by_port

diff --git a/neutron/tests/unit/ml2/test_security_group.py b/neutron/tests/unit/ml2/test_security_group.py
index 6d3d5f491aadf099c44f3b2f2289ce251d04805a..c7d5a22faa212134791579cf889730bfc6f31ec4 100644 (file)
--- a/neutron/tests/unit/ml2/test_security_group.py
+++ b/neutron/tests/unit/ml2/test_security_group.py
@@ -65,18 +65,28 @@ class TestMl2SecurityGroups(Ml2SecurityGroupsTestCase,
             self.fmt, net_id, security_groups=[sg['security_group']['id']])
         return port['port']
 
+    def _make_port_without_sec_group(self, net_id):
+        port = self._make_port(
+            self.fmt, net_id, security_groups=[])
+        return port['port']
+
     def test_security_group_get_ports_from_devices(self):
         with self.network() as n:
             with self.subnet(n):
-                port1 = self._make_port_with_new_sec_group(n['network']['id'])
-                port2 = self._make_port_with_new_sec_group(n['network']['id'])
+                orig_ports = [
+                    self._make_port_with_new_sec_group(n['network']['id']),
+                    self._make_port_with_new_sec_group(n['network']['id']),
+                    self._make_port_without_sec_group(n['network']['id'])
+                ]
                 plugin = manager.NeutronManager.get_plugin()
                 # should match full ID and starting chars
                 ports = plugin.get_ports_from_devices(
-                    [port1['id'], port2['id'][0:8]])
-                self.assertEqual(2, len(ports))
+                    [orig_ports[0]['id'], orig_ports[1]['id'][0:8],
+                     orig_ports[2]['id']])
+                self.assertEqual(len(orig_ports), len(ports))
                 for port_dict in ports:
-                    p = port1 if port1['id'] == port_dict['id'] else port2
+                    p = next(p for p in orig_ports
+                             if p['id'] == port_dict['id'])
                     self.assertEqual(p['id'], port_dict['id'])
                     self.assertEqual(p['security_groups'],
                                      port_dict[ext_sg.SECURITYGROUPS])