From: Yalei Wang <yalei.wang@intel.com>
Date: Wed, 3 Dec 2014 05:29:30 +0000 (+0800)
Subject: return the dict of port when no sec-group involved
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=997e70751c74004983b1e4079b084431ed0c7d27;p=openstack-build%2Fneutron-build.git

return the dict of port when no sec-group involved

Commit abc16ebf made the get_sg_ids_grouped_by_port function not return
entries for ports without security groups. This causes the agent to not remove
previously created security groups for that port since the port is not
returned in the security_group_info_for_devices data.

This change fixes that by always including a list of security groups for each
port, even if that list is empty.

Change-Id: I9616708462a8b6f3d46ebd76db5cf8cb2826f4ad
Closes-Bug: #1398312
---

diff --git a/neutron/plugins/ml2/db.py b/neutron/plugins/ml2/db.py
index 7f8dbdcad..f3cfe0f5a 100644
--- a/neutron/plugins/ml2/db.py
+++ b/neutron/plugins/ml2/db.py
@@ -13,8 +13,6 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
-import collections
-
 from sqlalchemy import or_
 from sqlalchemy.orm import exc
 
@@ -238,7 +236,7 @@ def get_ports_and_sgs(port_ids):
 
 
 def get_sg_ids_grouped_by_port(port_ids):
-    sg_ids_grouped_by_port = collections.defaultdict(list)
+    sg_ids_grouped_by_port = {}
     session = db_api.get_session()
     sg_binding_port = sg_db.SecurityGroupPortBinding.port_id
 
@@ -260,6 +258,8 @@ def get_sg_ids_grouped_by_port(port_ids):
         query = query.filter(or_(*or_criteria))
 
         for port, sg_id in query:
+            if port not in sg_ids_grouped_by_port:
+                sg_ids_grouped_by_port[port] = []
             if sg_id:
                 sg_ids_grouped_by_port[port].append(sg_id)
     return sg_ids_grouped_by_port
diff --git a/neutron/tests/unit/ml2/test_security_group.py b/neutron/tests/unit/ml2/test_security_group.py
index 6d3d5f491..c7d5a22fa 100644
--- a/neutron/tests/unit/ml2/test_security_group.py
+++ b/neutron/tests/unit/ml2/test_security_group.py
@@ -65,18 +65,28 @@ class TestMl2SecurityGroups(Ml2SecurityGroupsTestCase,
             self.fmt, net_id, security_groups=[sg['security_group']['id']])
         return port['port']
 
+    def _make_port_without_sec_group(self, net_id):
+        port = self._make_port(
+            self.fmt, net_id, security_groups=[])
+        return port['port']
+
     def test_security_group_get_ports_from_devices(self):
         with self.network() as n:
             with self.subnet(n):
-                port1 = self._make_port_with_new_sec_group(n['network']['id'])
-                port2 = self._make_port_with_new_sec_group(n['network']['id'])
+                orig_ports = [
+                    self._make_port_with_new_sec_group(n['network']['id']),
+                    self._make_port_with_new_sec_group(n['network']['id']),
+                    self._make_port_without_sec_group(n['network']['id'])
+                ]
                 plugin = manager.NeutronManager.get_plugin()
                 # should match full ID and starting chars
                 ports = plugin.get_ports_from_devices(
-                    [port1['id'], port2['id'][0:8]])
-                self.assertEqual(2, len(ports))
+                    [orig_ports[0]['id'], orig_ports[1]['id'][0:8],
+                     orig_ports[2]['id']])
+                self.assertEqual(len(orig_ports), len(ports))
                 for port_dict in ports:
-                    p = port1 if port1['id'] == port_dict['id'] else port2
+                    p = next(p for p in orig_ports
+                             if p['id'] == port_dict['id'])
                     self.assertEqual(p['id'], port_dict['id'])
                     self.assertEqual(p['security_groups'],
                                      port_dict[ext_sg.SECURITYGROUPS])