From d907762f3cca1405eedaaad5d5841491576c8c54 Mon Sep 17 00:00:00 2001
From: Kevin Benton <blak111@gmail.com>
Date: Fri, 27 Mar 2015 23:18:08 -0700
Subject: [PATCH] Fix error raising in security groups method

In case there were security groups not belonging to tenant on port
_get_security_groups_on_port would try to raise exception but fail
trying to index set.

This patch simply joins the whole set as a string and inserts it
into the standard SecurityGroupNotFound exception.

No new exception types, no string freeze violations.

Co-Author: watanabe.isao <zou.yun@jp.fujitsu.com>
Co-Author: Jacek Swiderski <jacek.swiderski@codilime.com>

Change-Id: I039ea57269dc53ced8dece0985f33ce9ae7eab17
Closes-Bug: #1373816
---
 neutron/db/securitygroups_db.py                 |  2 +-
 .../tests/unit/test_extension_security_group.py | 17 +++++++++++++++++
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/neutron/db/securitygroups_db.py b/neutron/db/securitygroups_db.py
index 6fdbd0c3a..f14ed9cc5 100644
--- a/neutron/db/securitygroups_db.py
+++ b/neutron/db/securitygroups_db.py
@@ -575,7 +575,7 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
         requested_groups = set(port_sg)
         port_sg_missing = requested_groups - valid_groups
         if port_sg_missing:
-            raise ext_sg.SecurityGroupNotFound(id=str(port_sg_missing[0]))
+            raise ext_sg.SecurityGroupNotFound(id=', '.join(port_sg_missing))
 
         return requested_groups
 
diff --git a/neutron/tests/unit/test_extension_security_group.py b/neutron/tests/unit/test_extension_security_group.py
index f13c19a97..2a401bcc9 100644
--- a/neutron/tests/unit/test_extension_security_group.py
+++ b/neutron/tests/unit/test_extension_security_group.py
@@ -17,6 +17,7 @@ import contextlib
 
 import mock
 import oslo_db.exception as exc
+import testtools
 import webob.exc
 
 from neutron.api.v2 import attributes as attr
@@ -26,6 +27,7 @@ from neutron import context
 from neutron.db import db_base_plugin_v2
 from neutron.db import securitygroups_db
 from neutron.extensions import securitygroup as ext_sg
+from neutron import manager
 from neutron.tests import base
 from neutron.tests.unit import test_db_plugin
 
@@ -577,6 +579,21 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
                 for k, v, in keys:
                     self.assertEqual(sg_rule[0][k], v)
 
+    def test_get_security_group_on_port_from_wrong_tenant(self):
+        plugin = manager.NeutronManager.get_plugin()
+        if not hasattr(plugin, '_get_security_groups_on_port'):
+            self.skipTest("plugin doesn't use the mixin with this method")
+        neutron_context = context.get_admin_context()
+        res = self._create_security_group(self.fmt, 'webservers', 'webservers',
+                                          tenant_id='bad_tenant')
+        sg1 = self.deserialize(self.fmt, res)
+        with testtools.ExpectedException(ext_sg.SecurityGroupNotFound):
+            plugin._get_security_groups_on_port(
+                neutron_context,
+                {'port': {'security_groups': [sg1['security_group']['id']],
+                          'tenant_id': 'tenant'}}
+            )
+
     def test_delete_security_group(self):
         name = 'webservers'
         description = 'my webservers'
-- 
2.45.2