From f854cf3af9ec895fa3e368af7c57c7548cf0bc5b Mon Sep 17 00:00:00 2001
From: Salvatore <salv.orlando@gmail.com>
Date: Wed, 24 Dec 2014 01:17:17 +0100
Subject: [PATCH] VMware: fix security group check on port create

The code did not consider an empty list among the cases
in which security groups are not supplied on port create.

Change-Id: I325cce2165d2ec683ecac3cabdbfb80a03b288c9
Closes-Bug: #1405311
---
 neutron/plugins/vmware/plugins/base.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/neutron/plugins/vmware/plugins/base.py b/neutron/plugins/vmware/plugins/base.py
index e6387fe58..1c81ff451 100644
--- a/neutron/plugins/vmware/plugins/base.py
+++ b/neutron/plugins/vmware/plugins/base.py
@@ -1122,9 +1122,12 @@ class NsxPluginV2(addr_pair_db.AllowedAddressPairsMixin,
                 port_data[addr_pair.ADDRESS_PAIRS] = []
 
             # security group extension checks
+            # NOTE: check_update_has_security_groups works fine for
+            # create operations as well
             if port_security and has_ip:
                 self._ensure_default_security_group_on_port(context, port)
-            elif attr.is_attr_set(port_data.get(ext_sg.SECURITYGROUPS)):
+            elif self._check_update_has_security_groups(
+                 {'port': port_data}):
                 raise psec.PortSecurityAndIPRequiredForSecurityGroups()
             port_data[ext_sg.SECURITYGROUPS] = (
                 self._get_security_groups_on_port(context, port))
-- 
2.45.2