From bd714c00460ae3d3f2a7a3c56eabf018df61cda0 Mon Sep 17 00:00:00 2001 From: Salvatore Orlando Date: Mon, 19 Jul 2021 02:43:34 -0700 Subject: [PATCH] Fix decoupling of provider and regular security groups The check was comparing neutron security group objects with security group ids. This change ensures comparison is made only between security group ids. Change-Id: Iaeeae58bd19136f96046f2552f05bdced5766046 --- vmware_nsx/db/extended_security_group.py | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/vmware_nsx/db/extended_security_group.py b/vmware_nsx/db/extended_security_group.py index 9fb16ffab0..78861e952e 100644 --- a/vmware_nsx/db/extended_security_group.py +++ b/vmware_nsx/db/extended_security_group.py @@ -279,8 +279,9 @@ class ExtendedSecurityGroupPropertiesMixin(object): context, port_data, only_warn=True) # get the 2 separate lists of security groups - sgids = self._get_security_groups_on_port( + sg_data = self._get_security_groups_on_port( context, port) or [] + sgids = [sg.id for sg in sg_data] psgids = self._get_provider_security_groups_on_port( context, port) or [] had_sgs = len(sgids) > 0 @@ -288,14 +289,18 @@ class ExtendedSecurityGroupPropertiesMixin(object): # remove provider security groups which were specified also in the # regular sg list sgids = list(set(sgids) - set(psgids)) + # We should return the list of security group objects and a list + # of provider security groups ids. This is why the two lists + # returned by this routine have a different nature + sg_data_2 = [sg for sg in sg_data if sg.id in sgids] if not len(sgids) and had_sgs: # Add the default sg of the tenant if no other remained tenant_id = port_data.get('tenant_id') default_sg = self._ensure_default_security_group( context, tenant_id) - sgids.append(default_sg) + sg_data_2.append(default_sg) - return (sgids, psgids) + return (sg_data_2, psgids) def _process_port_create_provider_security_group(self, context, p, security_group_ids):