Merge "NSX|V3: ensure provider securiry updates are done"

2017-12-11 22:49:26 +00:00 · 2017-12-11 22:49:26 +00:00 · c1ee02253f
commit c1ee02253f
parent 75bf6bdef0 20f0f66389
2 changed files with 16 additions and 1 deletions
--- a/vmware_nsx/plugins/nsx_v3/plugin.py
+++ b/vmware_nsx/plugins/nsx_v3/plugin.py
@ -2860,6 +2860,7 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,

        with db_api.context_manager.writer.using(context):
            original_port = super(NsxV3Plugin, self).get_port(context, id)
+            self._remove_provider_security_groups_from_list(original_port)
            port_data = port['port']
            nsx_lswitch_id, nsx_lport_id = nsx_db.get_nsx_switch_and_port_id(
                context.session, id)
@ -2918,6 +2919,7 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
                    raise n_exc.InvalidInput(error_message=msg)
                self._update_mac_learning_state(context, id,
                                                mac_learning_state)
+            self._remove_provider_security_groups_from_list(updated_port)

        address_bindings = self._build_address_bindings(updated_port)
        if port_security and address_bindings:
--- a/vmware_nsx/tests/unit/extensions/test_provider_security_groups.py
+++ b/vmware_nsx/tests/unit/extensions/test_provider_security_groups.py
@ -344,7 +344,20 @@ class ProviderSecurityGroupExtTestCase(

 class TestNSXv3ProviderSecurityGrp(test_nsxv3_plugin.NsxV3PluginTestCaseMixin,
                                   ProviderSecurityGroupExtTestCase):
-    pass
+
+    def test_update_port_remove_provider_sg(self):
+        # need to create provider security group first.
+        self._create_provider_security_group()
+        with self.port(tenant_id=self._tenant_id) as p:
+            body = {'port': {'provider_security_groups': []}}
+            req = self.new_update_request('ports', body, p['port']['id'])
+            port = self.deserialize(self.fmt, req.get_response(self.api))
+            # confirm that the group has been removed.
+            self.assertEqual([], port['port']['provider_security_groups'])
+            # make sure that the security groups did not contain the provider
+            # security group
+            self.assertEqual(p['port']['security_groups'],
+                             port['port']['security_groups'])


 class TestNSXvProviderSecurityGroup(test_nsxv_plugin.NsxVPluginV2TestCase,