From 737e34c5ff7487a759f22a6e931f3d3d213bf051 Mon Sep 17 00:00:00 2001
From: Maysa Macedo <maysa.macedo95@gmail.com>
Date: Wed, 25 Mar 2020 17:51:45 +0000
Subject: [PATCH] Ensure no attempt to deleted sg rules owned by Octavia
 happens

When updating the LB security group with only the rules applied
on a Network Policy we are also considering the sg rules owned by
octavia, this result on failure when trying to delete the rules
as this operation is not allowed.

This commit ensures only the rules owned by the correct tenant
are deleted.

Change-Id: I06ece3fd93d1408f6023d3daf0ba152fe7dfe4e4
Closes-bug: 1869063
---
 kuryr_kubernetes/controller/drivers/lbaasv2.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/kuryr_kubernetes/controller/drivers/lbaasv2.py b/kuryr_kubernetes/controller/drivers/lbaasv2.py
index b3e061ece..bc7e812d3 100644
--- a/kuryr_kubernetes/controller/drivers/lbaasv2.py
+++ b/kuryr_kubernetes/controller/drivers/lbaasv2.py
@@ -266,7 +266,8 @@ class LBaaSv2Driver(base.LBaaSDriver):
                                         protocol, lb_sg, new_sgs, listener_id)
             return
 
-        lbaas_sg_rules = os_net.security_group_rules(security_group_id=lb_sg)
+        lbaas_sg_rules = os_net.security_group_rules(
+                security_group_id=lb_sg, project_id=loadbalancer.project_id)
         all_pod_rules = []
         add_default_rules = False