From 18a495ad83307dbd518bb7522c33c41f13b63556 Mon Sep 17 00:00:00 2001
From: Maysa Macedo <maysa.macedo95@gmail.com>
Date: Mon, 24 Feb 2020 10:55:36 +0000
Subject: [PATCH] Ensure list of pods items is retrieved

Right now we attempt to retrieve the list of pods without
fetching the items field returned on the kubernetes response,
causing the wrong element to be fetched.

This commit fixes the issue by getting the list of pods
through the items.

Closes-bug: 1864451
Change-Id: I0144f68900011ba3b5c6373a439dc1df3a68f8ed
---
 .../controller/drivers/network_policy_security_groups.py      | 2 +-
 .../controller/drivers/test_network_policy_security_groups.py | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/kuryr_kubernetes/controller/drivers/network_policy_security_groups.py b/kuryr_kubernetes/controller/drivers/network_policy_security_groups.py
index e6c3ade1d..62ad66731 100644
--- a/kuryr_kubernetes/controller/drivers/network_policy_security_groups.py
+++ b/kuryr_kubernetes/controller/drivers/network_policy_security_groups.py
@@ -319,7 +319,7 @@ def _parse_selectors_on_namespace(crd, direction, pod_selector,
                     if sg_rule not in crd_rules:
                         crd_rules.append(sg_rule)
         else:
-            ns_pods = driver_utils.get_pods(ns_selector)
+            ns_pods = driver_utils.get_pods(ns_selector)['items']
             ns_cidr = driver_utils.get_namespace_subnet_cidr(namespace)
             if 'ports' in rule_block:
                 for port in rule_block['ports']:
diff --git a/kuryr_kubernetes/tests/unit/controller/drivers/test_network_policy_security_groups.py b/kuryr_kubernetes/tests/unit/controller/drivers/test_network_policy_security_groups.py
index 2efd749ec..70bb3d047 100644
--- a/kuryr_kubernetes/tests/unit/controller/drivers/test_network_policy_security_groups.py
+++ b/kuryr_kubernetes/tests/unit/controller/drivers/test_network_policy_security_groups.py
@@ -573,6 +573,8 @@ class TestNetworkPolicySecurityGroupsDriver(test_base.TestCase):
         m_delete_sg_rule.assert_not_called()
         m_patch_kuryrnetworkpolicy_crd.assert_not_called()
 
+    @mock.patch('kuryr_kubernetes.controller.drivers.utils.'
+                'get_pods')
     @mock.patch('kuryr_kubernetes.controller.drivers.'
                 'network_policy_security_groups._create_sg_rule')
     @mock.patch('kuryr_kubernetes.controller.drivers.utils.'
@@ -580,7 +582,7 @@ class TestNetworkPolicySecurityGroupsDriver(test_base.TestCase):
     @mock.patch('kuryr_kubernetes.controller.drivers.utils.'
                 'get_namespace_subnet_cidr')
     def test__parse_rules(self, m_get_ns_subnet_cidr, m_match_selector,
-                          m_create_sg_rule):
+                          m_create_sg_rule, m_get_pods):
         crd = get_crd_obj_no_match()
         policy = crd['spec']['networkpolicy_spec']
         i_rule = policy.get('ingress')[0]