Merge "[OVN] Fix port disable security dead when run neutron-ovn-db-sync-util" into stable/victoria

neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py

@@ -412,10 +412,10 @@ class OVNClient(object):
                 **kwargs))
 
             sg_ids = utils.get_lsp_security_groups(port)
-            # If this is not a trusted port or port security is enabled,
+            # If this is not a trusted port and port security is enabled,
             # add it to the default drop Port Group so that all traffic
             # is dropped by default.
-            if not utils.is_lsp_trusted(port) or port_info.port_security:
+            if not utils.is_lsp_trusted(port) and port_info.port_security:
                 self._add_port_to_drop_port_group(port_cmd, txn)
             # Just add the port to its Port Group.
             for sg in sg_ids:

neutron/tests/unit/plugins/ml2/drivers/ovn/mech_driver/test_mech_driver.py

@@ -2915,7 +2915,12 @@ class TestOVNMechanismDriverSecurityGroup(
     # test acl methods invoking. Content correctness of args of acl methods
     # is mainly guaranteed by acl_test.py.
 
+    _extension_drivers = ['port_security']
+
     def setUp(self):
+        cfg.CONF.set_override('extension_drivers',
+                              self._extension_drivers,
+                              group='ml2')
         cfg.CONF.set_override('mechanism_drivers',
                               ['logger', 'ovn'],
                               'ml2')
@@ -3107,8 +3112,9 @@ class TestOVNMechanismDriverSecurityGroup(
             req = self.new_update_request('ports', data, p['id'])
             req.get_response(self.api)
 
+            # Default neutron_pg_drop, 2 security group
             self.assertEqual(
-                2, self.mech_driver._nb_ovn.pg_add_ports.call_count)
+                3, self.mech_driver._nb_ovn.pg_add_ports.call_count)
 
     def test_update_sg_change_rule(self):
         with self.network() as n, self.subnet(n):