Merge "Fix regression with SG read API with empty ruleset"

2019-03-02 23:06:33 +00:00 · 2019-03-02 23:06:33 +00:00 · e4847a3478
parent 018595d4b0 cc4d5a2561
commit e4847a3478
2 changed files with 39 additions and 0 deletions
--- a/neutron/db/securitygroups_db.py
+++ b/neutron/db/securitygroups_db.py
@ -300,6 +300,8 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
                self._make_security_group_rule_dict(r.db_obj)
                for r in security_group.rules
            ]
+        else:
+            res['security_group_rules'] = []
        resource_extend.apply_funcs(ext_sg.SECURITYGROUPS, res,
                                    security_group.db_obj)
        return db_utils.resource_fields(res, fields)
--- a/neutron/tests/unit/extensions/test_securitygroup.py
+++ b/neutron/tests/unit/extensions/test_securitygroup.py
@ -703,6 +703,43 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
                for k, v, in keys:
                    self.assertEqual(sg_rule[0][k], v)

+    def test_get_security_group_empty_rules(self):
+        name = 'webservers'
+        description = 'my webservers'
+        with self.security_group(name, description) as sg:
+            remote_group_id = sg['security_group']['id']
+
+            self._delete_default_security_group_egress_rules(
+                remote_group_id)
+
+            res = self.new_show_request('security-groups', remote_group_id)
+            group = self.deserialize(
+                self.fmt, res.get_response(self.ext_api))
+
+            sg_rule = group['security_group']['security_group_rules']
+            self.assertEqual(group['security_group']['id'],
+                             remote_group_id)
+            self.assertEqual(0, len(sg_rule))
+
+    def test_get_security_group_empty_rules_id_only(self):
+        name = 'webservers'
+        description = 'my webservers'
+        with self.security_group(name, description) as sg:
+            remote_group_id = sg['security_group']['id']
+
+            self._delete_default_security_group_egress_rules(
+                remote_group_id)
+
+            res = self.new_show_request('security-groups', remote_group_id,
+                                        fields=['id'])
+            group = self.deserialize(
+                self.fmt, res.get_response(self.ext_api))
+
+            secgroup = group['security_group']
+            self.assertFalse('security_group_rules' in secgroup)
+            self.assertEqual(group['security_group']['id'],
+                             remote_group_id)
+
    # This test case checks that admins from a different tenant can add rules
    # as themselves. This is an odd behavior, with some weird GET semantics,
    # but this test is checking that we don't break that old behavior, at least