From 7c1356735fcab243a954aaf7202989e0b2fd4406 Mon Sep 17 00:00:00 2001 From: Slawek Kaplonski Date: Thu, 20 Feb 2020 05:22:30 +0100 Subject: [PATCH] Ensure that default SG exists during list of SG rules API call During processing of security group rule list API call Neutron will now ensure that default security group for project given in the filters or in the context exists. It is similar to what is done for list of security groups or creation of new network/port in the project. Conflicts: neutron/db/securitygroups_db.py Change-Id: Id6fee5a752968b356b884d939b708a420016c9bc Closes-Bug: #1864171 (cherry picked from commit 4739a4febb8c77e5a0ca48bc77ae4dccd9f8a81e) --- neutron/db/securitygroups_db.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/neutron/db/securitygroups_db.py b/neutron/db/securitygroups_db.py index 95a9c82f3fc..7052ca49fc2 100644 --- a/neutron/db/securitygroups_db.py +++ b/neutron/db/securitygroups_db.py @@ -672,6 +672,14 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase): pager = base_obj.Pager( sorts=sorts, marker=marker, limit=limit, page_reverse=page_reverse) + project_id = filters.get('project_id') or filters.get('tenant_id') + if project_id: + project_id = project_id[0] + else: + project_id = context.project_id + if project_id: + self._ensure_default_security_group(context, project_id) + # NOTE(slaweq): use admin context here to be able to get all rules # which fits filters' criteria. Later in policy engine rules will be # filtered and only those which are allowed according to policy will