From 4c5532bf3de4bed0a8c467f9ce8b38cef6931e75 Mon Sep 17 00:00:00 2001
From: Slawek Kaplonski <skaplons@redhat.com>
Date: Thu, 20 Feb 2020 05:22:30 +0100
Subject: [PATCH] Ensure that default SG exists during list of SG rules API
 call

During processing of security group rule list API call Neutron will
now ensure that default security group for project given in the filters
or in the context exists.
It is similar to what is done for list of security groups or creation of
new network/port in the project.

Conflicts:
    neutron/db/securitygroups_db.py

Change-Id: Id6fee5a752968b356b884d939b708a420016c9bc
Closes-Bug: #1864171
(cherry picked from commit 4739a4febb8c77e5a0ca48bc77ae4dccd9f8a81e)
---
 neutron/db/securitygroups_db.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/neutron/db/securitygroups_db.py b/neutron/db/securitygroups_db.py
index df5ea39d9c4..664d300b45c 100644
--- a/neutron/db/securitygroups_db.py
+++ b/neutron/db/securitygroups_db.py
@@ -679,6 +679,14 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
         pager = base_obj.Pager(
             sorts=sorts, marker=marker, limit=limit, page_reverse=page_reverse)
 
+        project_id = filters.get('project_id') or filters.get('tenant_id')
+        if project_id:
+            project_id = project_id[0]
+        else:
+            project_id = context.project_id
+        if project_id:
+            self._ensure_default_security_group(context, project_id)
+
         # NOTE(slaweq): use admin context here to be able to get all rules
         # which fits filters' criteria. Later in policy engine rules will be
         # filtered and only those which are allowed according to policy will