From d377df2c52822931f6e94aa16c76cb0a022d8c77 Mon Sep 17 00:00:00 2001
From: Hongbin Lu <hongbin.lu@huawei.com>
Date: Mon, 29 May 2017 19:22:04 -0400
Subject: [PATCH] Avoid creating port without security groups

If the security groups key is set and value is None or an empty list,
the created neutron port won't have any connectivity. This is a
pitfall. We should avoid setting the security group if it is not
provided by users. As a result, neutron will associate the 'default'
security group to the port.

Change-Id: I7d79bf2ddb8272f003a2f648532226f405822649
Closes-Bug: #1694336
---
 zun/container/docker/driver.py | 7 ++++---
 zun/network/kuryr_network.py   | 8 +++++---
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/zun/container/docker/driver.py b/zun/container/docker/driver.py
index e8a6a8034..65adec86c 100644
--- a/zun/container/docker/driver.py
+++ b/zun/container/docker/driver.py
@@ -510,9 +510,10 @@ class DockerDriver(driver.ContainerDriver):
             name = self.get_sandbox_name(container)
             sandbox = docker.create_container(image, name=name,
                                               hostname=name[:63])
-            security_groups = container.security_groups or None
-            security_group_ids = self._get_security_group_ids(
-                context, security_groups)
+            security_group_ids = None
+            if container.security_groups is not None:
+                security_group_ids = self._get_security_group_ids(
+                    context, container.security_groups)
             # Container connects to the bridge network by default so disconnect
             # the container from it before connecting it to neutron network.
             # This avoids potential conflict between these two networks.
diff --git a/zun/network/kuryr_network.py b/zun/network/kuryr_network.py
index bd48f16ec..8b1543582 100644
--- a/zun/network/kuryr_network.py
+++ b/zun/network/kuryr_network.py
@@ -121,11 +121,13 @@ class KuryrNetwork(network.Network):
         """
         network = self.inspect_network(network_name)
         neutron_net_id = network['Options']['neutron.net.uuid']
-        neutron_port = self.neutron.create_port({'port': {
+        port_dict = {
             'network_id': neutron_net_id,
-            'security_groups': security_group_ids,
             'tenant_id': self.context.project_id
-        }})
+        }
+        if security_group_ids is not None:
+            port_dict['security_groups'] = security_group_ids
+        neutron_port = self.neutron.create_port({'port': port_dict})
 
         ipv4_address = None
         ipv6_address = None