[AIM] Fix handling of missing PortSecurityBinding

If a PortSecurityBinding record is not present for a port, which might
be the case after migration from a plugin without the portsecurity
extension driver configured, the GBP details RPC should return False
instead of True for promiscuous_mode.

Change-Id: Id33c488d890f15e9489c5a8cdbbffa5dc11387a7

gbpservice/neutron/plugins/ml2plus/drivers/apic_aim/rpc.py

@@ -1020,7 +1020,7 @@ class ApicRpcHandlerMixin(object):
         # applications use port_security_enabled=False?
         return (port_info.device_owner in constants.PROMISCUOUS_TYPES or
                 port_info.port_name.endswith(constants.PROMISCUOUS_SUFFIX) or
-                not port_info.psec_enabled)
+                port_info.psec_enabled is False)
 
     def _build_sg_details(self, info):
         return (

gbpservice/neutron/tests/unit/services/grouppolicy/test_aim_mapping_driver.py

@@ -28,6 +28,7 @@ from neutron.api.rpc.agentnotifiers import dhcp_rpc_agent_api
 from neutron.common import utils as n_utils
 from neutron.db import api as db_api
 from neutron.db.models import securitygroup as sg_models
+from neutron.db.port_security import models as psec_models
 from neutron.extensions import dns
 from neutron.notifiers import nova
 from neutron.tests.unit.db import test_db_base_plugin_v2 as test_plugin
@@ -5698,6 +5699,30 @@ class TestNeutronPortOperation(AIMBaseTestCase):
             host='host1')
         self.assertTrue(details['promiscuous_mode'])
 
+        # Test RPC without a PortSecurityBinding record, which should
+        # be equivalent to port_security_enabled being set to
+        # True. This can occur when migrating to the unified plugin
+        # from a configuration that did not include ML2's
+        # port_security extension driver.
+        with self.db_session.begin():
+            psb = (self.db_session.query(psec_models.PortSecurityBinding).
+                   filter_by(port_id=p3['id']).
+                   one())
+            self.db_session.delete(psb)
+        details = self.mech_driver.get_gbp_details(
+            self._neutron_admin_context, device='tap%s' % p3['id'],
+            host='host1')
+        self.assertFalse(details['promiscuous_mode'])
+
+        # Test that updating port_security_enabled restores
+        # the missing PortSecurityBinding record.
+        self._update(
+            'ports', p3['id'], {'port': {'port_security_enabled': False}})
+        details = self.mech_driver.get_gbp_details(
+            self._neutron_admin_context, device='tap%s' % p3['id'],
+            host='host1')
+        self.assertTrue(details['promiscuous_mode'])
+
         # REVISIT: Test port name ending with PROMISCUOUS_SUFFIX, or
         # is that deprecated?