NSX|v+v3: Allow multiple provider security groups on port

Commit I058f639c94602dcce5c6f796d5fae4692481ad88 allowed creating multiple provider security groups per tenant, but this fix was needed in order to allow creating a port with those. Change-Id: Ie3306e45fe2af00e90ae5924831b366f8b42fa83
2016-11-30 10:11:02 +02:00
parent 862b6713dc
commit 0012580513
2 changed files with 18 additions and 2 deletions
--- a/vmware_nsx/db/extended_security_group.py
+++ b/vmware_nsx/db/extended_security_group.py
@@ -168,8 +168,8 @@ class ExtendedSecurityGroupPropertiesMixin(object):
            NsxExtendedSecurityGroupProperties.security_group_id
        ).join(securitygroups_db.SecurityGroup).filter(
            securitygroups_db.SecurityGroup.tenant_id == tenant_id,
-            NsxExtendedSecurityGroupProperties.provider == sa.true()).scalar()
-        return [res] if res else []
+            NsxExtendedSecurityGroupProperties.provider == sa.true()).all()
+        return [r[0] for r in res]

    def _validate_security_group_properties_create(self, context,
                                                   security_group, default_sg):
--- a/vmware_nsx/tests/unit/extensions/test_provider_security_groups.py
+++ b/vmware_nsx/tests/unit/extensions/test_provider_security_groups.py
@@ -168,12 +168,28 @@ class ProviderSecurityGroupExtTestCase(
        provider_secgroup = self._create_provider_security_group()
        with self.port(tenant_id=self._tenant_id) as p:
            # check that the provider security group is on port resource.
+            self.assertEqual(1, len(p['port']['provider_security_groups']))
            self.assertEqual(provider_secgroup['security_group']['id'],
                             p['port']['provider_security_groups'][0])

            # confirm there is still a default security group.
            self.assertEqual(len(p['port']['security_groups']), 1)

+    def test_create_port_gets_multi_provider_sg(self):
+        # need to create provider security groups first.
+        provider_secgroup1 = self._create_provider_security_group()
+        provider_secgroup2 = self._create_provider_security_group()
+        with self.port(tenant_id=self._tenant_id) as p:
+            # check that the provider security group is on port resource.
+            self.assertEqual(2, len(p['port']['provider_security_groups']))
+            self.assertIn(provider_secgroup1['security_group']['id'],
+                          p['port']['provider_security_groups'])
+            self.assertIn(provider_secgroup2['security_group']['id'],
+                          p['port']['provider_security_groups'])
+
+            # confirm there is still a default security group.
+            self.assertEqual(len(p['port']['security_groups']), 1)
+
    def test_create_port_with_no_provider_sg(self):
        self._create_provider_security_group()
        with self.port(tenant_id=self._tenant_id,