Set the internal-only security group

Set the internal-only security group '__no_rule__' to ports where there is no security group set. Change-Id: I12831fe762b7460ac188109ae4d85bcb38c2f760 Closes-Bug: #1591944
Juniper · Jun 13, 2016 · 79f4242 · 79f4242
1 parent d6a1fe0
commit 79f4242
Showing 1 changed file with 10 additions and 10 deletions.
diff --git a/neutron_plugin_contrail/plugins/opencontrail/vnc_client/vmi_res_handler.py b/neutron_plugin_contrail/plugins/opencontrail/vnc_client/vmi_res_handler.py
@@ -391,21 +391,22 @@ def _set_vm_instance_for_vmi(self, vmi_obj, instance_name):
                 except vnc_exc.RefsExistError:
                     pass
 
-    def _set_vmi_security_groups(self, vmi_obj, sec_group_list,
-                                 create_no_rule=False):
+    def _set_vmi_security_groups(self, vmi_obj, sec_group_list):
         vmi_obj.set_security_group_list([])
-        for sg_id in sec_group_list or []:
-            # TODO() optimize to not read sg (only uuid/fqn needed)
-            sg_obj = self._vnc_lib.security_group_read(id=sg_id)
-            vmi_obj.add_security_group(sg_obj)
-
         # When there is no-security-group for a port,the internal
         # no_rule group should be used.
-        if create_no_rule and not sec_group_list:
+        if not sec_group_list:
             sg_obj = res_handler.SGHandler(
                 self._vnc_lib).get_no_rule_security_group()
             vmi_obj.add_security_group(sg_obj)
 
+        for sg_id in sec_group_list or []:
+            # TODO() optimize to not read sg (only uuid/fqn needed)
+            sg_obj = self._vnc_lib.security_group_read(id=sg_id)
+            vmi_obj.add_security_group(sg_obj)
+
+
+
     def _set_vmi_extra_dhcp_options(self, vmi_obj, extra_dhcp_options):
         dhcp_options = []
         for option_pair in extra_dhcp_options or []:
@@ -493,8 +494,7 @@ def _neutron_port_to_vmi(self, port_q, vmi_obj=None, update=False):
 
         if 'security_groups' in port_q:
             self._set_vmi_security_groups(vmi_obj,
-                                          port_q.get('security_groups'),
-                                          update)
+                                          port_q.get('security_groups'))
 
         if 'admin_state_up' in port_q:
             id_perms = vmi_obj.get_id_perms()