diff --git a/neutron_plugin_contrail/plugins/opencontrail/vnc_client/vmi_res_handler.py b/neutron_plugin_contrail/plugins/opencontrail/vnc_client/vmi_res_handler.py index 3c62291..d52c50f 100644 --- a/neutron_plugin_contrail/plugins/opencontrail/vnc_client/vmi_res_handler.py +++ b/neutron_plugin_contrail/plugins/opencontrail/vnc_client/vmi_res_handler.py @@ -391,21 +391,22 @@ def _set_vm_instance_for_vmi(self, vmi_obj, instance_name): except vnc_exc.RefsExistError: pass - def _set_vmi_security_groups(self, vmi_obj, sec_group_list, - create_no_rule=False): + def _set_vmi_security_groups(self, vmi_obj, sec_group_list): vmi_obj.set_security_group_list([]) - for sg_id in sec_group_list or []: - # TODO() optimize to not read sg (only uuid/fqn needed) - sg_obj = self._vnc_lib.security_group_read(id=sg_id) - vmi_obj.add_security_group(sg_obj) - # When there is no-security-group for a port,the internal # no_rule group should be used. - if create_no_rule and not sec_group_list: + if not sec_group_list: sg_obj = res_handler.SGHandler( self._vnc_lib).get_no_rule_security_group() vmi_obj.add_security_group(sg_obj) + for sg_id in sec_group_list or []: + # TODO() optimize to not read sg (only uuid/fqn needed) + sg_obj = self._vnc_lib.security_group_read(id=sg_id) + vmi_obj.add_security_group(sg_obj) + + + def _set_vmi_extra_dhcp_options(self, vmi_obj, extra_dhcp_options): dhcp_options = [] for option_pair in extra_dhcp_options or []: @@ -493,8 +494,7 @@ def _neutron_port_to_vmi(self, port_q, vmi_obj=None, update=False): if 'security_groups' in port_q: self._set_vmi_security_groups(vmi_obj, - port_q.get('security_groups'), - update) + port_q.get('security_groups')) if 'admin_state_up' in port_q: id_perms = vmi_obj.get_id_perms()