Merge "Fix security group list when not defined for an instance" into stable/havana

5 files changed, 46 insertions, 2 deletions

diff --git a/nova/compute/api.py b/nova/compute/api.py
index 567a8729a1..d5fa676067 100644
--- a/nova/compute/api.py
+++ b/nova/compute/api.py
@@ -3700,6 +3700,7 @@ class SecurityGroupAPI(base.Base, security_group_base.SecurityGroupBase):
         groups = instance.get('security_groups')
         if groups:
             return [{'name': group['name']} for group in groups]
+        return []
 
     def populate_security_groups(self, instance, security_groups):
         if not security_groups:
diff --git a/nova/network/security_group/neutron_driver.py b/nova/network/security_group/neutron_driver.py
index d83684d2a0..705f7f68bd 100644
--- a/nova/network/security_group/neutron_driver.py
+++ b/nova/network/security_group/neutron_driver.py
@@ -381,7 +381,7 @@ class SecurityGroupAPI(security_group_base.SecurityGroupBase):
         servers = [{'id': instance_uuid}]
         sg_bindings = self.get_instances_security_groups_bindings(
                                   context, servers, detailed)
-        return sg_bindings.get(instance_uuid)
+        return sg_bindings.get(instance_uuid, [])
 
     def _has_security_group_requirements(self, port):
         port_security_enabled = port.get('port_security_enabled', True)
diff --git a/nova/tests/api/openstack/compute/contrib/test_neutron_security_groups.py b/nova/tests/api/openstack/compute/contrib/test_neutron_security_groups.py
index 6b20c377d3..4f9b2f36a2 100644
--- a/nova/tests/api/openstack/compute/contrib/test_neutron_security_groups.py
+++ b/nova/tests/api/openstack/compute/contrib/test_neutron_security_groups.py
@@ -16,10 +16,10 @@
 #    under the License.
 #
 # @author: Aaron Rosen, Nicira Networks, Inc.
-
 import uuid
 
 from lxml import etree
+import mock
 from neutronclient.common import exceptions as n_exc
 from oslo.config import cfg
 import webob
@@ -315,6 +315,20 @@ class TestNeutronSecurityGroups(
             context.get_admin_context(), test_security_groups.FAKE_UUID1)
         self.assertEquals(sgs, expected)
 
+    @mock.patch('nova.network.security_group.neutron_driver.SecurityGroupAPI.'
+                'get_instances_security_groups_bindings')
+    def test_get_security_group_empty_for_instance(self, neutron_sg_bind_mock):
+        servers = [{'id': test_security_groups.FAKE_UUID1}]
+        neutron_sg_bind_mock.return_value = {}
+
+        security_group_api = self.controller.security_group_api
+        ctx = context.get_admin_context()
+        sgs = security_group_api.get_instance_security_groups(ctx,
+                test_security_groups.FAKE_UUID1)
+
+        neutron_sg_bind_mock.assert_called_once_with(ctx, servers, False)
+        self.assertEqual([], sgs)
+
     def test_create_port_with_sg_and_port_security_enabled_true(self):
         sg1 = self._create_sg_template(name='test1').get('security_group')
         net = self._create_network()
diff --git a/nova/tests/api/openstack/compute/contrib/test_security_groups.py b/nova/tests/api/openstack/compute/contrib/test_security_groups.py
index 9a2c9eb86f..be91f4b5a3 100644
--- a/nova/tests/api/openstack/compute/contrib/test_security_groups.py
+++ b/nova/tests/api/openstack/compute/contrib/test_security_groups.py
@@ -16,6 +16,7 @@
 #    under the License.
 
 from lxml import etree
+import mock
 import mox
 from oslo.config import cfg
 import webob
@@ -372,6 +373,24 @@ class TestSecurityGroups(test.TestCase):
 
         self.assertEquals(res_dict, expected)
 
+    @mock.patch('nova.db.instance_get_by_uuid')
+    @mock.patch('nova.db.security_group_get_by_instance', return_value=[])
+    def test_get_security_group_empty_for_instance(self, mock_sec_group,
+                                                   mock_db_get_ins):
+        expected = {'security_groups': []}
+
+        def return_instance(context, server_id,
+                            columns_to_join=None, use_slave=False):
+            self.assertEqual(server_id, FAKE_UUID1)
+            return return_server_by_uuid(context, server_id)
+        mock_db_get_ins.side_effect = return_instance
+        req = fakes.HTTPRequest.blank('/v2/%s/servers/%s/os-security-groups' %
+                                      ('fake', FAKE_UUID1))
+        res_dict = self.server_controller.index(req, FAKE_UUID1)
+        self.assertEqual(expected, res_dict)
+        mock_sec_group.assert_called_once_with(req.environ['nova.context'],
+                                               FAKE_UUID1)
+
     def test_get_security_group_by_instance_non_existing(self):
         self.stubs.Set(nova.db, 'instance_get', return_server_nonexistent)
         self.stubs.Set(nova.db, 'instance_get_by_uuid',
diff --git a/nova/tests/network/security_group/test_neutron_driver.py b/nova/tests/network/security_group/test_neutron_driver.py
index 83fa406d1d..2819bccb76 100644
--- a/nova/tests/network/security_group/test_neutron_driver.py
+++ b/nova/tests/network/security_group/test_neutron_driver.py
@@ -212,3 +212,13 @@ class TestNeutronDriver(test.NoDBTestCase):
         result = sg_api.get_instances_security_groups_bindings(
                                   self.context, servers)
         self.assertEquals(result, sg_bindings)
+
+    def test_instance_empty_security_groups(self):
+
+        port_list = {'ports': [{'id': 1, 'device_id': '1',
+                     'security_groups': []}]}
+        self.moxed_client.list_ports(device_id=['1']).AndReturn(port_list)
+        self.mox.ReplayAll()
+        sg_api = neutron_driver.SecurityGroupAPI()
+        result = sg_api.get_instance_security_groups(self.context, '1')
+        self.assertEqual([], result)