From eccc1b554bbd65bf3ce283869cc0f05f361f939a Mon Sep 17 00:00:00 2001
From: Slawek Kaplonski <skaplons@redhat.com>
Date: Fri, 26 Mar 2021 12:18:37 +0100
Subject: [neutron] Get only ID and name of the SGs from Neutron

During the VM booting process Nova asks Neutron for the security groups
of the project. If there are no any fields specified, Neutron will
prepare list of security groups with all fields, including rules.
In case if project got many SGs, it may take long time as rules needs to
be loaded separately for each SG on Neutron's side.

During booting of the VM, Nova really needs only "id" and "name" of the
security groups so this patch limits request to only those 2 fields.

This lazy loading of the SG rules was introduced in Neutron in [1] and
[2].

[1] https://review.opendev.org/#/c/630401/
[2] https://review.opendev.org/#/c/637407/

Related-Bug: #1865223
Change-Id: I15c3119857970c38541f4de270bd561166334548
(cherry picked from commit 388498ac5fa15ed8deef06ec061ea47e4a1b7377)
(cherry picked from commit 4f49545afaf3cd453796d48ba96b9a82d11c01bf)
(cherry picked from commit f7d84db5876b30d6849877799c08ebc65ac077ca)
(cherry picked from commit be4a514c8aea073a9188cfc878c9afcc9b03cb28)
(cherry picked from commit 1aa571103f90228ddf3dc27386486196ad58ba0e)
(cherry picked from commit 9b24ff384e336d3369b796427d34787872d9a08e)
(cherry picked from commit d27a662be6cee6c11f643f53ca2ce73bdcefa4ac)
---
 nova/network/neutronv2/api.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/nova/network/neutronv2/api.py b/nova/network/neutronv2/api.py
index 6ec851f597..f57863eb28 100644
--- a/nova/network/neutronv2/api.py
+++ b/nova/network/neutronv2/api.py
@@ -716,9 +716,15 @@ class API(base_api.NetworkAPI):
         # TODO(arosen) Should optimize more to do direct query for security
         # group if len(security_groups) == 1
         if len(security_groups):
+            # NOTE(slaweq): fields other than name and id aren't really needed
+            # so asking only about those fields will allow Neutron to not
+            # prepare list of rules for each found security group. That may
+            # speed processing of this request a lot in case when tenant has
+            # got many security groups
+            sg_fields = ['id', 'name']
             search_opts = {'tenant_id': instance.project_id}
             user_security_groups = neutron.list_security_groups(
-                **search_opts).get('security_groups')
+                fields=sg_fields, **search_opts).get('security_groups')
 
             for security_group in security_groups:
                 name_match = None
-- 
cgit v1.2.1