From aa8a0cfa512210017cdf785a5b5126645efc9322 Mon Sep 17 00:00:00 2001
From: anish-mudaraddi <anish.mudaraddi@stfc.ac.uk>
Date: Fri, 13 Sep 2024 10:46:34 +0100
Subject: [PATCH] BUG: find security group related to project when creating
 rule

limit find_security_group to project we're creating before creating rules
---
 lib/openstack_api/openstack_security_groups.py         |  7 ++++---
 .../openstack_api/test_openstack_security_groups.py    | 10 ++++++++++
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/lib/openstack_api/openstack_security_groups.py b/lib/openstack_api/openstack_security_groups.py
index fdc85d73..650bcdf7 100644
--- a/lib/openstack_api/openstack_security_groups.py
+++ b/lib/openstack_api/openstack_security_groups.py
@@ -396,9 +396,6 @@ def _create_security_group_rule(
     details.security_group_identifier = details.security_group_identifier.strip()
     if not details.security_group_identifier:
         raise MissingMandatoryParamError("A security group name or ID is required")
-    security_group = conn.network.find_security_group(
-        details.security_group_identifier, ignore_missing=False
-    )
 
     details.project_identifier = details.project_identifier.strip()
     if not details.project_identifier:
@@ -407,6 +404,10 @@ def _create_security_group_rule(
         details.project_identifier, ignore_missing=False
     )
 
+    security_group = conn.network.find_security_group(
+        details.security_group_identifier, ignore_missing=False, project_id=project.id
+    )
+
     start_port = str(details.port_range[0]).strip()
     end_port = str(details.port_range[1]).strip()
     _validate_rule_ports(start_port, end_port)
diff --git a/tests/lib/openstack_api/test_openstack_security_groups.py b/tests/lib/openstack_api/test_openstack_security_groups.py
index 3e1c686f..806c1364 100644
--- a/tests/lib/openstack_api/test_openstack_security_groups.py
+++ b/tests/lib/openstack_api/test_openstack_security_groups.py
@@ -25,6 +25,16 @@ def test_case(mock_conn, mock_details: SecurityGroupRuleDetails):
         if mock_details.port_range == ("*", "*"):
             start_port, end_port = (None, None)
 
+        mock_conn.identity.find_project.assert_any_call(
+            mock_details.project_identifier.strip(), ignore_missing=False
+        )
+
+        mock_conn.network.find_security_group.assert_any_call(
+            mock_details.security_group_identifier.strip(),
+            ignore_missing=False,
+            project_id=mock_conn.identity.find_project.return_value.id,
+        )
+
         mock_conn.network.create_security_group_rule.assert_any_call(
             project_id=mock_conn.identity.find_project.return_value.id,
             security_group_id=mock_conn.network.find_security_group.return_value.id,