NSXv: Fix update port update with provider security-groups

Change-Id: Ia904df7752842454eea58d762caf0e700f4c1777

vmware_nsx/db/extended_security_group.py

@@ -332,6 +332,7 @@ class ExtendedSecurityGroupPropertiesMixin(object):
             self._process_port_create_provider_security_group(
                 context, updated_port,
                 updated_port[provider_sg.PROVIDER_SECURITYGROUPS])
+        return provider_sg_changed
 
     def _prevent_non_admin_delete_provider_sg(self, context, sg_id):
         # Only someone who is an admin is allowed to delete this.

vmware_nsx/plugins/nsx_v/plugin.py

@@ -1677,9 +1677,8 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
                                                    original_port, ret_port)
             # NOTE(roeyc): Should call this method only after
             # update_security_group_on_port was called.
-            self._process_port_update_provider_security_group(context, port,
-                                                              original_port,
-                                                              ret_port)
+            pvd_sg_changed = self._process_port_update_provider_security_group(
+                context, port, original_port, ret_port)
 
             LOG.debug("Updating port: %s", port)
             self._process_portbindings_create_and_update(context,
@@ -1824,7 +1823,8 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
                                     "function properly "),
                                 {'id': id,
                                  'device_id': original_port['device_id']})
-                if delete_security_groups or has_security_groups:
+                if (delete_security_groups
+                        or has_security_groups or pvd_sg_changed):
                     # Update security-groups,
                     # calculate differences and update vnic membership
                     # accordingly.