From c77c8dcf973655ad970c25c1a76523c3d20a3900 Mon Sep 17 00:00:00 2001
From: Eric K <ekcs.openstack@gmail.com>
Date: Tue, 31 Jul 2018 18:49:18 -0700
Subject: [PATCH] library policy create security groups up-front

minor improvement to the library policy to improve robustness.
Because actions by default execute in asynchronously, if we wait
to create the security group until the security group is needed,
the policy may attempt to attach to a security group before it is
created.

Change-Id: I0c2b1939c5b48d4576f821b482f120537c923808
---
 library/tag_based_network_security_zone.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/library/tag_based_network_security_zone.yaml b/library/tag_based_network_security_zone.yaml
index b0cd4aaed..53c3f3a95 100644
--- a/library/tag_based_network_security_zone.yaml
+++ b/library/tag_based_network_security_zone.yaml
@@ -75,12 +75,12 @@ rules:
   -
     rule: >
       device_to_sg(device_id, sg_id) :-
-        neutronv2:security_group_port_bindings(port_id=port_id, security_group_id=sg_id), 
+        neutronv2:security_group_port_bindings(port_id=port_id, security_group_id=sg_id),
         neutronv2:ports(id=port_id, device_id=device_id)
   -
     rule: >
       zone_missing_sg(zone) :-
-        server_security_zone(_, zone),
+        security_zone_tags(zone),
         NOT security_group_names(zone)
   -
     rule: >