Comment 17 for bug 1484738

Reviewed: https://review.openstack.org/222022
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=9369aab04e37b7818d49b00e65857be8b3564e9e
Submitter: Jenkins
Branch: master

commit 9369aab04e37b7818d49b00e65857be8b3564e9e
Author: Matt Riedemann <email address hidden>
Date: Wed Sep 9 20:29:09 2015 -0700

    Don't expect meta attributes in object_compat that aren't in the db obj

    The object_compat decorator expects to get the Instance object with
    'metadata' and 'system_metadata' attributes but if those aren't in the
    db instance dict object, Instance._from_db_object will fail with a
    KeyError.

    In Kilo this happens per refresh_instance_security_rules because in the
    compute API code, the instance passed to refresh_instance_security_rules
    comes from the call to get the security group(s) which joins on the
    instances column, but that doesn't join on the metadata/system_metadata
    fields for the instances. So when the instances get to object_compat in
    the compute manager and the db instance dict is converted to the
    Instance object, it expects fields that aren't in the dict and we get
    the KeyError.

    The refresh_instance_security_rules case is fixed in Liberty per commit
    12fbe6f082ef9b70b89302e15daa12e851e507a7 - in that case the compute API
    passes Instance objects to the compute manager so object_compat doesn't
    have anything to do, _load_instance just sees instance_or_dict isn't a
    dict and ignores it.

    We're making this change since (1) it's an obviously wrong assumption in
    object_compat and should be fixed and (2) we need to backport this fix
    to stable/kilo since it's an upgrade impact for users there.

    Closes-Bug: #1484738

    Change-Id: I36a954c095a9aa35879200784dc18e35edf689e6