Add a test for removing security group from ACTIVE instance

Test name: "test_remove_sec_grp_from_active_vm"
1) Create SG associated with ICMP rule
2) Create Port (assoiated to SG #1) and use it to create the VM
3) Ping the VM, expected should be PASS
4) Remove the security group from VM by Port update
5) Ping the VM, expected should be FAIL

Change-Id: I9fbcdd0f30beeb6985bab4de4d53af639f408c75
diff --git a/neutron_tempest_plugin/scenario/test_security_groups.py b/neutron_tempest_plugin/scenario/test_security_groups.py
index f47ce44..cb8adac 100644
--- a/neutron_tempest_plugin/scenario/test_security_groups.py
+++ b/neutron_tempest_plugin/scenario/test_security_groups.py
@@ -663,3 +663,33 @@
             for port in range(tcp_port, tcp_port + 3):
                 self._verify_http_connection(client_ssh[1], srv_ssh, srv_ip,
                                              port, [])
+
+    @decorators.idempotent_id('96dcd5ff-9d45-4e0d-bea0-0b438cbd388f')
+    def test_remove_sec_grp_from_active_vm(self):
+        """Tests the following:
+
+        1. Create SG associated with ICMP rule
+        2. Create Port (assoiated to SG #1) and use it to create the VM
+        3. Ping the VM, expected should be PASS
+        4. Remove the security group from VM by Port update
+        5. Ping the VM, expected should be FAIL
+        """
+        sec_grp_name = data_utils.rand_name('test_sg')
+        secgrp = self.os_primary.network_client.create_security_group(
+            name=sec_grp_name)
+        self.security_groups.append(secgrp['security_group'])
+        sec_grp_id = secgrp['security_group']['id']
+        self.create_pingable_secgroup_rule(sec_grp_id)
+
+        ex_port = self.create_port(
+            self.network, fixed_ips=[{'subnet_id': self.subnet['id']}],
+            security_groups=[sec_grp_id])
+        fip = self.create_vm_testing_sec_grp(
+            num_servers=1, security_groups=[{'name': sec_grp_name}],
+            ports=[ex_port])[1][0]
+
+        self.ping_ip_address(fip['floating_ip_address'])
+        self.client.update_port(ex_port['id'],
+                                security_groups=[])
+        self.ping_ip_address(fip['floating_ip_address'],
+                             should_succeed=False)