[Stateless SG] Fix usage of the default stateless SG
In the test test_default_sec_grp_scenarios default SG from project is
used. In the stateless tests suite this group wasn't really stateless
as default group is always created as stateful initiall.
This patch adds update of the SG to ensure that it is stateless when
needed.
Change-Id: I6774f586b1a0a531d277cf5954737a0dfd1f2a5c
diff --git a/neutron_tempest_plugin/scenario/test_security_groups.py b/neutron_tempest_plugin/scenario/test_security_groups.py
index 16313a3..2e5b907 100644
--- a/neutron_tempest_plugin/scenario/test_security_groups.py
+++ b/neutron_tempest_plugin/scenario/test_security_groups.py
@@ -166,12 +166,18 @@
servers=servers)
def _test_default_sec_grp_scenarios(self):
+ # Ensure that SG used in tests is stateful or stateless as required
+ default_sg_id = self.os_primary.network_client.list_security_groups()[
+ 'security_groups'][0]['id']
+ self.os_primary.network_client.update_security_group(
+ default_sg_id, stateful=not self.stateless_sg)
+ if self.stateless_sg:
+ self.create_ingress_metadata_secgroup_rule(
+ secgroup_id=default_sg_id)
server_ssh_clients, fips, servers = self.create_vm_testing_sec_grp()
+
# Check ssh connectivity when you add sec group rule, enabling ssh
- self.create_loginable_secgroup_rule(
- self.os_primary.network_client.list_security_groups()[
- 'security_groups'][0]['id']
- )
+ self.create_loginable_secgroup_rule(default_sg_id)
self.check_connectivity(fips[0]['floating_ip_address'],
CONF.validation.image_ssh_user,
self.keypair['private_key'])
@@ -187,6 +193,10 @@
servers=servers)
# Check ICMP connectivity from VM to external network
+ if self.stateless_sg:
+ # NOTE(slaweq): in case of stateless SG explicit ingress rule for
+ # the ICMP replies needs to be added too
+ self.create_pingable_secgroup_rule(default_sg_id)
subnets = self.os_admin.network_client.list_subnets(
network_id=CONF.network.public_network_id)['subnets']
ext_net_ip = None