commit 9367ead530bcb01e7f92d7eb60328b40fcde9a23
author Slawek Kaplonski <skaplons@redhat.com> Fri Mar 10 10:07:38 2023 +0100
committer Slawek Kaplonski <skaplons@redhat.com> Wed Mar 15 11:18:50 2023 +0000
tree a3be3ce488b5888c7a9a84838379abe938fa529f
parent bf1b7019d252d43e27b81e19db595453c49818fb

[Stateless SG] Add test to check change stateful to stateless SG

This scenario test applies stateful SG to the VM, ensures that
connectivity is working fine and then detach SG from the vm, update it
to be stateless, attach again and ensures that connectivity is working
still fine.

Change-Id: I99cf5edf79a77f5940d28fa760e03b66d289be20

neutron_tempest_plugin/scenario/test_security_groups.py

diff --git a/neutron_tempest_plugin/scenario/test_security_groups.py b/neutron_tempest_plugin/scenario/test_security_groups.py
index 58c36e2..036ffeb 100644
--- a/neutron_tempest_plugin/scenario/test_security_groups.py
+++ b/neutron_tempest_plugin/scenario/test_security_groups.py
@@ -926,3 +926,41 @@
     @decorators.idempotent_id('e4340e47-39cd-49ed-967c-fc2c40b47c5a')
     def test_remove_sec_grp_from_active_vm(self):
         self._test_remove_sec_grp_from_active_vm()
+
+    @decorators.idempotent_id('8d4753cc-cd7a-48a0-8ece-e11efce2af10')
+    def test_reattach_sg_with_changed_mode(self):
+        sg_kwargs = {'stateful': True}
+        secgrp = self.os_primary.network_client.create_security_group(
+            name=data_utils.rand_name('secgrp'), **sg_kwargs)['security_group']
+        # add cleanup
+        self.security_groups.append(secgrp)
+
+        # now configure sec group to support required connectivity
+        self.create_pingable_secgroup_rule(secgroup_id=secgrp['id'])
+        # and create server
+        ssh_clients, fips, servers = self.create_vm_testing_sec_grp(
+            num_servers=1, security_groups=[{'name': secgrp['name']}])
+        server_ports = self.network_client.list_ports(
+            device_id=servers[0]['server']['id'])['ports']
+
+        # make sure connectivity works
+        self.ping_ip_address(fips[0]['floating_ip_address'],
+                             should_succeed=True)
+        # remove SG from ports
+        for port in server_ports:
+            self.network_client.update_port(port['id'], security_groups=[])
+        # make sure there is now no connectivity as there's no SG attached
+        # to the port
+        self.ping_ip_address(fips[0]['floating_ip_address'],
+                             should_succeed=False)
+
+        # Update SG to be stateless
+        self.os_primary.network_client.update_security_group(
+            secgrp['id'], stateful=False)
+        # Add SG back to the ports
+        for port in server_ports:
+            self.network_client.update_port(
+                port['id'], security_groups=[secgrp['id']])
+        # Make sure connectivity works fine again
+        self.ping_ip_address(fips[0]['floating_ip_address'],
+                             should_succeed=True)