Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / neutron-tempest-plugin / a016f7a349d55e07c81b693d3dfe9a3ba6244ee9^! / . / neutron_tempest_plugin
commita016f7a349d55e07c81b693d3dfe9a3ba6244ee9[log] [tgz]
authorliushy <liuxie_11@163.com>Thu Jan 18 11:13:58 2024 +0800
committerBrian Haley <haleyb.dev@gmail.com>Mon Jun 02 15:07:18 2025 -0400
treecdae75c12d19adb2727e1d924e3e4f00f666a178
parentda40ffe05cfe9b5ddaaadea94a1b1d1467ed24bb [diff]
Add test job for address_group api backend Ml2/OVN

Depends-on: https://review.opendev.org/c/openstack/neutron/+/949852
Depends-on: https://review.opendev.org/c/openstack/neutron/+/949854

Closes-Bug: #1982287
Change-Id: Idd64c04b98006b0ecfaad9f9c3a8c218a57ab4db

diff --git a/neutron_tempest_plugin/scenario/base.py b/neutron_tempest_plugin/scenario/base.py
index 70cb2dc..d299c47 100644
--- a/neutron_tempest_plugin/scenario/base.py
+++ b/neutron_tempest_plugin/scenario/base.py

@@ -176,7 +176,7 @@
                                        client=None):
         """This rule is intended to permit inbound ssh
 
-        Allowing ssh traffic traffic from all sources, so no group_id is
+        Allowing ssh traffic from all sources, so no group_id is
         provided.
         Setting a group_id would only permit traffic from ports
         belonging to the same security group.

diff --git a/neutron_tempest_plugin/scenario/test_security_groups.py b/neutron_tempest_plugin/scenario/test_security_groups.py
index dc0f5ef..b963887 100644
--- a/neutron_tempest_plugin/scenario/test_security_groups.py
+++ b/neutron_tempest_plugin/scenario/test_security_groups.py

@@ -437,6 +437,9 @@
         # configure sec group to support SSH connectivity
         self.create_loginable_secgroup_rule(
             secgroup_id=ssh_secgrp['id'])
+        if self.stateless_sg:
+            self.create_ingress_metadata_secgroup_rule(
+                secgroup_id=ssh_secgrp['id'])
         # spawn two instances with the sec group created
         server_ssh_clients, fips, servers = self.create_vm_testing_sec_grp(
             security_groups=[{'name': ssh_secgrp['name']}])
@@ -464,9 +467,13 @@
                              should_succeed=False)
 
         # add ICMP rule with remote address group
+        address_set = [str(netaddr.IPNetwork(fips[0]['fixed_ip_address']))]
+        if self.stateless_sg:
+            address_set.append(
+                str(netaddr.IPNetwork(fips[1]['fixed_ip_address'])))
         test_ag = self.create_address_group(
             name=data_utils.rand_name('test_ag'),
-            addresses=[str(netaddr.IPNetwork(fips[0]['fixed_ip_address']))])
+            addresses=address_set)
         rule_list = [{'protocol': constants.PROTO_NUM_ICMP,
                       'direction': constants.INGRESS_DIRECTION,
                       'remote_address_group_id': test_ag['id']}]
@@ -762,8 +769,8 @@
         self._test_remote_group()
 
     @testtools.skipUnless(
-        CONF.neutron_plugin_options.firewall_driver == 'openvswitch',
-        "Openvswitch agent is required to run this test")
+        CONF.neutron_plugin_options.firewall_driver in ['openvswitch', 'ovn'],
+        "Openvswitch agent or Ml2/OVN is required to run this test")
     @decorators.idempotent_id('678dd4c0-2953-4626-b89c-8e7e4110ec4b')
     @tempest_utils.requires_ext(extension="address-group", service="network")
     @tempest_utils.requires_ext(
@@ -949,8 +956,8 @@
         self._test_remote_group()
 
     @testtools.skipUnless(
-        CONF.neutron_plugin_options.firewall_driver == 'openvswitch',
-        "Openvswitch agent is required to run this test")
+        CONF.neutron_plugin_options.firewall_driver in ['openvswitch', 'ovn'],
+        "Openvswitch agent or Ml2/OVN is required to run this test")
     @decorators.idempotent_id('9fae530d-2711-4c61-a4a5-8efe6e58ab14')
     @tempest_utils.requires_ext(extension="address-group", service="network")
     @tempest_utils.requires_ext(