commit a20bcddf514ea2fc3ee445d8547cbf520c32bdfb
author Maor Blaustein <blue@redhat.com> Sun Jan 22 16:57:25 2023 +0200
committer Maor Blaustein <blue@redhat.com> Sun Jan 22 16:57:25 2023 +0200
tree 8320285c05b66a44ff061e732466e871ca7db70f
parent bb0cf73edec8f1d72826c4b092c9fc1b517c33ca

Stateful SG tests without ingress metadata rule

In case stateful security groups are tested,
then the security group rule that allows ingress metadata isn't needed.

Change-Id: I33dce15a708dac36d20f5ef5eb006c2033bbeee8

neutron_tempest_plugin/scenario/test_security_groups.py

diff --git a/neutron_tempest_plugin/scenario/test_security_groups.py b/neutron_tempest_plugin/scenario/test_security_groups.py
index 7eae2eb..16313a3 100644
--- a/neutron_tempest_plugin/scenario/test_security_groups.py
+++ b/neutron_tempest_plugin/scenario/test_security_groups.py
@@ -140,8 +140,9 @@
             **sg_kwargs)
         self.create_loginable_secgroup_rule(
             secgroup_id=ssh_secgrp['security_group']['id'])
-        self.create_ingress_metadata_secgroup_rule(
-            secgroup_id=ssh_secgrp['security_group']['id'])
+        if self.stateless_sg:
+            self.create_ingress_metadata_secgroup_rule(
+                secgroup_id=ssh_secgrp['security_group']['id'])
         icmp_secgrp = self.os_primary.network_client.create_security_group(
             name=icmp_secgrp_name,
             **sg_kwargs)
@@ -235,8 +236,9 @@
             **sg_kwargs)
         self.create_pingable_secgroup_rule(
             secgroup_id=icmp_secgrp['security_group']['id'])
-        self.create_ingress_metadata_secgroup_rule(
-            secgroup_id=ssh_secgrp['security_group']['id'])
+        if self.stateless_sg:
+            self.create_ingress_metadata_secgroup_rule(
+                secgroup_id=ssh_secgrp['security_group']['id'])
         for sec_grp in (ssh_secgrp, icmp_secgrp):
             self.security_groups.append(sec_grp['security_group'])
         security_groups_list = [{'name': ssh_secgrp_name},
@@ -294,8 +296,9 @@
         # configure sec group to support SSH connectivity
         self.create_loginable_secgroup_rule(
             secgroup_id=ssh_secgrp['security_group']['id'])
-        self.create_ingress_metadata_secgroup_rule(
-            secgroup_id=ssh_secgrp['security_group']['id'])
+        if self.stateless_sg:
+            self.create_ingress_metadata_secgroup_rule(
+                secgroup_id=ssh_secgrp['security_group']['id'])
         # spawn two instances with the sec group created
         server_ssh_clients, fips, servers = self.create_vm_testing_sec_grp(
             security_groups=[{'name': ssh_secgrp_name}])
@@ -426,8 +429,9 @@
             secgroup_id=secgrp['security_group']['id'])
         self.create_pingable_secgroup_rule(
             secgroup_id=secgrp['security_group']['id'])
-        self.create_ingress_metadata_secgroup_rule(
-            secgroup_id=secgrp['security_group']['id'])
+        if self.stateless_sg:
+            self.create_ingress_metadata_secgroup_rule(
+                secgroup_id=secgrp['security_group']['id'])
         # add security group to cleanup
         self.security_groups.append(secgrp['security_group'])
         # create two ports with fixed IPs and the security group created