Merge "[Stateless SG] Fix usage of the default stateless SG"
diff --git a/neutron_tempest_plugin/scenario/test_security_groups.py b/neutron_tempest_plugin/scenario/test_security_groups.py
index 16313a3..2e5b907 100644
--- a/neutron_tempest_plugin/scenario/test_security_groups.py
+++ b/neutron_tempest_plugin/scenario/test_security_groups.py
@@ -166,12 +166,18 @@
servers=servers)
def _test_default_sec_grp_scenarios(self):
+ # Ensure that SG used in tests is stateful or stateless as required
+ default_sg_id = self.os_primary.network_client.list_security_groups()[
+ 'security_groups'][0]['id']
+ self.os_primary.network_client.update_security_group(
+ default_sg_id, stateful=not self.stateless_sg)
+ if self.stateless_sg:
+ self.create_ingress_metadata_secgroup_rule(
+ secgroup_id=default_sg_id)
server_ssh_clients, fips, servers = self.create_vm_testing_sec_grp()
+
# Check ssh connectivity when you add sec group rule, enabling ssh
- self.create_loginable_secgroup_rule(
- self.os_primary.network_client.list_security_groups()[
- 'security_groups'][0]['id']
- )
+ self.create_loginable_secgroup_rule(default_sg_id)
self.check_connectivity(fips[0]['floating_ip_address'],
CONF.validation.image_ssh_user,
self.keypair['private_key'])
@@ -187,6 +193,10 @@
servers=servers)
# Check ICMP connectivity from VM to external network
+ if self.stateless_sg:
+ # NOTE(slaweq): in case of stateless SG explicit ingress rule for
+ # the ICMP replies needs to be added too
+ self.create_pingable_secgroup_rule(default_sg_id)
subnets = self.os_admin.network_client.list_subnets(
network_id=CONF.network.public_network_id)['subnets']
ext_net_ip = None