Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / tempest / e1d873a5fc47d194be9121b352e326f593b520b8^! / .
commite1d873a5fc47d194be9121b352e326f593b520b8[log] [tgz]
authorMartin Kopec <mkopec@redhat.com>Mon Nov 02 12:19:54 2020 +0000
committerMartin Kopec <mkopec@redhat.com>Mon Nov 02 12:45:20 2020 +0000
tree75ec98871106c3b62c6d0e23b612df2210d79891
parent711e9f21c8b8c5b9d05accfb0ac6251f2d21ddbf [diff]
Stabilize _create_loginable_secgroup_rule

rulesets argument is added for the method signature, which uses
compute clients, in order to allow passing custom rulesets.

Implements: blueprint tempest-scenario-manager-stable
Change-Id: I387e5f3073f51689d8bfb6571539e0cad1dacbbe

diff --git a/tempest/scenario/manager.py b/tempest/scenario/manager.py
index ff860d5..5ed1471 100644
--- a/tempest/scenario/manager.py
+++ b/tempest/scenario/manager.py

@@ -491,7 +491,14 @@
         self.addCleanup(self._cleanup_volume_type, volume_type)
         return volume_type
 
-    def _create_loginable_secgroup_rule(self, secgroup_id=None):
+    def _create_loginable_secgroup_rule(self, secgroup_id=None, rulesets=None):
+        """Create loginable security group rule by compute clients.
+
+        This function will create by default the following rules:
+        1. tcp port 22 allow rule in order to allow ssh access for ipv4
+        2. ipv4 icmp allow rule in order to allow icmpv4
+        """
+
         _client = self.compute_security_groups_client
         _client_rules = self.compute_security_group_rules_client
         if secgroup_id is None:
@@ -504,22 +511,23 @@
         # traffic from all sources, so no group_id is provided.
         # Setting a group_id would only permit traffic from ports
         # belonging to the same security group.
-        rulesets = [
-            {
-                # ssh
-                'ip_protocol': 'tcp',
-                'from_port': 22,
-                'to_port': 22,
-                'cidr': '0.0.0.0/0',
-            },
-            {
-                # ping
-                'ip_protocol': 'icmp',
-                'from_port': -1,
-                'to_port': -1,
-                'cidr': '0.0.0.0/0',
-            }
-        ]
+        if not rulesets:
+            rulesets = [
+                {
+                    # ssh
+                    'ip_protocol': 'tcp',
+                    'from_port': 22,
+                    'to_port': 22,
+                    'cidr': '0.0.0.0/0',
+                },
+                {
+                    # ping
+                    'ip_protocol': 'icmp',
+                    'from_port': -1,
+                    'to_port': -1,
+                    'cidr': '0.0.0.0/0',
+                }
+            ]
         rules = list()
         for ruleset in rulesets:
             sg_rule = _client_rules.create_security_group_rule(
@@ -1340,7 +1348,7 @@
     def _create_loginable_secgroup_rule(self, security_group_rules_client=None,
                                         secgroup=None,
                                         security_groups_client=None):
-        """Create loginable security group rule
+        """Create loginable security group rule by neutron clients by default.
 
         This function will create:
         1. egress and ingress tcp port 22 allow rule in order to allow ssh