Drop stateless_sg property check from base method

This patch is addition to patch [1], in which tests of stateless security group feature are checking for stateless_sg property, and adding ingress rule accordingly. This patch drops extra internal check inside create_ingress_metadata_secgroup_rule, so it can be used without dependency in stateless_sg property. For example: When testing security group logging integration with stateless security groups, there will be no need to add specifically that extra stateless_sg property. [1] https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/871397 Change-Id: Ic7b021ad262549aee0e4b3ef951791a6d30580b4
2023-02-16 17:23:53 +02:00 · 2023-02-16 17:23:53 +02:00 · 0ea053cb32
commit 0ea053cb32
parent 57c84781ba
1 changed files with 12 additions and 13 deletions
--- a/neutron_tempest_plugin/scenario/base.py
+++ b/neutron_tempest_plugin/scenario/base.py
@ -196,19 +196,18 @@ class BaseTempestTestCase(base_api.BaseNetworkTest):
        Allowing ingress traffic from metadata server, required only for
        stateless security groups.
        """
-        if getattr(cls, 'stateless_sg'):
-            # NOTE(slaweq): in case of stateless security groups, there is no
-            # "related" or "established" traffic matching at all so even if
-            # egress traffic to 169.254.169.254 is allowed by default SG, we
-            # need to explicitly allow ingress traffic from the metadata server
-            # to be able to receive responses in the guest vm
-            cls.create_security_group_rule(
-                security_group_id=secgroup_id,
-                direction=neutron_lib_constants.INGRESS_DIRECTION,
-                protocol=neutron_lib_constants.PROTO_NAME_TCP,
-                remote_ip_prefix='169.254.169.254/32',
-                description='metadata out'
-            )
+        # NOTE(slaweq): in case of stateless security groups, there is no
+        # "related" or "established" traffic matching at all so even if
+        # egress traffic to 169.254.169.254 is allowed by default SG, we
+        # need to explicitly allow ingress traffic from the metadata server
+        # to be able to receive responses in the guest vm
+        cls.create_security_group_rule(
+            security_group_id=secgroup_id,
+            direction=neutron_lib_constants.INGRESS_DIRECTION,
+            protocol=neutron_lib_constants.PROTO_NAME_TCP,
+            remote_ip_prefix='169.254.169.254/32',
+            description='metadata out'
+        )

    @classmethod
    def create_pingable_secgroup_rule(cls, secgroup_id=None,