Drop stateless_sg property check from base method

This patch is addition to patch [1], in which tests of stateless
security group feature are checking for stateless_sg property,
and adding ingress rule accordingly.

This patch drops extra internal check inside
create_ingress_metadata_secgroup_rule, so it can be used without
dependency in stateless_sg property.

For example:
When testing security group logging integration with stateless
security groups, there will be no need to add specifically that extra
stateless_sg property.

[1] https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/871397

Change-Id: Ic7b021ad262549aee0e4b3ef951791a6d30580b4
This commit is contained in:
Maor Blaustein 2023-02-16 17:23:53 +02:00
parent 57c84781ba
commit 0ea053cb32

@ -196,19 +196,18 @@ class BaseTempestTestCase(base_api.BaseNetworkTest):
Allowing ingress traffic from metadata server, required only for
stateless security groups.
"""
if getattr(cls, 'stateless_sg'):
# NOTE(slaweq): in case of stateless security groups, there is no
# "related" or "established" traffic matching at all so even if
# egress traffic to 169.254.169.254 is allowed by default SG, we
# need to explicitly allow ingress traffic from the metadata server
# to be able to receive responses in the guest vm
cls.create_security_group_rule(
security_group_id=secgroup_id,
direction=neutron_lib_constants.INGRESS_DIRECTION,
protocol=neutron_lib_constants.PROTO_NAME_TCP,
remote_ip_prefix='169.254.169.254/32',
description='metadata out'
)
# NOTE(slaweq): in case of stateless security groups, there is no
# "related" or "established" traffic matching at all so even if
# egress traffic to 169.254.169.254 is allowed by default SG, we
# need to explicitly allow ingress traffic from the metadata server
# to be able to receive responses in the guest vm
cls.create_security_group_rule(
security_group_id=secgroup_id,
direction=neutron_lib_constants.INGRESS_DIRECTION,
protocol=neutron_lib_constants.PROTO_NAME_TCP,
remote_ip_prefix='169.254.169.254/32',
description='metadata out'
)
@classmethod
def create_pingable_secgroup_rule(cls, secgroup_id=None,