Drop stateless_sg property check from base method
This patch is addition to patch [1], in which tests of stateless security group feature are checking for stateless_sg property, and adding ingress rule accordingly. This patch drops extra internal check inside create_ingress_metadata_secgroup_rule, so it can be used without dependency in stateless_sg property. For example: When testing security group logging integration with stateless security groups, there will be no need to add specifically that extra stateless_sg property. [1] https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/871397 Change-Id: Ic7b021ad262549aee0e4b3ef951791a6d30580b4
This commit is contained in:
parent
57c84781ba
commit
0ea053cb32
@ -196,19 +196,18 @@ class BaseTempestTestCase(base_api.BaseNetworkTest):
|
||||
Allowing ingress traffic from metadata server, required only for
|
||||
stateless security groups.
|
||||
"""
|
||||
if getattr(cls, 'stateless_sg'):
|
||||
# NOTE(slaweq): in case of stateless security groups, there is no
|
||||
# "related" or "established" traffic matching at all so even if
|
||||
# egress traffic to 169.254.169.254 is allowed by default SG, we
|
||||
# need to explicitly allow ingress traffic from the metadata server
|
||||
# to be able to receive responses in the guest vm
|
||||
cls.create_security_group_rule(
|
||||
security_group_id=secgroup_id,
|
||||
direction=neutron_lib_constants.INGRESS_DIRECTION,
|
||||
protocol=neutron_lib_constants.PROTO_NAME_TCP,
|
||||
remote_ip_prefix='169.254.169.254/32',
|
||||
description='metadata out'
|
||||
)
|
||||
# NOTE(slaweq): in case of stateless security groups, there is no
|
||||
# "related" or "established" traffic matching at all so even if
|
||||
# egress traffic to 169.254.169.254 is allowed by default SG, we
|
||||
# need to explicitly allow ingress traffic from the metadata server
|
||||
# to be able to receive responses in the guest vm
|
||||
cls.create_security_group_rule(
|
||||
security_group_id=secgroup_id,
|
||||
direction=neutron_lib_constants.INGRESS_DIRECTION,
|
||||
protocol=neutron_lib_constants.PROTO_NAME_TCP,
|
||||
remote_ip_prefix='169.254.169.254/32',
|
||||
description='metadata out'
|
||||
)
|
||||
|
||||
@classmethod
|
||||
def create_pingable_secgroup_rule(cls, secgroup_id=None,
|
||||
|
Loading…
x
Reference in New Issue
Block a user