Merge "Drop stateless_sg property check from base method"

This commit is contained in:
Zuul 2023-02-28 10:42:02 +00:00 committed by Gerrit Code Review
commit 52d041ec47

@ -196,19 +196,18 @@ class BaseTempestTestCase(base_api.BaseNetworkTest):
Allowing ingress traffic from metadata server, required only for
stateless security groups.
"""
if getattr(cls, 'stateless_sg'):
# NOTE(slaweq): in case of stateless security groups, there is no
# "related" or "established" traffic matching at all so even if
# egress traffic to 169.254.169.254 is allowed by default SG, we
# need to explicitly allow ingress traffic from the metadata server
# to be able to receive responses in the guest vm
cls.create_security_group_rule(
security_group_id=secgroup_id,
direction=neutron_lib_constants.INGRESS_DIRECTION,
protocol=neutron_lib_constants.PROTO_NAME_TCP,
remote_ip_prefix='169.254.169.254/32',
description='metadata out'
)
# NOTE(slaweq): in case of stateless security groups, there is no
# "related" or "established" traffic matching at all so even if
# egress traffic to 169.254.169.254 is allowed by default SG, we
# need to explicitly allow ingress traffic from the metadata server
# to be able to receive responses in the guest vm
cls.create_security_group_rule(
security_group_id=secgroup_id,
direction=neutron_lib_constants.INGRESS_DIRECTION,
protocol=neutron_lib_constants.PROTO_NAME_TCP,
remote_ip_prefix='169.254.169.254/32',
description='metadata out'
)
@classmethod
def create_pingable_secgroup_rule(cls, secgroup_id=None,