Merge "[Stateless SG] Fix usage of the default stateless SG"

neutron_tempest_plugin/scenario/test_security_groups.py

@@ -166,12 +166,18 @@ class BaseNetworkSecGroupTest(base.BaseTempestTestCase):
             servers=servers)
 
     def _test_default_sec_grp_scenarios(self):
+        # Ensure that SG used in tests is stateful or stateless as required
+        default_sg_id = self.os_primary.network_client.list_security_groups()[
+            'security_groups'][0]['id']
+        self.os_primary.network_client.update_security_group(
+            default_sg_id, stateful=not self.stateless_sg)
+        if self.stateless_sg:
+            self.create_ingress_metadata_secgroup_rule(
+                secgroup_id=default_sg_id)
         server_ssh_clients, fips, servers = self.create_vm_testing_sec_grp()
+
         # Check ssh connectivity when you add sec group rule, enabling ssh
-        self.create_loginable_secgroup_rule(
-            self.os_primary.network_client.list_security_groups()[
-                'security_groups'][0]['id']
-        )
+        self.create_loginable_secgroup_rule(default_sg_id)
         self.check_connectivity(fips[0]['floating_ip_address'],
                                 CONF.validation.image_ssh_user,
                                 self.keypair['private_key'])
@@ -187,6 +193,10 @@ class BaseNetworkSecGroupTest(base.BaseTempestTestCase):
             servers=servers)
 
         # Check ICMP connectivity from VM to external network
+        if self.stateless_sg:
+            # NOTE(slaweq): in case of stateless SG explicit ingress rule for
+            # the ICMP replies needs to be added too
+            self.create_pingable_secgroup_rule(default_sg_id)
         subnets = self.os_admin.network_client.list_subnets(
             network_id=CONF.network.public_network_id)['subnets']
         ext_net_ip = None