Add metering labels and metering label rules test cases for RBAC.
Change-Id: I1c69dd7fec09504fcb91b543e59a33ab96d9fdf7
Partially-Implements: blueprint blueprint initial-tests-neutron
diff --git a/patrole_tempest_plugin/tests/api/network/test_metering_label_rules_rbac.py b/patrole_tempest_plugin/tests/api/network/test_metering_label_rules_rbac.py
new file mode 100644
index 0000000..3f768e1
--- /dev/null
+++ b/patrole_tempest_plugin/tests/api/network/test_metering_label_rules_rbac.py
@@ -0,0 +1,123 @@
+# Copyright 2017 AT&T Corporation.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from oslo_log import log
+from tempest import config
+from tempest.lib.common.utils import data_utils
+from tempest.lib.common.utils import test_utils
+from tempest.lib import decorators
+from tempest.lib import exceptions
+from tempest import test
+
+from patrole_tempest_plugin import rbac_exceptions
+from patrole_tempest_plugin import rbac_rule_validation
+from patrole_tempest_plugin.tests.api.network import rbac_base as base
+
+CONF = config.CONF
+LOG = log.getLogger(__name__)
+
+
+class MeteringLabelRulesRbacTest(base.BaseNetworkRbacTest):
+
+ @classmethod
+ def skip_checks(cls):
+ super(MeteringLabelRulesRbacTest, cls).skip_checks()
+ if not test.is_extension_enabled('metering', 'network'):
+ msg = "metering extension not enabled."
+ raise cls.skipException(msg)
+
+ @classmethod
+ def setup_clients(cls):
+ super(MeteringLabelRulesRbacTest, cls).setup_clients()
+ cls.metering_labels_client = cls.os.metering_labels_client
+ cls.metering_label_rules_client = cls.os.metering_label_rules_client
+
+ def tearDown(self):
+ self.rbac_utils.switch_role(self, switchToRbacRole=False)
+ super(MeteringLabelRulesRbacTest, self).tearDown()
+
+ @classmethod
+ def resource_setup(cls):
+ super(MeteringLabelRulesRbacTest, cls).resource_setup()
+
+ body = cls.metering_labels_client.create_metering_label(
+ name=data_utils.rand_name(cls.__name__))
+ cls.label = body['metering_label']
+
+ @classmethod
+ def resource_cleanup(cls):
+ cls.metering_labels_client.delete_metering_label(cls.label['id'])
+ super(MeteringLabelRulesRbacTest, cls).resource_cleanup()
+
+ def _create_metering_label_rule(self, label):
+ body = self.metering_label_rules_client.create_metering_label_rule(
+ metering_label_id=label['id'],
+ remote_ip_prefix=CONF.network.project_network_cidr,
+ direction="ingress")
+ label_rule = body['metering_label_rule']
+ self.addCleanup(
+ test_utils.call_and_ignore_notfound_exc,
+ self.metering_label_rules_client.delete_metering_label_rule,
+ label_rule['id'])
+ return label_rule
+
+ @rbac_rule_validation.action(service="neutron",
+ rule="create_metering_label_rule")
+ @decorators.idempotent_id('81e81776-9d41-4d5e-b5c4-59d5c54a31ad')
+ def test_create_metering_label_rule(self):
+ """Create metering label rule.
+
+ RBAC test for the neutron create_metering_label_rule policy
+ """
+ self.rbac_utils.switch_role(self, switchToRbacRole=True)
+ self._create_metering_label_rule(self.label)
+
+ @rbac_rule_validation.action(service="neutron",
+ rule="get_metering_label_rule")
+ @decorators.idempotent_id('e21b40c3-d44d-412f-84ea-836ca8603bcb')
+ def test_show_metering_label_rule(self):
+ """Show metering label rule.
+
+ RBAC test for the neutron get_metering_label_rule policy
+ """
+ label_rule = self._create_metering_label_rule(self.label)
+ self.rbac_utils.switch_role(self, switchToRbacRole=True)
+ try:
+ self.metering_label_rules_client.show_metering_label_rule(
+ label_rule['id'])
+ except exceptions.NotFound as e:
+ LOG.info("NotFound exception caught. Exception is thrown when "
+ "role doesn't have access to the endpoint."
+ "This is irregular and should be fixed.")
+ raise rbac_exceptions.RbacActionFailed(e)
+
+ @rbac_rule_validation.action(service="neutron",
+ rule="delete_metering_label_rule")
+ @decorators.idempotent_id('e3adc88c-05c0-43a7-8e32-63947ae4890e')
+ def test_delete_metering_label_rule(self):
+ """Delete metering label rule.
+
+ RBAC test for the neutron delete_metering_label_rule policy
+ """
+ label_rule = self._create_metering_label_rule(self.label)
+ self.rbac_utils.switch_role(self, switchToRbacRole=True)
+ try:
+ self.metering_label_rules_client.delete_metering_label_rule(
+ label_rule['id'])
+ except exceptions.NotFound as e:
+ LOG.info("NotFound exception caught. Exception is thrown when "
+ "role doesn't have access to the endpoint."
+ "This is irregular and should be fixed.")
+ raise rbac_exceptions.RbacActionFailed(e)
diff --git a/patrole_tempest_plugin/tests/api/network/test_metering_labels_rbac.py b/patrole_tempest_plugin/tests/api/network/test_metering_labels_rbac.py
new file mode 100644
index 0000000..70dab77
--- /dev/null
+++ b/patrole_tempest_plugin/tests/api/network/test_metering_labels_rbac.py
@@ -0,0 +1,103 @@
+# Copyright 2017 AT&T Corporation.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from oslo_log import log
+from tempest.lib.common.utils import data_utils
+from tempest.lib.common.utils import test_utils
+from tempest.lib import decorators
+from tempest.lib import exceptions
+from tempest import test
+
+from patrole_tempest_plugin import rbac_exceptions
+from patrole_tempest_plugin import rbac_rule_validation
+from patrole_tempest_plugin.tests.api.network import rbac_base as base
+
+LOG = log.getLogger(__name__)
+
+
+class MeteringLabelsRbacTest(base.BaseNetworkRbacTest):
+
+ @classmethod
+ def skip_checks(cls):
+ super(MeteringLabelsRbacTest, cls).skip_checks()
+ if not test.is_extension_enabled('metering', 'network'):
+ msg = "metering extension not enabled."
+ raise cls.skipException(msg)
+
+ @classmethod
+ def setup_clients(cls):
+ super(MeteringLabelsRbacTest, cls).setup_clients()
+ cls.metering_labels_client = cls.os.metering_labels_client
+
+ def tearDown(self):
+ self.rbac_utils.switch_role(self, switchToRbacRole=False)
+ super(MeteringLabelsRbacTest, self).tearDown()
+
+ def _create_metering_label(self):
+ body = self.metering_labels_client.create_metering_label(
+ name=data_utils.rand_name(self.__class__.__name__))
+
+ label = body['metering_label']
+ self.addCleanup(test_utils.call_and_ignore_notfound_exc,
+ self.metering_labels_client.delete_metering_label,
+ label['id'])
+ return label
+
+ @rbac_rule_validation.action(service="neutron",
+ rule="create_metering_label")
+ @decorators.idempotent_id('e8cfc8b8-c159-48f0-93b3-591625a02f8b')
+ def test_create_metering_label(self):
+ """Create metering label.
+
+ RBAC test for the neutron "create_metering_label" policy
+ """
+ self.rbac_utils.switch_role(self, switchToRbacRole=True)
+ self._create_metering_label()
+
+ @rbac_rule_validation.action(service="neutron",
+ rule="get_metering_label")
+ @decorators.idempotent_id('c57f6636-c702-4755-8eac-5e73bc1f7d14')
+ def test_show_metering_label(self):
+ """Show metering label.
+
+ RBAC test for the neutron "get_metering_label" policy
+ """
+ label = self._create_metering_label()
+ self.rbac_utils.switch_role(self, switchToRbacRole=True)
+ try:
+ self.metering_labels_client.show_metering_label(label['id'])
+ except exceptions.NotFound as e:
+ LOG.info("NotFound exception caught. Exception is thrown when "
+ "role doesn't have access to the endpoint."
+ "This is irregular and should be fixed.")
+ raise rbac_exceptions.RbacActionFailed(e)
+
+ @rbac_rule_validation.action(service="neutron",
+ rule="delete_metering_label")
+ @decorators.idempotent_id('1621ccfe-2e3f-4d16-98aa-b620f9d00404')
+ def test_delete_metering_label(self):
+ """Delete metering label.
+
+ RBAC test for the neutron "delete_metering_label" policy
+ """
+ label = self._create_metering_label()
+ self.rbac_utils.switch_role(self, switchToRbacRole=True)
+ try:
+ self.metering_labels_client.delete_metering_label(label['id'])
+ except exceptions.NotFound as e:
+ LOG.info("NotFound exception caught. Exception is thrown when "
+ "role doesn't have access to the endpoint."
+ "This is irregular and should be fixed.")
+ raise rbac_exceptions.RbacActionFailed(e)