Add metering labels and metering label rules test cases for RBAC.

Change-Id: I1c69dd7fec09504fcb91b543e59a33ab96d9fdf7
Partially-Implements: blueprint blueprint initial-tests-neutron
diff --git a/patrole_tempest_plugin/tests/api/network/test_metering_label_rules_rbac.py b/patrole_tempest_plugin/tests/api/network/test_metering_label_rules_rbac.py
new file mode 100644
index 0000000..3f768e1
--- /dev/null
+++ b/patrole_tempest_plugin/tests/api/network/test_metering_label_rules_rbac.py
@@ -0,0 +1,123 @@
+# Copyright 2017 AT&T Corporation.
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from oslo_log import log
+from tempest import config
+from tempest.lib.common.utils import data_utils
+from tempest.lib.common.utils import test_utils
+from tempest.lib import decorators
+from tempest.lib import exceptions
+from tempest import test
+
+from patrole_tempest_plugin import rbac_exceptions
+from patrole_tempest_plugin import rbac_rule_validation
+from patrole_tempest_plugin.tests.api.network import rbac_base as base
+
+CONF = config.CONF
+LOG = log.getLogger(__name__)
+
+
+class MeteringLabelRulesRbacTest(base.BaseNetworkRbacTest):
+
+    @classmethod
+    def skip_checks(cls):
+        super(MeteringLabelRulesRbacTest, cls).skip_checks()
+        if not test.is_extension_enabled('metering', 'network'):
+            msg = "metering extension not enabled."
+            raise cls.skipException(msg)
+
+    @classmethod
+    def setup_clients(cls):
+        super(MeteringLabelRulesRbacTest, cls).setup_clients()
+        cls.metering_labels_client = cls.os.metering_labels_client
+        cls.metering_label_rules_client = cls.os.metering_label_rules_client
+
+    def tearDown(self):
+        self.rbac_utils.switch_role(self, switchToRbacRole=False)
+        super(MeteringLabelRulesRbacTest, self).tearDown()
+
+    @classmethod
+    def resource_setup(cls):
+        super(MeteringLabelRulesRbacTest, cls).resource_setup()
+
+        body = cls.metering_labels_client.create_metering_label(
+            name=data_utils.rand_name(cls.__name__))
+        cls.label = body['metering_label']
+
+    @classmethod
+    def resource_cleanup(cls):
+        cls.metering_labels_client.delete_metering_label(cls.label['id'])
+        super(MeteringLabelRulesRbacTest, cls).resource_cleanup()
+
+    def _create_metering_label_rule(self, label):
+        body = self.metering_label_rules_client.create_metering_label_rule(
+            metering_label_id=label['id'],
+            remote_ip_prefix=CONF.network.project_network_cidr,
+            direction="ingress")
+        label_rule = body['metering_label_rule']
+        self.addCleanup(
+            test_utils.call_and_ignore_notfound_exc,
+            self.metering_label_rules_client.delete_metering_label_rule,
+            label_rule['id'])
+        return label_rule
+
+    @rbac_rule_validation.action(service="neutron",
+                                 rule="create_metering_label_rule")
+    @decorators.idempotent_id('81e81776-9d41-4d5e-b5c4-59d5c54a31ad')
+    def test_create_metering_label_rule(self):
+        """Create metering label rule.
+
+        RBAC test for the neutron create_metering_label_rule policy
+        """
+        self.rbac_utils.switch_role(self, switchToRbacRole=True)
+        self._create_metering_label_rule(self.label)
+
+    @rbac_rule_validation.action(service="neutron",
+                                 rule="get_metering_label_rule")
+    @decorators.idempotent_id('e21b40c3-d44d-412f-84ea-836ca8603bcb')
+    def test_show_metering_label_rule(self):
+        """Show metering label rule.
+
+        RBAC test for the neutron get_metering_label_rule policy
+        """
+        label_rule = self._create_metering_label_rule(self.label)
+        self.rbac_utils.switch_role(self, switchToRbacRole=True)
+        try:
+            self.metering_label_rules_client.show_metering_label_rule(
+                label_rule['id'])
+        except exceptions.NotFound as e:
+            LOG.info("NotFound exception caught. Exception is thrown when "
+                     "role doesn't have access to the endpoint."
+                     "This is irregular and should be fixed.")
+            raise rbac_exceptions.RbacActionFailed(e)
+
+    @rbac_rule_validation.action(service="neutron",
+                                 rule="delete_metering_label_rule")
+    @decorators.idempotent_id('e3adc88c-05c0-43a7-8e32-63947ae4890e')
+    def test_delete_metering_label_rule(self):
+        """Delete metering label rule.
+
+        RBAC test for the neutron delete_metering_label_rule policy
+        """
+        label_rule = self._create_metering_label_rule(self.label)
+        self.rbac_utils.switch_role(self, switchToRbacRole=True)
+        try:
+            self.metering_label_rules_client.delete_metering_label_rule(
+                label_rule['id'])
+        except exceptions.NotFound as e:
+            LOG.info("NotFound exception caught. Exception is thrown when "
+                     "role doesn't have access to the endpoint."
+                     "This is irregular and should be fixed.")
+            raise rbac_exceptions.RbacActionFailed(e)
diff --git a/patrole_tempest_plugin/tests/api/network/test_metering_labels_rbac.py b/patrole_tempest_plugin/tests/api/network/test_metering_labels_rbac.py
new file mode 100644
index 0000000..70dab77
--- /dev/null
+++ b/patrole_tempest_plugin/tests/api/network/test_metering_labels_rbac.py
@@ -0,0 +1,103 @@
+# Copyright 2017 AT&T Corporation.
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from oslo_log import log
+from tempest.lib.common.utils import data_utils
+from tempest.lib.common.utils import test_utils
+from tempest.lib import decorators
+from tempest.lib import exceptions
+from tempest import test
+
+from patrole_tempest_plugin import rbac_exceptions
+from patrole_tempest_plugin import rbac_rule_validation
+from patrole_tempest_plugin.tests.api.network import rbac_base as base
+
+LOG = log.getLogger(__name__)
+
+
+class MeteringLabelsRbacTest(base.BaseNetworkRbacTest):
+
+    @classmethod
+    def skip_checks(cls):
+        super(MeteringLabelsRbacTest, cls).skip_checks()
+        if not test.is_extension_enabled('metering', 'network'):
+            msg = "metering extension not enabled."
+            raise cls.skipException(msg)
+
+    @classmethod
+    def setup_clients(cls):
+        super(MeteringLabelsRbacTest, cls).setup_clients()
+        cls.metering_labels_client = cls.os.metering_labels_client
+
+    def tearDown(self):
+        self.rbac_utils.switch_role(self, switchToRbacRole=False)
+        super(MeteringLabelsRbacTest, self).tearDown()
+
+    def _create_metering_label(self):
+        body = self.metering_labels_client.create_metering_label(
+            name=data_utils.rand_name(self.__class__.__name__))
+
+        label = body['metering_label']
+        self.addCleanup(test_utils.call_and_ignore_notfound_exc,
+                        self.metering_labels_client.delete_metering_label,
+                        label['id'])
+        return label
+
+    @rbac_rule_validation.action(service="neutron",
+                                 rule="create_metering_label")
+    @decorators.idempotent_id('e8cfc8b8-c159-48f0-93b3-591625a02f8b')
+    def test_create_metering_label(self):
+        """Create metering label.
+
+        RBAC test for the neutron "create_metering_label" policy
+        """
+        self.rbac_utils.switch_role(self, switchToRbacRole=True)
+        self._create_metering_label()
+
+    @rbac_rule_validation.action(service="neutron",
+                                 rule="get_metering_label")
+    @decorators.idempotent_id('c57f6636-c702-4755-8eac-5e73bc1f7d14')
+    def test_show_metering_label(self):
+        """Show metering label.
+
+        RBAC test for the neutron "get_metering_label" policy
+        """
+        label = self._create_metering_label()
+        self.rbac_utils.switch_role(self, switchToRbacRole=True)
+        try:
+            self.metering_labels_client.show_metering_label(label['id'])
+        except exceptions.NotFound as e:
+            LOG.info("NotFound exception caught. Exception is thrown when "
+                     "role doesn't have access to the endpoint."
+                     "This is irregular and should be fixed.")
+            raise rbac_exceptions.RbacActionFailed(e)
+
+    @rbac_rule_validation.action(service="neutron",
+                                 rule="delete_metering_label")
+    @decorators.idempotent_id('1621ccfe-2e3f-4d16-98aa-b620f9d00404')
+    def test_delete_metering_label(self):
+        """Delete metering label.
+
+        RBAC test for the neutron "delete_metering_label" policy
+        """
+        label = self._create_metering_label()
+        self.rbac_utils.switch_role(self, switchToRbacRole=True)
+        try:
+            self.metering_labels_client.delete_metering_label(label['id'])
+        except exceptions.NotFound as e:
+            LOG.info("NotFound exception caught. Exception is thrown when "
+                     "role doesn't have access to the endpoint."
+                     "This is irregular and should be fixed.")
+            raise rbac_exceptions.RbacActionFailed(e)