def test_create_zone_import_and_wait_for_zone(self):
name = dns_data_utils.rand_zone_name('testimport')
zonefile = dns_data_utils.rand_zonefile_data(name=name)
LOG.info('Import zone %r', name)
_, zone_import = self.client.create_zone_import(zonefile)
self.addCleanup(self.client.delete_zone_import, zone_import['id'])
LOG.info('Wait for the zone import to COMPLETE')
waiters.wait_for_zone_import_status(self.client, zone_import['id'],
"COMPLETE")
LOG.info('Check the zone import looks good')
_, zone_import = self.client.show_zone_import(zone_import['id'])
self.assertEqual('COMPLETE', zone_import['status'])
self.assertIsNotNone(zone_import['zone_id'])
self.assertIsNotNone(zone_import['links'].get('zone'))
LOG.info('Wait for the imported zone to go to ACTIVE')
waiters.wait_for_zone_status(self.zones_client, zone_import['zone_id'],
"ACTIVE")
LOG.info('Check the imported zone looks good')
_, zone = self.zones_client.show_zone(zone_import['zone_id'])
self.assertEqual('NONE', zone['action'])
self.assertEqual('ACTIVE', zone['status'])
self.assertEqual(name, zone['name'])
def test_create_zone_import_invalid_name(self):
LOG.info('Try to create a zone import using invalid name')
zone_import = self.client.create_zone_import(
zonefile_data=dns_data_utils.rand_zonefile_data(name='@@@'))[1]
self.addCleanup(self.clean_up_resources, zone_import['id'])
waiters.wait_for_zone_import_status(self.client, zone_import['id'],
"ERROR")
def test_create_zone_import_and_wait_for_zone(self):
name = dns_data_utils.rand_zone_name('testimport')
zonefile = dns_data_utils.rand_zonefile_data(name=name)
LOG.info('Import zone %r', name)
_, zone_import = self.client.create_zone_import(zonefile)
self.addCleanup(self.client.delete_zone_import, zone_import['id'])
LOG.info('Wait for the zone import to COMPLETE')
waiters.wait_for_zone_import_status(self.client, zone_import['id'],
"COMPLETE")
LOG.info('Check the zone import looks good')
_, zone_import = self.client.show_zone_import(zone_import['id'])
self.addCleanup(self.wait_zone_delete,
self.zones_client,
zone_import['zone_id'])
self.assertEqual('COMPLETE', zone_import['status'])
self.assertIsNotNone(zone_import['zone_id'])
self.assertIsNotNone(zone_import['links'].get('zone'))
LOG.info('Wait for the imported zone to go to ACTIVE')
waiters.wait_for_zone_status(self.zones_client, zone_import['zone_id'],
"ACTIVE")
LOG.info('Check the imported zone looks good')
_, zone = self.zones_client.show_zone(zone_import['zone_id'])
self.assertEqual('NONE', zone['action'])
self.assertEqual('ACTIVE', zone['status'])
self.assertEqual(name, zone['name'])
def test_show_import_impersonate_another_project(self):
LOG.info('Import zone "A" using primary client')
zone_name = dns_data_utils.rand_zone_name(
name="show_zone_import_impersonate", suffix=self.tld_name)
zone_data = dns_data_utils.rand_zonefile_data(name=zone_name)
zone_import = self.client.create_zone_import(
zonefile_data=zone_data)[1]
self.addCleanup(self.clean_up_resources, zone_import['id'])
# Make sure we complete the import and have the zone_id for cleanup
waiters.wait_for_zone_import_status(self.client, zone_import['id'],
const.COMPLETE)
LOG.info('Show a zone import for a Primary tenant, using Alt tenant. '
'Expected:404 NotFound')
self.assertRaises(
lib_exc.NotFound,
lambda: self.alt_client.show_zone_import(zone_import['id']))
LOG.info('Show a zone import for a Primary tenant using Alt tenant '
'and "x-auth-sudo-project-id" HTTP header. '
'Expected:403 Forbidden')
self.assertRaises(
lib_exc.Forbidden, lambda: self.alt_client.show_zone_import(
zone_import['id'],
headers={'x-auth-sudo-project-id': zone_import['project_id']}))
LOG.info('Show a zone import for a Primary tenant, using Admin '
'tenant and "x-auth-sudo-project-id" HTTP header.')
resp_body = self.admin_client.show_zone_import(
uuid=None,
headers={'x-auth-sudo-project-id': zone_import['project_id']})[1]
LOG.info('Show a zone import for a Primary tenant, using Admin '
'tenant without "x-auth-sudo-project-id" HTTP header. '
'Expected:404 NotFound')
self.assertRaises(
lib_exc.NotFound,
lambda: self.admin_client.show_zone_import(zone_import['id']))
LOG.info('Ensure that the shown response matches the expected one')
self.assertExpected(zone_import, resp_body['imports'][0],
self.excluded_keys)
# Test with x-auth-sudo-project-id header
if CONF.dns_feature_enabled.enforce_new_defaults:
expected_allowed = ['os_system_admin']
else:
expected_allowed = ['os_admin']
self.check_list_show_RBAC_enforcement(
'ZoneImportsClient',
'show_zone_import',
expected_allowed,
False,
zone_import['id'],
headers={'x-auth-sudo-project-id': self.client.project_id})
def test_create_zone_import_invalid_ttl(self):
LOG.info('Try to create a zone import using invalid TTL value')
zone_name = dns_data_utils.rand_zone_name(
name="create_zone_import_invalid_ttl", suffix=self.tld_name)
zone_data = dns_data_utils.rand_zonefile_data(name=zone_name,
ttl='zahlabut')
zone_import = self.client.create_zone_import(
zonefile_data=zone_data)[1]
self.addCleanup(self.clean_up_resources, zone_import['id'])
waiters.wait_for_zone_import_status(self.client, zone_import['id'],
"ERROR")
def test_list_import_zones_all_projects(self):
LOG.info('Create import zone "A" using primary client')
zone_name = dns_data_utils.rand_zone_name(
name="_zone_imports_all_projects", suffix=self.tld_name)
zone_data = dns_data_utils.rand_zonefile_data(name=zone_name)
zone_import = self.client.create_zone_import(
zonefile_data=zone_data)[1]
self.addCleanup(self.clean_up_resources, zone_import['id'])
# Make sure we complete the import and have the zone_id for cleanup
waiters.wait_for_zone_import_status(self.client, zone_import['id'],
const.COMPLETE)
LOG.info('As Alt user list import zones for a Primary tenant, '
'using "x-auth-sudo-project-id" HTTP header. '
'Expected: 403 Forbidden')
self.assertRaises(
lib_exc.Forbidden, lambda: self.alt_client.list_zone_imports(
headers={'x-auth-sudo-project-id': zone_import['project_id']}))
LOG.info('As Alt tenant list zone imports for all projects, using '
'"x-auth-all-projects" HTTP header, Expected: 403 Forbidden')
self.assertRaises(
lib_exc.Forbidden, lambda: self.alt_client.list_zone_imports(
headers=self.all_projects_header))
LOG.info('As Admin tenant list import zones for all projects')
# Note: This is an all-projects list call, so other tests running
# in parallel will impact the list result set. Since the default
# pagination limit is only 20, we set a param limit of 1000 here.
body = self.admin_client.list_zone_imports(
headers=self.all_projects_header, params={'limit':
1000})[1]['imports']
LOG.info('Ensure the fetched response includes previously '
'created import ID')
listed_zone_import_ids = [item['id'] for item in body]
self.assertIn(
zone_import['id'], listed_zone_import_ids,
"Failed, expected import ID:{} wasn't found in "
"listed import IDs".format(zone_import['id'],
listed_zone_import_ids))
# Test RBAC with x-auth-all-projects
if CONF.dns_feature_enabled.enforce_new_defaults:
expected_allowed = ['os_system_admin']
else:
expected_allowed = ['os_admin']
self.check_list_IDs_RBAC_enforcement('ZoneImportsClient',
'list_zone_imports',
expected_allowed,
[zone_import['id']],
headers=self.all_projects_header)
def test_list_zones_imports(self):
LOG.info('Create a zone import')
zone_name = dns_data_utils.rand_zone_name(name="list_zone_imports",
suffix=self.tld_name)
zone_data = dns_data_utils.rand_zonefile_data(name=zone_name)
zone_import = self.client.create_zone_import(
zonefile_data=zone_data)[1]
self.addCleanup(self.clean_up_resources, zone_import['id'])
# Make sure we complete the import and have the zone_id for cleanup
waiters.wait_for_zone_import_status(self.client, zone_import['id'],
const.COMPLETE)
LOG.info('List zones imports')
body = self.client.list_zone_imports()[1]
self.assertGreater(len(body['imports']), 0)
# TODO(johnsom) Test reader role once this bug is fixed:
# https://bugs.launchpad.net/tempest/+bug/1964509
# Test RBAC - Users that are allowed to call list, but should get
# zero zones.
if CONF.dns_feature_enabled.enforce_new_defaults:
expected_allowed = [
'os_system_admin', 'os_system_reader', 'os_admin',
'os_project_member', 'os_project_reader'
]
else:
expected_allowed = ['os_alt']
self.check_list_RBAC_enforcement_count('ZoneImportsClient',
'list_zone_imports',
expected_allowed, 0)
# Test that users who should see the zone, can see it.
expected_allowed = ['os_primary']
self.check_list_IDs_RBAC_enforcement('ZoneImportsClient',
'list_zone_imports',
expected_allowed,
[zone_import['id']])
# Test RBAC with x-auth-sudo-project-id header
if CONF.dns_feature_enabled.enforce_new_defaults:
expected_allowed = ['os_system_admin']
else:
expected_allowed = ['os_admin']
self.check_list_IDs_RBAC_enforcement(
'ZoneImportsClient',
'list_zone_imports',
expected_allowed, [zone_import['id']],
headers={'x-auth-sudo-project-id': self.client.project_id})
def test_delete_zone_import(self):
LOG.info('Create a zone import')
zone_name = dns_data_utils.rand_zone_name(name="delete_zone_import",
suffix=self.tld_name)
zone_data = dns_data_utils.rand_zonefile_data(name=zone_name)
zone_import = self.client.create_zone_import(
zonefile_data=zone_data)[1]
waiters.wait_for_zone_import_status(self.client, zone_import['id'],
const.COMPLETE)
zone_import = self.client.show_zone_import(zone_import['id'])[1]
self.addCleanup(self.wait_zone_delete, self.zone_client,
zone_import['zone_id'])
# Test RBAC
expected_allowed = ['os_admin', 'os_primary']
if CONF.dns_feature_enabled.enforce_new_defaults:
expected_allowed.append('os_system_admin')
self.check_CUD_RBAC_enforcement('ZoneImportsClient',
'delete_zone_import', expected_allowed,
True, zone_import['id'])
# Test RBAC with x-auth-all-projects and x-auth-sudo-project-id header
expected_allowed = ['os_admin', 'os_primary']
if CONF.dns_feature_enabled.enforce_new_defaults:
expected_allowed.append('os_system_admin')
self.check_CUD_RBAC_enforcement('ZoneImportsClient',
'delete_zone_import',
expected_allowed,
False,
zone_import['id'],
headers=self.all_projects_header)
self.check_CUD_RBAC_enforcement(
'ZoneImportsClient',
'delete_zone_import',
expected_allowed,
False,
zone_import['id'],
headers={'x-auth-sudo-project-id': self.client.project_id})
LOG.info('Delete the zone')
resp, body = self.client.delete_zone_import(zone_import['id'])
LOG.info('Ensure successful deletion of imported zones')
self.assertRaises(
lib_exc.NotFound,
lambda: self.client.show_zone_import(zone_import['id']))
def test_create_zone_import(self):
LOG.info('Create a zone import')
zone_name = dns_data_utils.rand_zone_name(name="create_zone_import",
suffix=self.tld_name)
zone_data = dns_data_utils.rand_zonefile_data(name=zone_name)
zone_import = self.client.create_zone_import(
zonefile_data=zone_data)[1]
self.addCleanup(self.clean_up_resources, zone_import['id'])
# Make sure we complete the import and have the zone_id for cleanup
waiters.wait_for_zone_import_status(self.client, zone_import['id'],
const.COMPLETE)
# Test with no extra header overrides (sudo-project-id)
expected_allowed = ['os_admin', 'os_primary', 'os_alt']
if CONF.dns_feature_enabled.enforce_new_defaults:
expected_allowed.append('os_system_admin')
expected_allowed.append('os_project_member')
self.check_CUD_RBAC_enforcement('ZoneImportsClient',
'create_zone_import', expected_allowed,
False)
def create_zone_import(self, zonefile_data=None,
params=None, wait_until=None):
"""Create a zone import.
:param zonefile_data: A tuple that represents zone data.
:param params: A Python dict that represents the query paramaters to
include in the request URI.
:return: Serialized imported zone as a dictionary.
"""
headers = {'Content-Type': 'text/dns'}
zone_data = zonefile_data or dns_data_utils.rand_zonefile_data()
resp, body = self._create_request(
'zones/tasks/imports', zone_data, headers=headers)
# Create Zone should Return a HTTP 202
self.expected_success(202, resp.status)
if wait_until:
waiters.wait_for_zone_import_status(self, body['id'], wait_until)
return resp, body
def test_show_zone_import(self):
LOG.info('Create a zone import')
zone_name = dns_data_utils.rand_zone_name(name="show_zone_import",
suffix=self.tld_name)
zone_data = dns_data_utils.rand_zonefile_data(name=zone_name)
zone_import = self.client.create_zone_import(
zonefile_data=zone_data)[1]
self.addCleanup(self.clean_up_resources, zone_import['id'])
# Make sure we complete the import and have the zone_id for cleanup
waiters.wait_for_zone_import_status(self.client, zone_import['id'],
const.COMPLETE)
LOG.info('Re-Fetch the zone import')
resp, body = self.client.show_zone_import(zone_import['id'])
LOG.info('Ensure the fetched response matches the expected one')
self.assertExpected(zone_import, body, self.excluded_keys)
# TODO(johnsom) Test reader roles once this bug is fixed.
# https://bugs.launchpad.net/tempest/+bug/1964509
# Test with no extra header overrides (all_projects, sudo-project-id)
expected_allowed = ['os_primary']
self.check_list_show_RBAC_enforcement('ZoneImportsClient',
'show_zone_import',
expected_allowed, True,
zone_import['id'])
# Test with x-auth-all-projects
if CONF.dns_feature_enabled.enforce_new_defaults:
expected_allowed = ['os_system_admin']
else:
expected_allowed = ['os_admin']
self.check_list_show_RBAC_enforcement('ZoneImportsClient',
'show_zone_import',
expected_allowed,
False,
zone_import['id'],
headers=self.all_projects_header)
def create_zone_import(self,
zonefile_data=None,
params=None,
wait_until=None):
"""Create a zone import.
:param zonefile_data: A tuple that represents zone data.
:param params: A Python dict that represents the query paramaters to
include in the request URI.
:return: Serialized imported zone as a dictionary.
"""
headers = {'Content-Type': 'text/dns'}
zone_data = zonefile_data or dns_data_utils.rand_zonefile_data()
resp, body = self._create_request('zones/tasks/imports',
zone_data,
headers=headers)
# Create Zone should Return a HTTP 202
self.expected_success(202, resp.status)
if wait_until:
waiters.wait_for_zone_import_status(self, body['id'], wait_until)
return resp, body