class ListBatchChangeSummariesTestContext():
def __init__(self, shared_zone_test_context):
# Note: this fixture is designed so it will load summaries instead of creating them
self.client = VinylDNSClient(VinylDNSTestContext.vinyldns_url,
'listBatchSummariesAccessKey',
'listBatchSummariesSecretKey')
self.completed_changes = []
self.to_delete = None
acl_rule = generate_acl_rule('Write', userId='list-batch-summaries-id')
add_ok_acl_rules(shared_zone_test_context, [acl_rule])
initial_db_check = self.client.list_batch_change_summaries(status=200)
self.group = self.client.get_group('list-summaries-group', status=200)
batch_change_input_one = {
"comments": "first",
"changes": [get_change_CNAME_json("test-first.ok.", cname="one.")]
}
batch_change_input_two = {
"comments": "second",
"changes":
[get_change_CNAME_json("test-second.ok.", cname="two.")]
}
batch_change_input_three = {
"comments": "last",
"changes":
[get_change_CNAME_json("test-last.ok.", cname="three.")]
}
batch_change_inputs = [
batch_change_input_one, batch_change_input_two,
batch_change_input_three
]
record_set_list = []
self.completed_changes = []
if len(initial_db_check['batchChanges']) == 0:
print "\r\n!!! CREATING NEW SUMMARIES"
# make some batch changes
for input in batch_change_inputs:
change = self.client.create_batch_change(input, status=202)
if 'Review' not in change['status']:
completed = self.client.wait_until_batch_change_completed(
change)
assert_that(completed["comments"],
equal_to(input["comments"]))
record_set_list += [(change['zoneId'],
change['recordSetId'])
for change in completed['changes']]
# sleep for consistent ordering of timestamps, must be at least one second apart
time.sleep(1)
self.completed_changes = self.client.list_batch_change_summaries(
status=200)['batchChanges']
assert_that(len(self.completed_changes),
equal_to(len(batch_change_inputs)))
else:
print "\r\n!!! USING EXISTING SUMMARIES"
self.completed_changes = initial_db_check['batchChanges']
self.to_delete = set(record_set_list)
def tear_down(self, shared_zone_test_context):
for result_rs in self.to_delete:
delete_result = shared_zone_test_context.ok_vinyldns_client.delete_recordset(
result_rs[0], result_rs[1], status=202)
shared_zone_test_context.ok_vinyldns_client.wait_until_recordset_change_status(
delete_result, 'Complete')
clear_ok_acl_rules(shared_zone_test_context)
def check_batch_change_summaries_page_accuracy(self,
summaries_page,
size,
next_id=False,
start_from=False,
max_items=100,
approval_status=False):
# validate fields
if next_id:
assert_that(summaries_page, has_key('nextId'))
else:
assert_that(summaries_page, is_not(has_key('nextId')))
if start_from:
assert_that(summaries_page['startFrom'], is_(start_from))
else:
assert_that(summaries_page, is_not(has_key('startFrom')))
if approval_status:
assert_that(summaries_page, has_key('approvalStatus'))
else:
assert_that(summaries_page, is_not(has_key('approvalStatus')))
assert_that(summaries_page['maxItems'], is_(max_items))
# validate actual page
list_batch_change_summaries = summaries_page['batchChanges']
assert_that(list_batch_change_summaries, has_length(size))
for i, summary in enumerate(list_batch_change_summaries):
assert_that(summary["userId"], equal_to("list-batch-summaries-id"))
assert_that(summary["userName"],
equal_to("list-batch-summaries-user"))
assert_that(
summary["comments"],
equal_to(self.completed_changes[i + start_from]["comments"]))
assert_that(
summary["createdTimestamp"],
equal_to(
self.completed_changes[i +
start_from]["createdTimestamp"]))
assert_that(
summary["totalChanges"],
equal_to(self.completed_changes[i +
start_from]["totalChanges"]))
assert_that(
summary["status"],
equal_to(self.completed_changes[i + start_from]["status"]))
assert_that(summary["id"],
equal_to(self.completed_changes[i + start_from]["id"]))
assert_that(summary, is_not(has_key("reviewerId")))
class SharedZoneTestContext(object):
"""
Creates multiple zones to test authorization / access to shared zones across users
"""
def __init__(self):
self.ok_vinyldns_client = VinylDNSClient(
VinylDNSTestContext.vinyldns_url, 'okAccessKey', 'okSecretKey')
self.dummy_vinyldns_client = VinylDNSClient(
VinylDNSTestContext.vinyldns_url, 'dummyAccessKey',
'dummySecretKey')
self.dummy_group = None
self.ok_group = None
self.tear_down(
) # ensures that the environment is clean before starting
try:
self.ok_group = self.ok_vinyldns_client.get_group("ok", status=200)
# in theory this shouldn't be needed, but getting 'user is not in group' errors on zone creation
self.confirm_member_in_group(self.ok_vinyldns_client,
self.ok_group)
dummy_group = {
'name': 'dummy-group',
'email': '*****@*****.**',
'description': 'this is a description',
'members': [{
'id': 'dummy'
}],
'admins': [{
'id': 'dummy'
}]
}
self.dummy_group = self.dummy_vinyldns_client.create_group(
dummy_group, status=200)
# in theory this shouldn't be needed, but getting 'user is not in group' errors on zone creation
self.confirm_member_in_group(self.dummy_vinyldns_client,
self.dummy_group)
ok_zone_change = self.ok_vinyldns_client.create_zone(
{
'name': 'ok.',
'email': '*****@*****.**',
'shared': False,
'adminGroupId': self.ok_group['id'],
'connection': {
'name': 'ok.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
},
'transferConnection': {
'name': 'ok.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
}
},
status=202)
self.ok_zone = ok_zone_change['zone']
dummy_zone_change = self.dummy_vinyldns_client.create_zone(
{
'name': 'dummy.',
'email': '*****@*****.**',
'shared': False,
'adminGroupId': self.dummy_group['id'],
'connection': {
'name': 'dummy.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
},
'transferConnection': {
'name': 'dummy.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
}
},
status=202)
self.dummy_zone = dummy_zone_change['zone']
ip6_reverse_zone_change = self.ok_vinyldns_client.create_zone(
{
'name': '1.9.e.f.c.c.7.2.9.6.d.f.ip6.arpa.',
'email': '*****@*****.**',
'shared': True,
'adminGroupId': self.ok_group['id'],
'connection': {
'name': 'ip6.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
},
'transferConnection': {
'name': 'ip6.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
}
},
status=202)
self.ip6_reverse_zone = ip6_reverse_zone_change['zone']
ip4_reverse_zone_change = self.ok_vinyldns_client.create_zone(
{
'name': '30.172.in-addr.arpa.',
'email': '*****@*****.**',
'shared': True,
'adminGroupId': self.ok_group['id'],
'connection': {
'name': 'ip4.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
},
'transferConnection': {
'name': 'ip4.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
}
},
status=202)
self.ip4_reverse_zone = ip4_reverse_zone_change['zone']
classless_base_zone_change = self.ok_vinyldns_client.create_zone(
{
'name': '2.0.192.in-addr.arpa.',
'email': '*****@*****.**',
'shared': False,
'adminGroupId': self.ok_group['id'],
'connection': {
'name': 'classless-base.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
},
'transferConnection': {
'name': 'classless-base.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
}
},
status=202)
self.classless_base_zone = classless_base_zone_change['zone']
classless_zone_delegation_change = self.ok_vinyldns_client.create_zone(
{
'name': '192/30.2.0.192.in-addr.arpa.',
'email': '*****@*****.**',
'shared': False,
'adminGroupId': self.ok_group['id'],
'connection': {
'name': 'classless.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
},
'transferConnection': {
'name': 'classless.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
}
},
status=202)
self.classless_zone_delegation_zone = classless_zone_delegation_change[
'zone']
system_test_zone_change = self.ok_vinyldns_client.create_zone(
{
'name': 'system-test.',
'email': '*****@*****.**',
'shared': True,
'adminGroupId': self.ok_group['id'],
'connection': {
'name': 'system-test.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
},
'transferConnection': {
'name': 'system-test.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
}
},
status=202)
self.system_test_zone = system_test_zone_change['zone']
# parent zone gives access to the dummy user, dummy user cannot manage ns records
parent_zone_change = self.ok_vinyldns_client.create_zone(
{
'name': 'parent.com.',
'email': '*****@*****.**',
'shared': False,
'adminGroupId': self.ok_group['id'],
'acl': {
'rules': [{
'accessLevel': 'Delete',
'description': 'some_test_rule',
'userId': 'dummy'
}]
},
'connection': {
'name': 'parent.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
},
'transferConnection': {
'name': 'parent.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
}
},
status=202)
self.parent_zone = parent_zone_change['zone']
# wait until our zones are created
self.ok_vinyldns_client.wait_until_zone_exists(
system_test_zone_change)
self.ok_vinyldns_client.wait_until_zone_exists(ok_zone_change)
self.dummy_vinyldns_client.wait_until_zone_exists(
dummy_zone_change)
self.ok_vinyldns_client.wait_until_zone_exists(
ip6_reverse_zone_change)
self.ok_vinyldns_client.wait_until_zone_exists(
ip4_reverse_zone_change)
self.ok_vinyldns_client.wait_until_zone_exists(
classless_base_zone_change)
self.ok_vinyldns_client.wait_until_zone_exists(
classless_zone_delegation_change)
self.ok_vinyldns_client.wait_until_zone_exists(
system_test_zone_change)
self.ok_vinyldns_client.wait_until_zone_exists(parent_zone_change)
# validate all in there
zones = self.dummy_vinyldns_client.list_zones()['zones']
assert_that(len(zones), is_(2))
zones = self.ok_vinyldns_client.list_zones()['zones']
assert_that(len(zones), is_(7))
except:
# teardown if there was any issue in setup
try:
self.tear_down()
except:
pass
raise
def tear_down(self):
"""
The ok_vinyldns_client is a zone admin on _all_ the zones.
We shouldn't have to do any checks now, as zone admins have full rights to all zones, including
deleting all records (even in the old shared model)
"""
clear_zones(self.dummy_vinyldns_client)
clear_zones(self.ok_vinyldns_client)
clear_groups(self.dummy_vinyldns_client)
clear_groups(self.ok_vinyldns_client, exclude=['ok'])
# reset ok_group
ok_group = {
'id': 'ok',
'name': 'ok',
'email': '*****@*****.**',
'description': 'this is a description',
'members': [{
'id': 'ok'
}],
'admins': [{
'id': 'ok'
}]
}
self.ok_vinyldns_client.update_group(ok_group['id'],
ok_group,
status=200)
def confirm_member_in_group(self, client, group):
retries = 2
success = group in client.list_all_my_groups(status=200)
while retries >= 0 and not success:
success = group in client.list_all_my_groups(status=200)
time.sleep(.05)
retries -= 1
assert_that(success, is_(True))
