def test_create_tsigkey_for_zone(self):
LOG.info('Create a resource')
zone_name = dns_data_utils.rand_zone_name(
name="create_tsigkey_for_zone", suffix=self.tld_name)
zone = self.zone_client.create_zone(name=zone_name)[1]
self.addCleanup(self.wait_zone_delete, self.zone_client, zone['id'])
tsigkey_data = {
"name":
dns_data_utils.rand_zone_name('test_create_tsigkey_for_zone'),
"algorithm": "hmac-sha256",
"secret": "SomeSecretKey",
"scope": "ZONE",
"resource_id": zone['id']
}
LOG.info('Create a tsigkey')
tsigkey = self.admin_client.create_tsigkey(tsigkey_data['resource_id'],
tsigkey_data['name'],
tsigkey_data['algorithm'],
tsigkey_data['secret'],
tsigkey_data['scope'])[1]
self.addCleanup(self.admin_client.delete_tsigkey, tsigkey['id'])
self.assertEqual(tsigkey_data["name"], tsigkey['name'])
self.assertEqual(tsigkey_data["scope"], 'ZONE')
def test_admin_creates_zone_matches_blacklist_name_or_regex(self):
LOG.info('Create a blacklists using: regex and exact string(name)')
zone_name = dns_data_utils.rand_zone_name(
name="admin_creates_zone_matches_blacklist1", suffix=self.tld_name)
blacklists = [{
'pattern': '^blacklistnameregextest2.*',
'description': 'Zone starts with "a" char'
}, {
'pattern': zone_name,
'description': 'Deny if Zone named:{} '.format(zone_name)
}]
for blacklist in blacklists:
body = self.admin_blacklist_client.create_blacklist(**blacklist)[1]
self.addCleanup(self.admin_blacklist_client.delete_blacklist,
body['id'])
LOG.info('As Admin user try to create zones that are '
'supposed to be blocked')
zone_name2 = dns_data_utils.rand_zone_name(
name="admin_creates_zone_matches_blacklist2", suffix=self.tld_name)
zone = self.admin_zone_client.create_zone(
name=zone_name2, project_id=self.primary_zone_client.project_id)[1]
self.addCleanup(self.wait_zone_delete, self.admin_zone_client,
zone['id'])
zone = self.admin_zone_client.create_zone(
name=zone_name, project_id=self.primary_zone_client.project_id)[1]
self.addCleanup(self.wait_zone_delete, self.admin_zone_client,
zone['id'])
def resource_setup(cls):
super(RecordsetsTest, cls).resource_setup()
zone_id = CONF.dns.zone_id
if zone_id:
LOG.info('Retrieve info from a zone')
_, zone = cls.client.show_zone(zone_id)
else:
# Make sure we have an allowed TLD available
tld_name = dns_data_utils.rand_zone_name(name="RecordsetsTest")
cls.tld_name = f".{tld_name}"
cls.class_tld = cls.admin_tld_client.create_tld(
tld_name=tld_name[:-1])
LOG.info('Create a new zone')
zone_name = dns_data_utils.rand_zone_name(
name="recordsets_test_setup", suffix=cls.tld_name)
zone = cls.client.create_zone(name=zone_name)[1]
cls.addClassResourceCleanup(
test_utils.call_and_ignore_notfound_exc,
cls.client.delete_zone, zone['id'])
LOG.info('Ensure we respond with ACTIVE')
waiters.wait_for_zone_status(cls.client, zone['id'], 'ACTIVE')
cls.zone = zone
def test_list_zone_exports_filter_results(self):
LOG.info('Create a primary zone and its export')
zone_name = dns_data_utils.rand_zone_name(
name='list_zone_exports_filter', suffix=self.tld_name)
primary_zone = self.zone_client.create_zone(name=zone_name)[1]
self.addCleanup(
self.wait_zone_delete, self.zone_client, primary_zone['id'])
primary_export = self.client.create_zone_export(primary_zone['id'])[1]
self.addCleanup(self.client.delete_zone_export, primary_export['id'])
LOG.info('Create an alt zone, its export and delete it')
zone_name = dns_data_utils.rand_zone_name(
name='list_zone_exports_filter_alt', suffix=self.tld_name)
alt_zone = self.alt_zone_client.create_zone(name=zone_name)[1]
self.addCleanup(
self.wait_zone_delete, self.alt_zone_client, alt_zone['id'])
alt_export = self.alt_client.create_zone_export(alt_zone['id'])[1]
self.alt_client.delete_zone_export(alt_export['id'])
LOG.info('Ensure the zone export has been successfully deleted')
self.assertRaises(
lib_exc.NotFound,
self.alt_client.show_zone_export,
alt_export['id'])
LOG.info('Filter out "export zones" in status:ZAHLABUT,'
' expected: empty list')
self.assertEqual(
[], self.admin_client.list_zone_exports(
headers=self.all_projects_header,
params={'status': 'ZAHLABUT'})[1]['exports'],
'Failed, filtered result is expected to be empty.')
LOG.info('Filter out "export zones" with message:ZABABUN,'
' expected: empty list')
self.assertEqual(
[], self.admin_client.list_zone_exports(
headers=self.all_projects_header,
params={'message': 'ZABABUN'})[1]['exports'],
'Failed, filtered result is expected to be empty.')
LOG.info('Filter out "export zones" that have been created for '
'a primary zone. Expected: single zone export is listed')
self.assertEqual(
1, len(self.admin_client.list_zone_exports(
headers=self.all_projects_header,
params={'zone_id': primary_zone['id']})[1]['exports']),
'Failed, filtered result should contain a single zone '
'(primary zone export)')
LOG.info('Filter out "export zones" that have been created for '
'an alt zone expected: empty list (it was deleted)')
self.assertEqual(
[], self.admin_client.list_zone_exports(
headers=self.all_projects_header,
params={'zone_id': alt_zone['id']})[1]['exports'],
'Failed, filtered result should be empty.')
def resource_setup(cls):
super(BaseRecordsetsTest, cls).resource_setup()
# Make sure we have an allowed TLD available
tld_name = dns_data_utils.rand_zone_name(name="BaseRecordsetsTest")
cls.tld_name = f".{tld_name}"
cls.class_tld = cls.admin_tld_client.create_tld(tld_name=tld_name[:-1])
# All the recordset tests need a zone, create one to share
zone_name = dns_data_utils.rand_zone_name(name="TestZone",
suffix=cls.tld_name)
LOG.info('Create a zone: %s', zone_name)
cls.zone = cls.zone_client.create_zone(name=zone_name)[1]
def zone(self):
if self._zone is None:
tld_name = dns_data_utils.rand_zone_name(
name="recordsetvalidation")
self.class_tld = self.admin_tld_client.create_tld(
tld_name=tld_name[:-1])
zone_name = dns_data_utils.rand_zone_name(name="TestZone",
suffix=f'.{tld_name}')
zone_data = dns_data_utils.rand_zone_data(name=zone_name)
resp, body = self.zones_client.create_zone(**zone_data)
self._zone = body
self.addCleanup(self.wait_zone_delete, self.zones_client,
body['id'])
return self._zone
def test_create_zones(self):
# Create a PRIMARY zone
LOG.info('Create a PRIMARY zone')
zone_name = dns_data_utils.rand_zone_name(name="create_zones_primary",
suffix=self.tld_name)
zone = self.client.create_zone(name=zone_name)[1]
self.addCleanup(self.wait_zone_delete, self.client, zone['id'])
LOG.info('Ensure we respond with CREATE+PENDING')
self.assertEqual(const.CREATE, zone['action'])
self.assertEqual(const.PENDING, zone['status'])
# Get the Name Servers (hosts) created in PRIMARY zone
nameservers = self.client.show_zone_nameservers(zone['id'])[1]
nameservers = [dic['hostname'] for dic in nameservers['nameservers']]
# Create a SECONDARY zone
LOG.info('Create a SECONDARY zone')
zone_name = dns_data_utils.rand_zone_name(
name="create_zones_secondary", suffix=self.tld_name)
zone = self.client.create_zone(name=zone_name,
zone_type=const.SECONDARY_ZONE_TYPE,
primaries=nameservers)[1]
self.addCleanup(self.wait_zone_delete, self.client, zone['id'])
LOG.info('Ensure we respond with CREATE+PENDING')
self.assertEqual(const.CREATE, zone['action'])
self.assertEqual(const.PENDING, zone['status'])
# Test with no extra header overrides (sudo-project-id)
expected_allowed = ['os_admin', 'os_primary', 'os_alt']
if CONF.dns_feature_enabled.enforce_new_defaults:
expected_allowed.append('os_system_admin')
expected_allowed.append('os_project_member')
self.check_CUD_RBAC_enforcement('ZonesClient', 'create_zone',
expected_allowed, False)
# Test with x-auth-sudo-project-id header
expected_allowed = ['os_admin']
if CONF.dns_feature_enabled.enforce_new_defaults:
expected_allowed.append('os_system_admin')
self.check_CUD_RBAC_enforcement('ZonesClient',
'create_zone',
expected_allowed,
False,
project_id=self.client.project_id)
def test_show_zone_export_impersonate_another_project(self):
LOG.info('Create a zone')
zone_name = dns_data_utils.rand_zone_name(
name='show_zone_export_impersonate', suffix=self.tld_name)
zone = self.zone_client.create_zone(name=zone_name)[1]
self.addCleanup(self.wait_zone_delete, self.zone_client, zone['id'])
LOG.info('Create a zone export using primary client')
resp, zone_export = self.client.create_zone_export(zone['id'])
self.addCleanup(self.client.delete_zone_export, zone_export['id'])
LOG.info('Impersonate "primary" client, to show created zone exports')
body = self.admin_client.show_zone_export(uuid=None, headers={
'x-auth-sudo-project-id': zone['project_id']})[1]['exports']
listed_export_ids = [item['id'] for item in body]
LOG.info('Ensure that the fetched response, contains the ID '
'for a zone export created by primary client.')
self.assertIn(
zone_export['id'], listed_export_ids,
'Failed, expected ID:{} was not found in listed export zones '
'for a primary client: {}'.format(
zone_export['id'], listed_export_ids))
# Test RBAC with x-auth-sudo-project-id header
if CONF.dns_feature_enabled.enforce_new_defaults:
expected_allowed = ['os_system_admin']
else:
expected_allowed = ['os_admin']
self.check_list_show_RBAC_enforcement(
'ZoneExportsClient', 'show_zone_export', expected_allowed, True,
zone_export['id'],
headers={'x-auth-sudo-project-id': self.client.project_id})
def test_create_transfer_accept_using_deleted_transfer_request_id(self):
LOG.info('Create a zone')
zone_name = dns_data_utils.rand_zone_name(
name="create_transfer_accept_deleted_id", suffix=self.tld_name)
zone = self.zone_client.create_zone(name=zone_name,
wait_until='ACTIVE')[1]
self.addCleanup(self.wait_zone_delete, self.zone_client, zone['id'])
LOG.info('Create a zone transfer_request')
transfer_request = self.request_client.create_transfer_request(
zone['id'])[1]
self.addCleanup(
self.transfer_request_delete,
self.request_client,
transfer_request['id']
)
data = {
"key": transfer_request['key'],
"zone_transfer_request_id": transfer_request['id']
}
LOG.info('Delete transfer request')
self.request_client.delete_transfer_request(transfer_request['id'])
LOG.info('Ensure 404 when accepting non existing request ID')
self.assertRaises(lib_exc.NotFound,
lambda: self.client.create_transfer_accept(data))
def test_create_transfer_accept_using_invalid_key(self):
LOG.info('Create a zone')
zone_name = dns_data_utils.rand_zone_name(
name="create_transfer_accept_invalid_key", suffix=self.tld_name)
zone = self.zone_client.create_zone(name=zone_name,
wait_until='ACTIVE')[1]
self.addCleanup(self.wait_zone_delete, self.zone_client, zone['id'])
LOG.info('Create a zone transfer_request')
transfer_request = self.request_client.create_transfer_request(
zone['id'])[1]
self.addCleanup(
self.transfer_request_delete,
self.request_client,
transfer_request['id']
)
data = {"key": data_utils.rand_password(
len(transfer_request['key'])),
"zone_transfer_request_id": transfer_request['id']}
LOG.info('Create a zone transfer_accept using invalid key')
self.assertRaises(
lib_exc.Forbidden, self.client.create_transfer_accept,
transfer_accept_data=data)
def test_delete_transfer_request(self):
LOG.info('Create a zone')
zone_name = dns_data_utils.rand_zone_name(
name="delete_transfer_request", suffix=self.tld_name)
zone = self.zone_client.create_zone(name=zone_name)[1]
self.addCleanup(self.wait_zone_delete, self.zone_client, zone['id'])
LOG.info('Create a transfer_request')
transfer_request = self.client.create_transfer_request(zone['id'])[1]
self.addCleanup(self.client.delete_transfer_request,
transfer_request['id'],
ignore_errors=lib_exc.NotFound)
# Test RBAC
expected_allowed = ['os_admin', 'os_primary', 'os_alt']
if CONF.dns_feature_enabled.enforce_new_defaults:
expected_allowed.append('os_system_admin')
expected_allowed.append('os_project_member')
self.check_CUD_RBAC_enforcement('TransferRequestClient',
'delete_transfer_request',
expected_allowed, True,
transfer_request['id'])
LOG.info('Delete the transfer_request')
self.client.delete_transfer_request(transfer_request['id'])
self.assertRaises(
lib_exc.NotFound,
lambda: self.client.show_transfer_request(transfer_request['id']))
def test_show_transfer_request_impersonate_another_project(self):
LOG.info('Create a zone')
zone_name = dns_data_utils.rand_zone_name(
name="show_transfer_request_impersonate", suffix=self.tld_name)
zone = self.zone_client.create_zone(name=zone_name)[1]
self.addCleanup(self.wait_zone_delete, self.zone_client, zone['id'])
LOG.info('Create a zone transfer_request')
transfer_request = self.client.create_transfer_request(zone['id'])[1]
self.addCleanup(self.client.delete_transfer_request,
transfer_request['id'])
LOG.info('As Admin tenant fetch the transfer_request without using '
'"x-auth-sudo-project-id" HTTP header. Expected: 404')
self.assertRaises(
lib_exc.NotFound, lambda: self.admin_client.show_transfer_request(
transfer_request['id']))
LOG.info('As Admin tenant fetch the transfer_request using '
'"x-auth-sudo-project-id" HTTP header.')
body = self.admin_client.show_transfer_request(
transfer_request['id'],
headers={'x-auth-sudo-project-id': zone['project_id']})[1]
LOG.info('Ensure the fetched response matches the '
'created transfer_request')
self.assertExpected(transfer_request, body, self.excluded_keys)
def test_create_zone_import_and_wait_for_zone(self):
name = dns_data_utils.rand_zone_name('testimport')
zonefile = dns_data_utils.rand_zonefile_data(name=name)
LOG.info('Import zone %r', name)
_, zone_import = self.client.create_zone_import(zonefile)
self.addCleanup(self.client.delete_zone_import, zone_import['id'])
LOG.info('Wait for the zone import to COMPLETE')
waiters.wait_for_zone_import_status(self.client, zone_import['id'],
"COMPLETE")
LOG.info('Check the zone import looks good')
_, zone_import = self.client.show_zone_import(zone_import['id'])
self.addCleanup(self.wait_zone_delete,
self.zones_client,
zone_import['zone_id'])
self.assertEqual('COMPLETE', zone_import['status'])
self.assertIsNotNone(zone_import['zone_id'])
self.assertIsNotNone(zone_import['links'].get('zone'))
LOG.info('Wait for the imported zone to go to ACTIVE')
waiters.wait_for_zone_status(self.zones_client, zone_import['zone_id'],
"ACTIVE")
LOG.info('Check the imported zone looks good')
_, zone = self.zones_client.show_zone(zone_import['zone_id'])
self.assertEqual('NONE', zone['action'])
self.assertEqual('ACTIVE', zone['status'])
self.assertEqual(name, zone['name'])
def test_create_tsigkey_for_pool(self):
LOG.info('Get the valid pool ID from list of pools')
pool = self.pool_admin_client.list_pools()[1]['pools'][0]
LOG.info('Create a tsigkey')
tsigkey_data = {
"name": dns_data_utils.rand_zone_name('Example_Key'),
"algorithm": "hmac-sha256",
"secret": "SomeSecretKey",
"scope": "POOL",
"resource_id": pool['id']
}
tsigkey = self.admin_client.create_tsigkey(tsigkey_data['resource_id'],
tsigkey_data['name'],
tsigkey_data['algorithm'],
tsigkey_data['secret'],
tsigkey_data['scope'])[1]
self.addCleanup(self.admin_client.delete_tsigkey, tsigkey['id'])
self.assertEqual(tsigkey_data["name"], tsigkey['name'])
self.assertEqual(tsigkey_data["scope"], 'POOL')
# Test RBAC
expected_allowed = ['os_admin']
if CONF.dns_feature_enabled.enforce_new_defaults:
expected_allowed.append('os_system_admin')
self.check_CUD_RBAC_enforcement(
'TsigkeyClient', 'create_tsigkey', expected_allowed, False,
tsigkey_data['resource_id'], tsigkey_data['name'],
tsigkey_data['algorithm'], tsigkey_data['secret'],
tsigkey_data['scope'])
def test_create_zone_import_and_wait_for_zone(self):
name = dns_data_utils.rand_zone_name('testimport')
zonefile = dns_data_utils.rand_zonefile_data(name=name)
LOG.info('Import zone %r', name)
_, zone_import = self.client.create_zone_import(zonefile)
self.addCleanup(self.client.delete_zone_import, zone_import['id'])
LOG.info('Wait for the zone import to COMPLETE')
waiters.wait_for_zone_import_status(self.client, zone_import['id'],
"COMPLETE")
LOG.info('Check the zone import looks good')
_, zone_import = self.client.show_zone_import(zone_import['id'])
self.assertEqual('COMPLETE', zone_import['status'])
self.assertIsNotNone(zone_import['zone_id'])
self.assertIsNotNone(zone_import['links'].get('zone'))
LOG.info('Wait for the imported zone to go to ACTIVE')
waiters.wait_for_zone_status(self.zones_client, zone_import['zone_id'],
"ACTIVE")
LOG.info('Check the imported zone looks good')
_, zone = self.zones_client.show_zone(zone_import['zone_id'])
self.assertEqual('NONE', zone['action'])
self.assertEqual('ACTIVE', zone['status'])
self.assertEqual(name, zone['name'])
def test_update_tsigkey(self):
LOG.info('Create a resource')
zone_name = dns_data_utils.rand_zone_name(name="update_tsigkey",
suffix=self.tld_name)
zone = self.zone_client.create_zone(name=zone_name)[1]
self.addCleanup(self.wait_zone_delete, self.zone_client, zone['id'])
LOG.info('Create a tsigkey')
tsigkey = self.admin_client.create_tsigkey(resource_id=zone['id'])[1]
self.addCleanup(self.admin_client.delete_tsigkey, tsigkey['id'])
tsigkey_data = {"name": "Patch tsigkey", "secret": "NewSecretKey"}
LOG.info('Update the tsigkey')
patch_tsigkey = self.admin_client.update_tsigkey(
tsigkey['id'],
name=tsigkey_data['name'],
secret=tsigkey_data['secret'])[1]
self.assertEqual(tsigkey_data['name'], patch_tsigkey['name'])
self.assertEqual(tsigkey_data['secret'], patch_tsigkey['secret'])
# Test RBAC
expected_allowed = ['os_admin']
if CONF.dns_feature_enabled.enforce_new_defaults:
expected_allowed.append('os_system_admin')
self.check_CUD_RBAC_enforcement('TsigkeyClient',
'update_tsigkey',
expected_allowed,
False,
tsigkey['id'],
name=tsigkey_data['name'],
secret=tsigkey_data['secret'])
def test_list_tsigkey_filter_by_name(self):
tsigkey_name = data_utils.rand_name('ddd_tsgikey')
LOG.info('As Primary user create a zone for: {} '.format(tsigkey_name))
zone_name = dns_data_utils.rand_zone_name(
name="list_tsigkey_filter_name", suffix=self.tld_name)
zone = self.zone_client.create_zone(name=zone_name)[1]
self.addCleanup(self.wait_zone_delete, self.zone_client, zone['id'])
LOG.info('As Admin user create a tsigkey: {} '.format(tsigkey_name))
tsigkey = self.admin_client.create_tsigkey(resource_id=zone['id'],
name=tsigkey_name)[1]
self.addCleanup(self.admin_client.delete_tsigkey, tsigkey['id'])
LOG.info('As Admin, list all tsigkeys named:{}'.format(tsigkey_name))
listed_tsigkeys = self.admin_client.list_tsigkeys(
params={'name': tsigkey_name})[1]['tsigkeys']
self.assertEqual(
1, len(listed_tsigkeys),
'Failed, only a single tsigkey, named: {} should be '
'listed.'.format(tsigkey_name))
LOG.info('As Admin, list all tsigkeys named:"zababun"')
listed_tsigkeys = self.admin_client.list_tsigkeys(
params={'name': 'zababun'})[1]['tsigkeys']
self.assertEqual(0, len(listed_tsigkeys),
'Failed, no tsigkey should be listed')
def test_create_and_delete_zone(self):
LOG.info('Create a zone')
zone_name = dns_data_utils.rand_zone_name(
name="create_and_delete_zone", suffix=self.tld_name)
zone = self.client.create_zone(name=zone_name)[1]
self.addCleanup(self.wait_zone_delete,
self.client,
zone['id'],
ignore_errors=lib_exc.NotFound)
LOG.info('Ensure we respond with CREATE+PENDING')
self.assertEqual(const.CREATE, zone['action'])
self.assertEqual(const.PENDING, zone['status'])
waiters.wait_for_zone_status(self.client, zone['id'], const.ACTIVE)
LOG.info('Re-Fetch the zone')
zone = self.client.show_zone(zone['id'])[1]
LOG.info('Ensure we respond with NONE+ACTIVE')
self.assertEqual(const.NONE, zone['action'])
self.assertEqual(const.ACTIVE, zone['status'])
LOG.info('Delete the zone')
zone = self.client.delete_zone(zone['id'])[1]
LOG.info('Ensure we respond with DELETE+PENDING')
self.assertEqual(const.DELETE, zone['action'])
self.assertEqual(const.PENDING, zone['status'])
waiters.wait_for_zone_404(self.client, zone['id'])
def create_zone(self, name=None, email=None, ttl=None, description=None,
wait_until=False, params=None):
"""Create a zone with the specified parameters.
:param name: The name of the zone.
Default: Random Value
:param email: The email for the zone.
Default: Random Value
:param ttl: The ttl for the zone.
Default: Random Value
:param description: A description of the zone.
Default: Random Value
:param wait_until: Block until the zone reaches the desiered status
:param params: A Python dict that represents the query paramaters to
include in the request URI.
:return: A tuple with the server response and the created zone.
"""
zone = {
'name': name or dns_data_utils.rand_zone_name(),
'email': email or dns_data_utils.rand_email(),
'ttl': ttl or dns_data_utils.rand_ttl(),
'description': description or data_utils.rand_name('test-zone'),
}
resp, body = self._create_request('zones', zone, params=params)
# Create Zone should Return a HTTP 202
self.expected_success(202, resp.status)
if wait_until:
waiters.wait_for_zone_status(self, body['id'], wait_until)
return resp, body
def resource_setup(cls):
super(BaseZonesTest, cls).resource_setup()
# Make sure we have an allowed TLD available
tld_name = dns_data_utils.rand_zone_name(name="BaseZonesTest")
cls.tld_name = f".{tld_name}"
cls.class_tld = cls.admin_tld_client.create_tld(tld_name=tld_name[:-1])
def test_update_blacklist(self):
LOG.info('Create a blacklist')
_, blacklist = self.admin_client.create_blacklist()
self.addCleanup(self.admin_client.delete_blacklist, blacklist['id'])
LOG.info('Update the blacklist')
pattern = dns_data_utils.rand_zone_name()
description = data_utils.rand_name()
_, body = self.admin_client.update_blacklist(
uuid=blacklist['id'],
pattern=pattern,
description=description,
)
LOG.info('Ensure we response with updated values')
self.assertEqual(pattern, body['pattern'])
self.assertEqual(description, body['description'])
expected_allowed = ['os_admin']
if CONF.dns_feature_enabled.enforce_new_defaults:
expected_allowed = ['os_system_admin']
self.check_CUD_RBAC_enforcement(
'BlacklistsClient', 'update_blacklist', expected_allowed, False,
uuid=blacklist['id'], pattern=pattern, description=description)
def create_blacklist(self, pattern=None, description=None, params=None):
"""Create a blacklist
:param pattern: The blacklist pattern.
Default: Random Value
:param description: A description of the blacklist.
Default: Random Value
:param params: A Python dict that represents the query paramaters to
include in the request URI.
:return: A tuple with the server response and the created blacklist.
"""
blacklist = {
'pattern': pattern or dns_data_utils.rand_zone_name(),
'description': description or data_utils.rand_name(),
}
if pattern == '':
blacklist['pattern'] = ''
resp, body = self._create_request('blacklists',
blacklist,
params=params)
self.expected_success(201, resp.status)
return resp, body
def test_delete_zone_with_existing_recordset(self):
LOG.info('Create a Zone')
zone_name = dns_data_utils.rand_zone_name(name="TestZone",
suffix=self.tld_name)
zone = self.zone_client.create_zone(name=zone_name,
wait_until=const.ACTIVE)[1]
self.addCleanup(self.wait_zone_delete, self.zone_client, zone['id'])
LOG.info('Create a Recordset')
recordset_data = dns_data_utils.rand_recordset_data(
record_type='A', zone_name=zone['name'])
record = self.client.create_recordset(zone['id'],
recordset_data,
wait_until=const.ACTIVE)[1]
LOG.info("Delete a Zone and wait till it's done")
body = self.zone_client.delete_zone(zone['id'])[1]
LOG.info('Ensure we respond with DELETE+PENDING')
self.assertEqual(const.DELETE, body['action'])
self.assertEqual(const.PENDING, body['status'])
LOG.info('Ensure successful deletion of Zone')
waiters.wait_for_zone_404(self.zone_client, zone['id'])
LOG.info('Ensure successful deletion of Recordset')
self.assertRaises(
lib_exc.NotFound,
lambda: self.client.show_recordset(zone['id'], record['id']))
def update_blacklist(self,
uuid,
pattern=None,
description=None,
params=None):
"""Update a blacklist with the specified parameters.
:param uuid: The unique identifier of the blacklist.
:param pattern: The blacklist pattern.
Default: Random Value
:param description: A description of the blacklist.
Default: Random Value
:param params: A Python dict that represents the query paramaters to
include in the request URI.
:return: A tuple with the server response and the updated blacklist.
"""
blacklist = {
'pattern':
pattern or dns_data_utils.rand_zone_name(prefix='testdomain'),
'description':
description or data_utils.rand_name(),
}
resp, body = self._update_request('blacklists',
uuid,
blacklist,
params=params)
self.expected_success(200, resp.status)
return resp, body
def test_show_tsigkey(self):
LOG.info('Create a resource')
zone_name = dns_data_utils.rand_zone_name(name="show_tsigkey",
suffix=self.tld_name)
zone = self.zone_client.create_zone(name=zone_name)[1]
self.addCleanup(self.wait_zone_delete, self.zone_client, zone['id'])
LOG.info('Create a tsigkey')
tsigkey = self.admin_client.create_tsigkey(resource_id=zone['id'])[1]
self.addCleanup(self.admin_client.delete_tsigkey, tsigkey['id'])
LOG.info('Fetch the tsigkey')
body = self.admin_client.show_tsigkey(tsigkey['id'])[1]
LOG.info('Ensure the fetched response matches the created tsigkey')
self.assertExpected(tsigkey, body, self.excluded_keys)
# Test RBAC
expected_allowed = ['os_admin']
if CONF.dns_feature_enabled.enforce_new_defaults:
expected_allowed = ['os_system_admin', 'os_system_reader']
self.check_list_show_RBAC_enforcement('TsigkeyClient', 'show_tsigkey',
expected_allowed, True,
tsigkey['id'])
def test_manually_trigger_update_secondary_zone_negative(self):
# Create a PRIMARY zone
LOG.info('Create a PRIMARY zone')
zone_name = dns_data_utils.rand_zone_name(
name="manually_trigger_update_primary", suffix=self.tld_name)
pr_zone = self.client.create_zone(name=zone_name)[1]
self.addCleanup(self.wait_zone_delete, self.client, pr_zone['id'])
waiters.wait_for_zone_status(self.client, pr_zone['id'], 'ACTIVE')
LOG.info('Ensure we respond with CREATE+PENDING')
self.assertEqual('CREATE', pr_zone['action'])
self.assertEqual('PENDING', pr_zone['status'])
# Get the Name Servers created for a PRIMARY zone
nameservers = [
dic['hostname'] for dic in self.client.show_zone_nameservers(
pr_zone['id'])[1]['nameservers']
]
# Make sure that the nameservers are not available using DNS
# query and if it does, skip the test.
LOG.info('Check if NameServers are available, skip the test if not')
for ns in nameservers:
if self._query_nameserver(ns, 5, pr_zone['name'],
zone_type='SOA') is True:
raise self.skipException(
"Nameserver:{} is available, but negative test scenario "
"needs it to be unavailable, therefore test is "
"skipped.".format(ns.strip('.')))
# Create a SECONDARY zone
LOG.info('Create a SECONDARY zone')
zone_name = dns_data_utils.rand_zone_name(
name="manually_trigger_update_secondary", suffix=self.tld_name)
sec_zone = self.client.create_zone(name=zone_name,
zone_type=const.SECONDARY_ZONE_TYPE,
primaries=nameservers)[1]
self.addCleanup(self.wait_zone_delete, self.client, sec_zone['id'])
LOG.info('Ensure we respond with CREATE+PENDING')
self.assertEqual('CREATE', sec_zone['action'])
self.assertEqual('PENDING', sec_zone['status'])
# Manually trigger_update zone
LOG.info('Manually Trigger an Update of a Secondary Zone when the '
'nameservers not pingable. Expected: error status code 500')
with self.assertRaisesDns(lib_exc.ServerFault, 'unknown', 500):
self.client.trigger_manual_update(sec_zone['id'])
def test_list_transfer_requests_impersonate_another_project(self):
LOG.info('Create a Primary zone')
zone_name = dns_data_utils.rand_zone_name(
name="list_transfer_request_impersonate", suffix=self.tld_name)
primary_zone = self.zone_client.create_zone(name=zone_name)[1]
self.addCleanup(self.wait_zone_delete, self.zone_client,
primary_zone['id'])
LOG.info('Create an Alt zone')
alt_zone_name = dns_data_utils.rand_zone_name(
name="list_transfer_request_impersonate_alt", suffix=self.tld_name)
alt_zone = self.alt_zone_client.create_zone(name=alt_zone_name)[1]
self.addCleanup(self.wait_zone_delete, self.alt_zone_client,
alt_zone['id'])
LOG.info('Create a zone transfer_request using Primary client')
primary_transfer_request = self.client.create_transfer_request(
primary_zone['id'])[1]
self.addCleanup(self.client.delete_transfer_request,
primary_transfer_request['id'])
LOG.info('Create a zone transfer_request using Alt client')
alt_transfer_request = self.alt_client.create_transfer_request(
alt_zone['id'])[1]
self.addCleanup(self.alt_client.delete_transfer_request,
alt_transfer_request['id'])
request_ids = [
item['id'] for item in self.admin_client.list_transfer_requests(
headers={'x-auth-sudo-project-id': self.alt_client.project_id},
params={'limit': 1000})[1]['transfer_requests']
]
self.assertEqual([alt_transfer_request['id']], request_ids)
# Test RBAC with x-auth-all-projects and x-auth-sudo-project-id header
if CONF.dns_feature_enabled.enforce_new_defaults:
expected_allowed = ['os_system_admin']
else:
expected_allowed = ['os_admin']
self.check_list_IDs_RBAC_enforcement(
'TransferRequestClient',
'list_transfer_requests',
expected_allowed, [primary_transfer_request['id']],
headers={'x-auth-sudo-project-id': self.client.project_id})
def test_create_tsigkey_for_zone_invalid_algorithm(self):
zone_name = dns_data_utils.rand_zone_name(
name="create_tsigkey_invalid_algo", suffix=self.tld_name)
zone = self.zone_client.create_zone(name=zone_name)[1]
self.addCleanup(self.wait_zone_delete, self.zone_client, zone['id'])
tsigkey_data = {
"name": dns_data_utils.rand_zone_name('Example_Key'),
"algorithm": "zababun",
"secret": "SomeSecretKey",
"scope": "ZONE",
"resource_id": zone['id']
}
self.assertRaisesDns(lib_exc.BadRequest, 'invalid_object', 400,
self.admin_client.create_tsigkey,
tsigkey_data['resource_id'], tsigkey_data['name'],
tsigkey_data['algorithm'], tsigkey_data['secret'],
tsigkey_data['scope'])
def test_huge_size_description(self):
LOG.info('Trying to create a zone using huge size description')
self.assertRaisesDns(lib_exc.BadRequest,
'invalid_object',
400,
self.client.create_zone,
description=dns_data_utils.rand_zone_name() *
10000)
def test_show_import_impersonate_another_project(self):
LOG.info('Import zone "A" using primary client')
zone_name = dns_data_utils.rand_zone_name(
name="show_zone_import_impersonate", suffix=self.tld_name)
zone_data = dns_data_utils.rand_zonefile_data(name=zone_name)
zone_import = self.client.create_zone_import(
zonefile_data=zone_data)[1]
self.addCleanup(self.clean_up_resources, zone_import['id'])
# Make sure we complete the import and have the zone_id for cleanup
waiters.wait_for_zone_import_status(self.client, zone_import['id'],
const.COMPLETE)
LOG.info('Show a zone import for a Primary tenant, using Alt tenant. '
'Expected:404 NotFound')
self.assertRaises(
lib_exc.NotFound,
lambda: self.alt_client.show_zone_import(zone_import['id']))
LOG.info('Show a zone import for a Primary tenant using Alt tenant '
'and "x-auth-sudo-project-id" HTTP header. '
'Expected:403 Forbidden')
self.assertRaises(
lib_exc.Forbidden, lambda: self.alt_client.show_zone_import(
zone_import['id'],
headers={'x-auth-sudo-project-id': zone_import['project_id']}))
LOG.info('Show a zone import for a Primary tenant, using Admin '
'tenant and "x-auth-sudo-project-id" HTTP header.')
resp_body = self.admin_client.show_zone_import(
uuid=None,
headers={'x-auth-sudo-project-id': zone_import['project_id']})[1]
LOG.info('Show a zone import for a Primary tenant, using Admin '
'tenant without "x-auth-sudo-project-id" HTTP header. '
'Expected:404 NotFound')
self.assertRaises(
lib_exc.NotFound,
lambda: self.admin_client.show_zone_import(zone_import['id']))
LOG.info('Ensure that the shown response matches the expected one')
self.assertExpected(zone_import, resp_body['imports'][0],
self.excluded_keys)
# Test with x-auth-sudo-project-id header
if CONF.dns_feature_enabled.enforce_new_defaults:
expected_allowed = ['os_system_admin']
else:
expected_allowed = ['os_admin']
self.check_list_show_RBAC_enforcement(
'ZoneImportsClient',
'show_zone_import',
expected_allowed,
False,
zone_import['id'],
headers={'x-auth-sudo-project-id': self.client.project_id})
def test_list_zone_exports_all_projects(self):
LOG.info('Create a primary zone and its export')
zone_name = dns_data_utils.rand_zone_name(
name='list_zone_exports_all_projects', suffix=self.tld_name)
primary_zone = self.zone_client.create_zone(name=zone_name)[1]
self.addCleanup(
self.wait_zone_delete, self.zone_client, primary_zone['id'])
primary_export = self.client.create_zone_export(primary_zone['id'])[1]
self.addCleanup(self.client.delete_zone_export, primary_export['id'])
LOG.info('Create an alt zone and its export')
alt_zone_name = dns_data_utils.rand_zone_name(
name='list_zone_exports_all_projects_alt', suffix=self.tld_name)
alt_zone = self.alt_zone_client.create_zone(name=alt_zone_name)[1]
self.addCleanup(
self.wait_zone_delete, self.alt_zone_client, alt_zone['id'])
alt_export = self.alt_client.create_zone_export(alt_zone['id'])[1]
self.addCleanup(self.alt_client.delete_zone_export, alt_export['id'])
LOG.info('As admin user list zone exports for all projects')
# Note: This is an all-projects list call, so other tests running
# in parallel will impact the list result set. Since the default
# pagination limit is only 20, we set a param limit of 1000 here.
listed_exports_ids = [
item['id'] for item in self.admin_client.list_zone_exports(
headers=self.all_projects_header,
params={'limit': 1000})[1]['exports']]
LOG.info('Make sure that all previously created zone '
'export IDs are listed')
for id in [primary_export['id'], alt_export['id']]:
self.assertIn(
id, listed_exports_ids,
'Failed, expected ID:{} was not found in '
'listed IDs:{}'.format(id, listed_exports_ids))
# Test RBAC with x-auth-all-projects
if CONF.dns_feature_enabled.enforce_new_defaults:
expected_allowed = ['os_system_admin']
else:
expected_allowed = ['os_admin']
self.check_list_IDs_RBAC_enforcement(
'ZoneExportsClient', 'list_zone_exports', expected_allowed,
[alt_export['id']], headers=self.all_projects_header)
def test_create_tsigkey_for_zone_empty_secret(self):
LOG.info('Create a zone resource')
zone_name = dns_data_utils.rand_zone_name(
name="create_tsigkey_empty_secret", suffix=self.tld_name)
zone = self.zone_client.create_zone(name=zone_name)[1]
self.addCleanup(self.wait_zone_delete, self.zone_client, zone['id'])
tsigkey_data = {
"name": dns_data_utils.rand_zone_name('Example_Key'),
"algorithm": "hmac-sha256",
"secret": '',
"scope": "ZONE",
"resource_id": zone['id']
}
self.assertRaisesDns(lib_exc.BadRequest, 'invalid_object', 400,
self.admin_client.create_tsigkey,
tsigkey_data['resource_id'], tsigkey_data['name'],
tsigkey_data['algorithm'], tsigkey_data['secret'],
tsigkey_data['scope'])
def test_no_create_superdomain_by_alt_user(self):
zone_name = dns_data_utils.rand_zone_name()
LOG.info('Create a zone as a default user')
_, zone = self.client.create_zone(name='a.b.' + zone_name)
self.addCleanup(self.wait_zone_delete, self.client, zone['id'])
LOG.info('Create a zone as an alt user with existing superdomain')
self.assertRaises(lib_exc.Forbidden,
self.alt_client.create_zone, name=zone_name)
def test_create_blacklist(self):
LOG.info('Create a blacklist')
blacklist = {
'pattern': dns_data_utils.rand_zone_name(),
'description': data_utils.rand_name(),
}
_, body = self.admin_client.create_blacklist(**blacklist)
self.addCleanup(self.admin_client.delete_blacklist, body['id'])
self.assertExpected(blacklist, body, self.excluded_keys)
def test_update_blacklist(self):
LOG.info('Create a blacklist')
_, blacklist = self.admin_client.create_blacklist()
self.addCleanup(self.admin_client.delete_blacklist, blacklist['id'])
LOG.info('Update the blacklist')
pattern = dns_data_utils.rand_zone_name()
description = data_utils.rand_name()
_, body = self.admin_client.update_blacklist(
uuid=blacklist['id'],
pattern=pattern,
description=description,
)
LOG.info('Ensure we response with updated values')
self.assertEqual(pattern, body['pattern'])
self.assertEqual(description, body['description'])
def create_blacklist(self, pattern=None, description=None, params=None):
"""Create a blacklist
:param pattern: The blacklist pattern.
Default: Random Value
:param description: A description of the blacklist.
Default: Random Value
:param params: A Python dict that represents the query paramaters to
include in the request URI.
:return: A tuple with the server response and the created blacklist.
"""
blacklist = {
'pattern': pattern or dns_data_utils.rand_zone_name(),
'description': description or data_utils.rand_name(),
}
resp, body = self._create_request('blacklists', blacklist,
params=params)
self.expected_success(201, resp.status)
return resp, body