class SharedZoneTestContext(object):
"""
Creates multiple zones to test authorization / access to shared zones across users
"""
def __init__(self):
self.ok_vinyldns_client = VinylDNSClient(VinylDNSTestContext.vinyldns_url, 'okAccessKey', 'okSecretKey')
self.dummy_vinyldns_client = VinylDNSClient(VinylDNSTestContext.vinyldns_url, 'dummyAccessKey', 'dummySecretKey')
self.shared_zone_vinyldns_client = VinylDNSClient(VinylDNSTestContext.vinyldns_url, 'sharedZoneUserAccessKey', 'sharedZoneUserSecretKey')
self.dummy_group = None
self.ok_group = None
self.shared_record_group = None
self.tear_down() # ensures that the environment is clean before starting
try:
ok_group = {
'name': 'ok-group',
'email': '*****@*****.**',
'description': 'this is a description',
'members': [ { 'id': 'ok'} ],
'admins': [ { 'id': 'ok'} ]
}
self.ok_group = self.ok_vinyldns_client.create_group(ok_group, status=200)
# in theory this shouldn't be needed, but getting 'user is not in group' errors on zone creation
self.confirm_member_in_group(self.ok_vinyldns_client, self.ok_group)
dummy_group = {
'name': 'dummy-group',
'email': '*****@*****.**',
'description': 'this is a description',
'members': [ { 'id': 'dummy'} ],
'admins': [ { 'id': 'dummy'} ]
}
self.dummy_group = self.dummy_vinyldns_client.create_group(dummy_group, status=200)
# in theory this shouldn't be needed, but getting 'user is not in group' errors on zone creation
self.confirm_member_in_group(self.dummy_vinyldns_client, self.dummy_group)
shared_record_group = {
'name': 'record-ownergroup',
'email': '*****@*****.**',
'description': 'this is a description',
'members': [ { 'id': 'sharedZoneUser'}, { 'id': 'ok'} ],
'admins': [ { 'id': 'sharedZoneUser'}, { 'id': 'ok'} ]
}
self.shared_record_group = self.ok_vinyldns_client.create_group(shared_record_group, status=200)
ok_zone_change = self.ok_vinyldns_client.create_zone(
{
'name': 'ok.',
'email': '*****@*****.**',
'shared': False,
'adminGroupId': self.ok_group['id'],
'isTest': True,
'connection': {
'name': 'ok.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
},
'transferConnection': {
'name': 'ok.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
}
}, status=202)
self.ok_zone = ok_zone_change['zone']
dummy_zone_change = self.dummy_vinyldns_client.create_zone(
{
'name': 'dummy.',
'email': '*****@*****.**',
'shared': False,
'adminGroupId': self.dummy_group['id'],
'isTest': True,
'connection': {
'name': 'dummy.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
},
'transferConnection': {
'name': 'dummy.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
}
}, status=202)
self.dummy_zone = dummy_zone_change['zone']
ip6_reverse_zone_change = self.ok_vinyldns_client.create_zone(
{
'name': '1.9.e.f.c.c.7.2.9.6.d.f.ip6.arpa.',
'email': '*****@*****.**',
'shared': False,
'adminGroupId': self.ok_group['id'],
'isTest': True,
'connection': {
'name': 'ip6.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
},
'transferConnection': {
'name': 'ip6.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
}
}, status=202
)
self.ip6_reverse_zone = ip6_reverse_zone_change['zone']
ip4_reverse_zone_change = self.ok_vinyldns_client.create_zone(
{
'name': '30.172.in-addr.arpa.',
'email': '*****@*****.**',
'shared': False,
'adminGroupId': self.ok_group['id'],
'isTest': True,
'connection': {
'name': 'ip4.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
},
'transferConnection': {
'name': 'ip4.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
}
}, status=202
)
self.ip4_reverse_zone = ip4_reverse_zone_change['zone']
classless_base_zone_change = self.ok_vinyldns_client.create_zone(
{
'name': '2.0.192.in-addr.arpa.',
'email': '*****@*****.**',
'shared': False,
'adminGroupId': self.ok_group['id'],
'isTest': True,
'connection': {
'name': 'classless-base.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
},
'transferConnection': {
'name': 'classless-base.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
}
}, status=202
)
self.classless_base_zone = classless_base_zone_change['zone']
classless_zone_delegation_change = self.ok_vinyldns_client.create_zone(
{
'name': '192/30.2.0.192.in-addr.arpa.',
'email': '*****@*****.**',
'shared': False,
'adminGroupId': self.ok_group['id'],
'isTest': True,
'connection': {
'name': 'classless.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
},
'transferConnection': {
'name': 'classless.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
}
}, status=202
)
self.classless_zone_delegation_zone = classless_zone_delegation_change['zone']
system_test_zone_change = self.ok_vinyldns_client.create_zone(
{
'name': 'system-test.',
'email': '*****@*****.**',
'shared': False,
'adminGroupId': self.ok_group['id'],
'isTest': True,
'connection': {
'name': 'system-test.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
},
'transferConnection': {
'name': 'system-test.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
}
}, status=202
)
self.system_test_zone = system_test_zone_change['zone']
# parent zone gives access to the dummy user, dummy user cannot manage ns records
parent_zone_change = self.ok_vinyldns_client.create_zone(
{
'name': 'parent.com.',
'email': '*****@*****.**',
'shared': False,
'adminGroupId': self.ok_group['id'],
'isTest': True,
'acl': {
'rules': [
{
'accessLevel': 'Delete',
'description': 'some_test_rule',
'userId': 'dummy'
}
]
},
'connection': {
'name': 'parent.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
},
'transferConnection': {
'name': 'parent.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
}
}, status=202)
self.parent_zone = parent_zone_change['zone']
shared_zone_change = self.set_up_shared_zone('shared-zone')
self.shared_zone = shared_zone_change['zone']
non_test_shared_zone_change = self.set_up_shared_zone('non-test-shared-zone')
self.non_test_shared_zone = non_test_shared_zone_change['zone']
# wait until our zones are created
self.ok_vinyldns_client.wait_until_zone_exists(system_test_zone_change)
self.ok_vinyldns_client.wait_until_zone_exists(ok_zone_change)
self.dummy_vinyldns_client.wait_until_zone_exists(dummy_zone_change)
self.ok_vinyldns_client.wait_until_zone_exists(ip6_reverse_zone_change)
self.ok_vinyldns_client.wait_until_zone_exists(ip4_reverse_zone_change)
self.ok_vinyldns_client.wait_until_zone_exists(classless_base_zone_change)
self.ok_vinyldns_client.wait_until_zone_exists(classless_zone_delegation_change)
self.ok_vinyldns_client.wait_until_zone_exists(system_test_zone_change)
self.ok_vinyldns_client.wait_until_zone_exists(parent_zone_change)
self.shared_zone_vinyldns_client.wait_until_zone_change_status_synced(shared_zone_change)
shared_sync_change = self.shared_zone_vinyldns_client.sync_zone(self.shared_zone['id'])
self.shared_zone_vinyldns_client.wait_until_zone_change_status_synced(non_test_shared_zone_change)
non_test_shared_sync_change = self.shared_zone_vinyldns_client.sync_zone(self.non_test_shared_zone['id'])
self.shared_zone_vinyldns_client.wait_until_zone_change_status_synced(shared_sync_change)
self.shared_zone_vinyldns_client.wait_until_zone_change_status_synced(non_test_shared_sync_change)
# validate all in there
zones = self.dummy_vinyldns_client.list_zones()['zones']
assert_that(len(zones), is_(2))
zones = self.ok_vinyldns_client.list_zones()['zones']
assert_that(len(zones), is_(7))
zones = self.shared_zone_vinyldns_client.list_zones()['zones']
assert_that(len(zones), is_(2))
except:
# teardown if there was any issue in setup
try:
self.tear_down()
except:
pass
raise
def set_up_shared_zone(self, zone_id):
# shared zones are created through test data loader, but needs connection info added here to use
get_shared_zone = self.shared_zone_vinyldns_client.get_zone(zone_id)
shared_zone = get_shared_zone['zone']
connection_info = {
'name': 'shared.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
}
shared_zone['connection'] = connection_info
shared_zone['transferConnection'] = connection_info
return self.shared_zone_vinyldns_client.update_zone(shared_zone, status=202)
def tear_down(self):
"""
The ok_vinyldns_client is a zone admin on _all_ the zones.
We shouldn't have to do any checks now, as zone admins have full rights to all zones, including
deleting all records (even in the old shared model)
"""
clear_zones(self.dummy_vinyldns_client)
clear_zones(self.ok_vinyldns_client)
clear_groups(self.dummy_vinyldns_client)
clear_groups(self.ok_vinyldns_client)
def confirm_member_in_group(self, client, group):
retries = 2
success = group in client.list_all_my_groups(status=200)
while retries >= 0 and not success:
success = group in client.list_all_my_groups(status=200)
time.sleep(.05)
retries -= 1
assert_that(success, is_(True))
class ListZonesTestContext(object):
def __init__(self):
self.client = VinylDNSClient(VinylDNSTestContext.vinyldns_url, 'listZonesAccessKey', 'listZonesSecretKey')
self.tear_down() # ensures that the environment is clean before starting
try:
group = {
'name': 'list-zones-group',
'email': '*****@*****.**',
'description': 'this is a description',
'members': [ { 'id': 'list-zones-user'} ],
'admins': [ { 'id': 'list-zones-user'} ]
}
self.list_zones_group = self.client.create_group(group, status=200)
search_zone_1_change = self.client.create_zone(
{
'name': 'list-zones-test-searched-1.',
'email': '*****@*****.**',
'shared': False,
'adminGroupId': self.list_zones_group['id'],
'isTest': True,
'connection': {
'name': 'vinyldns.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
},
'transferConnection': {
'name': 'vinyldns.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
}
}, status=202)
self.search_zone_1 = search_zone_1_change['zone']
search_zone_2_change = self.client.create_zone(
{
'name': 'list-zones-test-searched-2.',
'email': '*****@*****.**',
'shared': False,
'adminGroupId': self.list_zones_group['id'],
'isTest': True,
'connection': {
'name': 'vinyldns.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
},
'transferConnection': {
'name': 'vinyldns.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
}
}, status=202)
self.search_zone_2 = search_zone_2_change['zone']
search_zone_3_change = self.client.create_zone(
{
'name': 'list-zones-test-searched-3.',
'email': '*****@*****.**',
'shared': False,
'adminGroupId': self.list_zones_group['id'],
'isTest': True,
'connection': {
'name': 'vinyldns.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
},
'transferConnection': {
'name': 'vinyldns.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
}
}, status=202)
self.search_zone_3 = search_zone_3_change['zone']
non_search_zone_1_change = self.client.create_zone(
{
'name': 'list-zones-test-unfiltered-1.',
'email': '*****@*****.**',
'shared': False,
'adminGroupId': self.list_zones_group['id'],
'isTest': True,
'connection': {
'name': 'vinyldns.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
},
'transferConnection': {
'name': 'vinyldns.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
}
}, status=202)
self.non_search_zone_1 = non_search_zone_1_change['zone']
non_search_zone_2_change = self.client.create_zone(
{
'name': 'list-zones-test-unfiltered-2.',
'email': '*****@*****.**',
'shared': False,
'adminGroupId': self.list_zones_group['id'],
'isTest': True,
'connection': {
'name': 'vinyldns.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
},
'transferConnection': {
'name': 'vinyldns.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
}
}, status=202)
self.non_search_zone_2 = non_search_zone_2_change['zone']
self.zone_ids = [self.search_zone_1['id'], self.search_zone_2['id'], self.search_zone_3['id'], self.non_search_zone_1['id'], self.non_search_zone_2['id']]
zone_changes = [search_zone_1_change, search_zone_2_change, search_zone_3_change, non_search_zone_1_change, non_search_zone_2_change]
for change in zone_changes:
self.client.wait_until_zone_exists(change)
except:
# teardown if there was any issue in setup
try:
self.tear_down()
except:
pass
raise
def tear_down(self):
clear_zones(self.client)
clear_groups(self.client)
class ZoneHistoryContext(object):
"""
Creates a zone with multiple zone changes and record set changes
"""
def __init__(self):
self.client = VinylDNSClient(VinylDNSTestContext.vinyldns_url,
'history-key', 'history-secret')
self.tear_down()
self.group = None
group = {
'name': 'history-group',
'email': '*****@*****.**',
'description': 'this is a description',
'members': [{
'id': 'history-id'
}],
'admins': [{
'id': 'history-id'
}]
}
self.group = self.client.create_group(group, status=200)
# in theory this shouldn't be needed, but getting 'user is not in group' errors on zone creation
self.confirm_member_in_group(self.client, self.group)
zone_change = self.client.create_zone(
{
'name': 'system-test-history.',
'email': '*****@*****.**',
'shared': True,
'adminGroupId': self.group['id'],
'connection': {
'name': 'vinyldns.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
},
'transferConnection': {
'name': 'vinyldns.',
'keyName': VinylDNSTestContext.dns_key_name,
'key': VinylDNSTestContext.dns_key,
'primaryServer': VinylDNSTestContext.dns_ip
}
},
status=202)
self.zone = zone_change['zone']
self.client.wait_until_zone_exists(zone_change)
# change the zone nine times to we have update events in zone change history, ten total changes including creation
for i in range(2, 11):
zone_update = dict(self.zone)
zone_update['connection']['key'] = VinylDNSTestContext.dns_key
zone_update['transferConnection'][
'key'] = VinylDNSTestContext.dns_key
zone_update[
'email'] = 'i.changed.this.{0}[email protected]'.format(
i)
zone_update = self.client.update_zone(zone_update,
status=202)['zone']
# create some record sets
(achange, a_record) = self.create_recordset(TestData.A)
(aaaachange, aaaa_record) = self.create_recordset(TestData.AAAA)
(cnamechange, cname_record) = self.create_recordset(TestData.CNAME)
# wait here for all the record sets to be created
self.client.wait_until_recordset_exists(a_record['zoneId'],
a_record['id'])
self.client.wait_until_recordset_exists(aaaa_record['zoneId'],
aaaa_record['id'])
self.client.wait_until_recordset_exists(cname_record['zoneId'],
cname_record['id'])
# update the record sets
a_record_update = dict(a_record)
a_record_update['ttl'] += 100
a_record_update['records'][0]['address'] = '9.9.9.9'
(achange, a_record_update) = self.update_recordset(a_record_update)
aaaa_record_update = dict(aaaa_record)
aaaa_record_update['ttl'] += 100
aaaa_record_update['records'][0]['address'] = '2003:db8:0:0:0:0:0:4'
(aaaachange,
aaaa_record_update) = self.update_recordset(aaaa_record_update)
cname_record_update = dict(cname_record)
cname_record_update['ttl'] += 100
cname_record_update['records'][0]['cname'] = 'changed-cname.'
(cnamechange,
cname_record_update) = self.update_recordset(cname_record_update)
self.client.wait_until_recordset_change_status(achange, 'Complete')
self.client.wait_until_recordset_change_status(aaaachange, 'Complete')
self.client.wait_until_recordset_change_status(cnamechange, 'Complete')
# delete the recordsets
self.delete_recordset(a_record)
self.delete_recordset(aaaa_record)
self.delete_recordset(cname_record)
self.client.wait_until_recordset_deleted(a_record['zoneId'],
a_record['id'])
self.client.wait_until_recordset_deleted(aaaa_record['zoneId'],
aaaa_record['id'])
self.client.wait_until_recordset_deleted(cname_record['zoneId'],
cname_record['id'])
# the resulting context should contain all of the parts so it makes it simple to test
self.results = {
'zone': self.zone,
'zoneUpdate': zone_update,
'creates': [a_record, aaaa_record, cname_record],
'updates':
[a_record_update, aaaa_record_update, cname_record_update]
}
# finalizer called by py.test when the simulation is torn down
def tear_down(self):
self.clear_zones()
self.clear_group()
def clear_group(self):
groups = self.client.list_all_my_groups()
group_ids = map(lambda x: x['id'], groups)
for group_id in group_ids:
self.client.delete_group(group_id, status=200)
def clear_zones(self):
# Get the groups for the ok user
groups = self.client.list_all_my_groups()
group_ids = map(lambda x: x['id'], groups)
zones = self.client.list_zones()['zones']
# we only want to delete zones that the ok user "owns"
zones_to_delete = filter(
lambda x:
(x['adminGroupId'] in group_ids) or (x['account'] in group_ids),
zones)
zone_names_to_delete = map(lambda x: x['name'], zones_to_delete)
zoneids_to_delete = map(lambda x: x['id'], zones_to_delete)
self.client.abandon_zones(zoneids_to_delete)
def create_recordset(self, rs):
rs['zoneId'] = self.zone['id']
result = self.client.create_recordset(rs, status=202)
return result, result['recordSet']
def update_recordset(self, rs):
rs['zoneId'] = self.zone['id']
result = self.client.update_recordset(rs, status=202)
return result, result['recordSet']
def delete_recordset(self, rs):
result = self.client.delete_recordset(self.zone['id'],
rs['id'],
status=202)
return result, result['recordSet']
def confirm_member_in_group(self, client, group):
retries = 2
success = group in client.list_all_my_groups(status=200)
while retries >= 0 and not success:
success = group in client.list_all_my_groups(status=200)
time.sleep(.05)
retries -= 1
assert_that(success, is_(True))
