def update_transfer_request(self,
uuid,
transfer_request_data=None,
params=None):
"""Update a zone transfer_requests.
:param uuid: Unique identifier of the zone transfer request in UUID
format.
:transfer_request_data: A python dictionary representing
data for zone transfer request
:param params: A Python dict that represents the query paramaters to
include in the request URI.
:return: Serialized imported zone as a dictionary.
"""
transfer_request_uri = 'zones/tasks/transfer_requests'
transfer_request_data = (transfer_request_data or
dns_data_utils.rand_transfer_request_data())
resp, body = self._update_request(transfer_request_uri,
uuid,
transfer_request_data,
params=params)
# Create Transfer request should Return a HTTP 200
self.expected_success(200, resp.status)
return resp, body
def test_show_transfer_request_as_target(self):
# Checks the target of a scoped transfer request can see
# the request.
LOG.info('Create a zone')
_, zone = self.zone_client.create_zone()
self.addCleanup(self.zone_client.delete_zone, zone['id'])
transfer_request_data = dns_data_utils.rand_transfer_request_data(
target_project_id=self.os_alt.credentials.project_id)
LOG.info('Create a scoped zone transfer_request')
_, transfer_request = self.client.create_transfer_request(
zone['id'], transfer_request_data)
self.addCleanup(self.client.delete_transfer_request,
transfer_request['id'])
LOG.info('Fetch the transfer_request as the target')
_, body = self.alt_client.show_transfer_request(transfer_request['id'])
LOG.info('Ensure the fetched response matches the '
'created transfer_request')
excluded_keys = self.excluded_keys + [
"target_project_id", "project_id"
]
self.assertExpected(transfer_request, body, excluded_keys)
def test_create_transfer_request_scoped(self):
LOG.info('Create a zone')
_, zone = self.zone_client.create_zone()
self.addCleanup(self.zone_client.delete_zone, zone['id'])
transfer_request_data = dns_data_utils.rand_transfer_request_data(
target_project_id=self.os_alt.credentials.project_id)
LOG.info('Create a scoped zone transfer_request')
_, transfer_request = self.client.create_transfer_request(
zone['id'], transfer_request_data)
self.addCleanup(self.client.delete_transfer_request,
transfer_request['id'])
LOG.info('Ensure we respond with ACTIVE status')
self.assertEqual('ACTIVE', transfer_request['status'])
def test_create_transfer_request_scoped(self):
LOG.info('Create a zone')
_, zone = self.zone_client.create_zone()
self.addCleanup(self.wait_zone_delete, self.zone_client, zone['id'])
transfer_request_data = dns_data_utils.rand_transfer_request_data(
target_project_id=self.os_alt.credentials.project_id)
LOG.info('Create a scoped zone transfer_request')
_, transfer_request = self.client.create_transfer_request(
zone['id'], transfer_request_data)
self.addCleanup(self.client.delete_transfer_request,
transfer_request['id'])
LOG.info('Ensure we respond with ACTIVE status')
self.assertEqual('ACTIVE', transfer_request['status'])
def test_create_transfer_request_scoped(self):
LOG.info('Create a zone')
zone_name = dns_data_utils.rand_zone_name(
name="create_transfer_request_scoped", suffix=self.tld_name)
zone = self.zone_client.create_zone(name=zone_name)[1]
self.addCleanup(self.wait_zone_delete, self.zone_client, zone['id'])
transfer_request_data = dns_data_utils.rand_transfer_request_data(
target_project_id=self.os_alt.credentials.project_id)
LOG.info('Create a scoped zone transfer_request')
transfer_request = self.client.create_transfer_request(
zone['id'], transfer_request_data)[1]
self.addCleanup(self.client.delete_transfer_request,
transfer_request['id'])
LOG.info('Ensure we respond with ACTIVE status')
self.assertEqual('ACTIVE', transfer_request['status'])
def test_zone_transfer_target_project(self):
LOG.info('Create a zone as "primary" tenant')
zone_name = dns_data_utils.rand_zone_name(
name="zone_transfer_target_project", suffix=self.tld_name)
zone = self.zones_client.create_zone(name=zone_name)[1]
LOG.info('Create transfer_request with target project set to '
'"Admin" tenant')
transfer_request_data = dns_data_utils.rand_transfer_request_data(
target_project_id=self.os_admin.credentials.project_id)
transfer_request = self.request_client.create_transfer_request(
zone['id'], transfer_request_data)[1]
self.addCleanup(self.request_client.delete_transfer_request,
transfer_request['id'])
LOG.info('Ensure we respond with ACTIVE status')
self.assertEqual('ACTIVE', transfer_request['status'])
LOG.info('Accept the request as "alt" tenant, Expected: should fail '
'as "admin" was set as a target project.')
accept_data = {
"key": transfer_request['key'],
"zone_transfer_request_id": transfer_request['id']
}
self.assertRaises(lib_exc.Forbidden,
self.alt_accept_client.create_transfer_accept,
transfer_accept_data=accept_data)
LOG.info('Accept the request as "Admin" tenant, Expected: should work')
self.admin_accept_client.create_transfer_accept(
accept_data,
headers={
'x-auth-sudo-project-id': self.os_admin.credentials.project_id
},
extra_headers=True)
LOG.info('Fetch the zone as "Admin" tenant')
admin_zone = self.admin_zones_client.show_zone(
zone['id'],
headers={
'x-auth-sudo-project-id': self.os_admin.credentials.project_id
})[1]
self.addCleanup(self.wait_zone_delete, self.admin_zones_client,
admin_zone['id'])
def test_show_transfer_request_as_target(self):
# Checks the target of a scoped transfer request can see
# the request.
LOG.info('Create a zone')
zone_name = dns_data_utils.rand_zone_name(
name="create_transfer_request_as_target", suffix=self.tld_name)
zone = self.zone_client.create_zone(name=zone_name)[1]
self.addCleanup(self.wait_zone_delete, self.zone_client, zone['id'])
transfer_request_data = dns_data_utils.rand_transfer_request_data(
target_project_id=self.os_alt.credentials.project_id)
LOG.info('Create a scoped zone transfer_request')
transfer_request = self.client.create_transfer_request(
zone['id'], transfer_request_data)[1]
self.addCleanup(self.client.delete_transfer_request,
transfer_request['id'])
LOG.info('Fetch the transfer_request as the target')
body = self.alt_client.show_transfer_request(transfer_request['id'])[1]
LOG.info('Ensure the fetched response matches the '
'created transfer_request')
excluded_keys = self.excluded_keys + [
"target_project_id", "project_id"
]
self.assertExpected(transfer_request, body, excluded_keys)
# TODO(johnsom) Test reader role once this bug is fixed:
# https://bugs.launchpad.net/tempest/+bug/1964509
# Test RBAC when a transfer target project is specified.
expected_allowed = ['os_primary', 'os_alt']
if CONF.dns_feature_enabled.enforce_new_defaults:
expected_allowed.append('os_system_admin')
else:
expected_allowed.append('os_admin')
self.check_list_show_RBAC_enforcement('TransferRequestClient',
'show_transfer_request',
expected_allowed, True,
transfer_request['id'])
def update_transfer_request(self, uuid, transfer_request_data=None,
params=None):
"""Update a zone transfer_requests.
:param uuid: Unique identifier of the zone transfer request in UUID
format.
:transfer_request_data: A python dictionary representing
data for zone transfer request
:param params: A Python dict that represents the query paramaters to
include in the request URI.
:return: Serialized imported zone as a dictionary.
"""
transfer_request_uri = 'zones/tasks/transfer_requests'
transfer_request_data = (transfer_request_data or
dns_data_utils.rand_transfer_request_data())
resp, body = self._update_request(
transfer_request_uri, uuid, transfer_request_data, params=params)
# Create Transfer request should Return a HTTP 200
self.expected_success(200, resp.status)
return resp, body
def test_show_transfer_request_as_target(self):
# Checks the target of a scoped transfer request can see
# the request.
LOG.info('Create a zone')
_, zone = self.zone_client.create_zone()
self.addCleanup(self.wait_zone_delete, self.zone_client, zone['id'])
transfer_request_data = dns_data_utils.rand_transfer_request_data(
target_project_id=self.os_alt.credentials.project_id)
LOG.info('Create a scoped zone transfer_request')
_, transfer_request = self.client.create_transfer_request(
zone['id'], transfer_request_data)
self.addCleanup(self.client.delete_transfer_request,
transfer_request['id'])
LOG.info('Fetch the transfer_request as the target')
_, body = self.alt_client.show_transfer_request(transfer_request['id'])
LOG.info('Ensure the fetched response matches the '
'created transfer_request')
excluded_keys = self.excluded_keys + ["target_project_id",
"project_id"]
self.assertExpected(transfer_request, body, excluded_keys)
