def test_create_tsigkey_for_zone(self): LOG.info('Create a resource') zone_name = dns_data_utils.rand_zone_name( name="create_tsigkey_for_zone", suffix=self.tld_name) zone = self.zone_client.create_zone(name=zone_name)[1] self.addCleanup(self.wait_zone_delete, self.zone_client, zone['id']) tsigkey_data = { "name": dns_data_utils.rand_zone_name('test_create_tsigkey_for_zone'), "algorithm": "hmac-sha256", "secret": "SomeSecretKey", "scope": "ZONE", "resource_id": zone['id'] } LOG.info('Create a tsigkey') tsigkey = self.admin_client.create_tsigkey(tsigkey_data['resource_id'], tsigkey_data['name'], tsigkey_data['algorithm'], tsigkey_data['secret'], tsigkey_data['scope'])[1] self.addCleanup(self.admin_client.delete_tsigkey, tsigkey['id']) self.assertEqual(tsigkey_data["name"], tsigkey['name']) self.assertEqual(tsigkey_data["scope"], 'ZONE')
def test_admin_creates_zone_matches_blacklist_name_or_regex(self): LOG.info('Create a blacklists using: regex and exact string(name)') zone_name = dns_data_utils.rand_zone_name( name="admin_creates_zone_matches_blacklist1", suffix=self.tld_name) blacklists = [{ 'pattern': '^blacklistnameregextest2.*', 'description': 'Zone starts with "a" char' }, { 'pattern': zone_name, 'description': 'Deny if Zone named:{} '.format(zone_name) }] for blacklist in blacklists: body = self.admin_blacklist_client.create_blacklist(**blacklist)[1] self.addCleanup(self.admin_blacklist_client.delete_blacklist, body['id']) LOG.info('As Admin user try to create zones that are ' 'supposed to be blocked') zone_name2 = dns_data_utils.rand_zone_name( name="admin_creates_zone_matches_blacklist2", suffix=self.tld_name) zone = self.admin_zone_client.create_zone( name=zone_name2, project_id=self.primary_zone_client.project_id)[1] self.addCleanup(self.wait_zone_delete, self.admin_zone_client, zone['id']) zone = self.admin_zone_client.create_zone( name=zone_name, project_id=self.primary_zone_client.project_id)[1] self.addCleanup(self.wait_zone_delete, self.admin_zone_client, zone['id'])
def resource_setup(cls): super(RecordsetsTest, cls).resource_setup() zone_id = CONF.dns.zone_id if zone_id: LOG.info('Retrieve info from a zone') _, zone = cls.client.show_zone(zone_id) else: # Make sure we have an allowed TLD available tld_name = dns_data_utils.rand_zone_name(name="RecordsetsTest") cls.tld_name = f".{tld_name}" cls.class_tld = cls.admin_tld_client.create_tld( tld_name=tld_name[:-1]) LOG.info('Create a new zone') zone_name = dns_data_utils.rand_zone_name( name="recordsets_test_setup", suffix=cls.tld_name) zone = cls.client.create_zone(name=zone_name)[1] cls.addClassResourceCleanup( test_utils.call_and_ignore_notfound_exc, cls.client.delete_zone, zone['id']) LOG.info('Ensure we respond with ACTIVE') waiters.wait_for_zone_status(cls.client, zone['id'], 'ACTIVE') cls.zone = zone
def test_list_zone_exports_filter_results(self): LOG.info('Create a primary zone and its export') zone_name = dns_data_utils.rand_zone_name( name='list_zone_exports_filter', suffix=self.tld_name) primary_zone = self.zone_client.create_zone(name=zone_name)[1] self.addCleanup( self.wait_zone_delete, self.zone_client, primary_zone['id']) primary_export = self.client.create_zone_export(primary_zone['id'])[1] self.addCleanup(self.client.delete_zone_export, primary_export['id']) LOG.info('Create an alt zone, its export and delete it') zone_name = dns_data_utils.rand_zone_name( name='list_zone_exports_filter_alt', suffix=self.tld_name) alt_zone = self.alt_zone_client.create_zone(name=zone_name)[1] self.addCleanup( self.wait_zone_delete, self.alt_zone_client, alt_zone['id']) alt_export = self.alt_client.create_zone_export(alt_zone['id'])[1] self.alt_client.delete_zone_export(alt_export['id']) LOG.info('Ensure the zone export has been successfully deleted') self.assertRaises( lib_exc.NotFound, self.alt_client.show_zone_export, alt_export['id']) LOG.info('Filter out "export zones" in status:ZAHLABUT,' ' expected: empty list') self.assertEqual( [], self.admin_client.list_zone_exports( headers=self.all_projects_header, params={'status': 'ZAHLABUT'})[1]['exports'], 'Failed, filtered result is expected to be empty.') LOG.info('Filter out "export zones" with message:ZABABUN,' ' expected: empty list') self.assertEqual( [], self.admin_client.list_zone_exports( headers=self.all_projects_header, params={'message': 'ZABABUN'})[1]['exports'], 'Failed, filtered result is expected to be empty.') LOG.info('Filter out "export zones" that have been created for ' 'a primary zone. Expected: single zone export is listed') self.assertEqual( 1, len(self.admin_client.list_zone_exports( headers=self.all_projects_header, params={'zone_id': primary_zone['id']})[1]['exports']), 'Failed, filtered result should contain a single zone ' '(primary zone export)') LOG.info('Filter out "export zones" that have been created for ' 'an alt zone expected: empty list (it was deleted)') self.assertEqual( [], self.admin_client.list_zone_exports( headers=self.all_projects_header, params={'zone_id': alt_zone['id']})[1]['exports'], 'Failed, filtered result should be empty.')
def resource_setup(cls): super(BaseRecordsetsTest, cls).resource_setup() # Make sure we have an allowed TLD available tld_name = dns_data_utils.rand_zone_name(name="BaseRecordsetsTest") cls.tld_name = f".{tld_name}" cls.class_tld = cls.admin_tld_client.create_tld(tld_name=tld_name[:-1]) # All the recordset tests need a zone, create one to share zone_name = dns_data_utils.rand_zone_name(name="TestZone", suffix=cls.tld_name) LOG.info('Create a zone: %s', zone_name) cls.zone = cls.zone_client.create_zone(name=zone_name)[1]
def zone(self): if self._zone is None: tld_name = dns_data_utils.rand_zone_name( name="recordsetvalidation") self.class_tld = self.admin_tld_client.create_tld( tld_name=tld_name[:-1]) zone_name = dns_data_utils.rand_zone_name(name="TestZone", suffix=f'.{tld_name}') zone_data = dns_data_utils.rand_zone_data(name=zone_name) resp, body = self.zones_client.create_zone(**zone_data) self._zone = body self.addCleanup(self.wait_zone_delete, self.zones_client, body['id']) return self._zone
def test_create_zones(self): # Create a PRIMARY zone LOG.info('Create a PRIMARY zone') zone_name = dns_data_utils.rand_zone_name(name="create_zones_primary", suffix=self.tld_name) zone = self.client.create_zone(name=zone_name)[1] self.addCleanup(self.wait_zone_delete, self.client, zone['id']) LOG.info('Ensure we respond with CREATE+PENDING') self.assertEqual(const.CREATE, zone['action']) self.assertEqual(const.PENDING, zone['status']) # Get the Name Servers (hosts) created in PRIMARY zone nameservers = self.client.show_zone_nameservers(zone['id'])[1] nameservers = [dic['hostname'] for dic in nameservers['nameservers']] # Create a SECONDARY zone LOG.info('Create a SECONDARY zone') zone_name = dns_data_utils.rand_zone_name( name="create_zones_secondary", suffix=self.tld_name) zone = self.client.create_zone(name=zone_name, zone_type=const.SECONDARY_ZONE_TYPE, primaries=nameservers)[1] self.addCleanup(self.wait_zone_delete, self.client, zone['id']) LOG.info('Ensure we respond with CREATE+PENDING') self.assertEqual(const.CREATE, zone['action']) self.assertEqual(const.PENDING, zone['status']) # Test with no extra header overrides (sudo-project-id) expected_allowed = ['os_admin', 'os_primary', 'os_alt'] if CONF.dns_feature_enabled.enforce_new_defaults: expected_allowed.append('os_system_admin') expected_allowed.append('os_project_member') self.check_CUD_RBAC_enforcement('ZonesClient', 'create_zone', expected_allowed, False) # Test with x-auth-sudo-project-id header expected_allowed = ['os_admin'] if CONF.dns_feature_enabled.enforce_new_defaults: expected_allowed.append('os_system_admin') self.check_CUD_RBAC_enforcement('ZonesClient', 'create_zone', expected_allowed, False, project_id=self.client.project_id)
def test_show_zone_export_impersonate_another_project(self): LOG.info('Create a zone') zone_name = dns_data_utils.rand_zone_name( name='show_zone_export_impersonate', suffix=self.tld_name) zone = self.zone_client.create_zone(name=zone_name)[1] self.addCleanup(self.wait_zone_delete, self.zone_client, zone['id']) LOG.info('Create a zone export using primary client') resp, zone_export = self.client.create_zone_export(zone['id']) self.addCleanup(self.client.delete_zone_export, zone_export['id']) LOG.info('Impersonate "primary" client, to show created zone exports') body = self.admin_client.show_zone_export(uuid=None, headers={ 'x-auth-sudo-project-id': zone['project_id']})[1]['exports'] listed_export_ids = [item['id'] for item in body] LOG.info('Ensure that the fetched response, contains the ID ' 'for a zone export created by primary client.') self.assertIn( zone_export['id'], listed_export_ids, 'Failed, expected ID:{} was not found in listed export zones ' 'for a primary client: {}'.format( zone_export['id'], listed_export_ids)) # Test RBAC with x-auth-sudo-project-id header if CONF.dns_feature_enabled.enforce_new_defaults: expected_allowed = ['os_system_admin'] else: expected_allowed = ['os_admin'] self.check_list_show_RBAC_enforcement( 'ZoneExportsClient', 'show_zone_export', expected_allowed, True, zone_export['id'], headers={'x-auth-sudo-project-id': self.client.project_id})
def test_create_transfer_accept_using_deleted_transfer_request_id(self): LOG.info('Create a zone') zone_name = dns_data_utils.rand_zone_name( name="create_transfer_accept_deleted_id", suffix=self.tld_name) zone = self.zone_client.create_zone(name=zone_name, wait_until='ACTIVE')[1] self.addCleanup(self.wait_zone_delete, self.zone_client, zone['id']) LOG.info('Create a zone transfer_request') transfer_request = self.request_client.create_transfer_request( zone['id'])[1] self.addCleanup( self.transfer_request_delete, self.request_client, transfer_request['id'] ) data = { "key": transfer_request['key'], "zone_transfer_request_id": transfer_request['id'] } LOG.info('Delete transfer request') self.request_client.delete_transfer_request(transfer_request['id']) LOG.info('Ensure 404 when accepting non existing request ID') self.assertRaises(lib_exc.NotFound, lambda: self.client.create_transfer_accept(data))
def test_create_transfer_accept_using_invalid_key(self): LOG.info('Create a zone') zone_name = dns_data_utils.rand_zone_name( name="create_transfer_accept_invalid_key", suffix=self.tld_name) zone = self.zone_client.create_zone(name=zone_name, wait_until='ACTIVE')[1] self.addCleanup(self.wait_zone_delete, self.zone_client, zone['id']) LOG.info('Create a zone transfer_request') transfer_request = self.request_client.create_transfer_request( zone['id'])[1] self.addCleanup( self.transfer_request_delete, self.request_client, transfer_request['id'] ) data = {"key": data_utils.rand_password( len(transfer_request['key'])), "zone_transfer_request_id": transfer_request['id']} LOG.info('Create a zone transfer_accept using invalid key') self.assertRaises( lib_exc.Forbidden, self.client.create_transfer_accept, transfer_accept_data=data)
def test_delete_transfer_request(self): LOG.info('Create a zone') zone_name = dns_data_utils.rand_zone_name( name="delete_transfer_request", suffix=self.tld_name) zone = self.zone_client.create_zone(name=zone_name)[1] self.addCleanup(self.wait_zone_delete, self.zone_client, zone['id']) LOG.info('Create a transfer_request') transfer_request = self.client.create_transfer_request(zone['id'])[1] self.addCleanup(self.client.delete_transfer_request, transfer_request['id'], ignore_errors=lib_exc.NotFound) # Test RBAC expected_allowed = ['os_admin', 'os_primary', 'os_alt'] if CONF.dns_feature_enabled.enforce_new_defaults: expected_allowed.append('os_system_admin') expected_allowed.append('os_project_member') self.check_CUD_RBAC_enforcement('TransferRequestClient', 'delete_transfer_request', expected_allowed, True, transfer_request['id']) LOG.info('Delete the transfer_request') self.client.delete_transfer_request(transfer_request['id']) self.assertRaises( lib_exc.NotFound, lambda: self.client.show_transfer_request(transfer_request['id']))
def test_show_transfer_request_impersonate_another_project(self): LOG.info('Create a zone') zone_name = dns_data_utils.rand_zone_name( name="show_transfer_request_impersonate", suffix=self.tld_name) zone = self.zone_client.create_zone(name=zone_name)[1] self.addCleanup(self.wait_zone_delete, self.zone_client, zone['id']) LOG.info('Create a zone transfer_request') transfer_request = self.client.create_transfer_request(zone['id'])[1] self.addCleanup(self.client.delete_transfer_request, transfer_request['id']) LOG.info('As Admin tenant fetch the transfer_request without using ' '"x-auth-sudo-project-id" HTTP header. Expected: 404') self.assertRaises( lib_exc.NotFound, lambda: self.admin_client.show_transfer_request( transfer_request['id'])) LOG.info('As Admin tenant fetch the transfer_request using ' '"x-auth-sudo-project-id" HTTP header.') body = self.admin_client.show_transfer_request( transfer_request['id'], headers={'x-auth-sudo-project-id': zone['project_id']})[1] LOG.info('Ensure the fetched response matches the ' 'created transfer_request') self.assertExpected(transfer_request, body, self.excluded_keys)
def test_create_zone_import_and_wait_for_zone(self): name = dns_data_utils.rand_zone_name('testimport') zonefile = dns_data_utils.rand_zonefile_data(name=name) LOG.info('Import zone %r', name) _, zone_import = self.client.create_zone_import(zonefile) self.addCleanup(self.client.delete_zone_import, zone_import['id']) LOG.info('Wait for the zone import to COMPLETE') waiters.wait_for_zone_import_status(self.client, zone_import['id'], "COMPLETE") LOG.info('Check the zone import looks good') _, zone_import = self.client.show_zone_import(zone_import['id']) self.addCleanup(self.wait_zone_delete, self.zones_client, zone_import['zone_id']) self.assertEqual('COMPLETE', zone_import['status']) self.assertIsNotNone(zone_import['zone_id']) self.assertIsNotNone(zone_import['links'].get('zone')) LOG.info('Wait for the imported zone to go to ACTIVE') waiters.wait_for_zone_status(self.zones_client, zone_import['zone_id'], "ACTIVE") LOG.info('Check the imported zone looks good') _, zone = self.zones_client.show_zone(zone_import['zone_id']) self.assertEqual('NONE', zone['action']) self.assertEqual('ACTIVE', zone['status']) self.assertEqual(name, zone['name'])
def test_create_tsigkey_for_pool(self): LOG.info('Get the valid pool ID from list of pools') pool = self.pool_admin_client.list_pools()[1]['pools'][0] LOG.info('Create a tsigkey') tsigkey_data = { "name": dns_data_utils.rand_zone_name('Example_Key'), "algorithm": "hmac-sha256", "secret": "SomeSecretKey", "scope": "POOL", "resource_id": pool['id'] } tsigkey = self.admin_client.create_tsigkey(tsigkey_data['resource_id'], tsigkey_data['name'], tsigkey_data['algorithm'], tsigkey_data['secret'], tsigkey_data['scope'])[1] self.addCleanup(self.admin_client.delete_tsigkey, tsigkey['id']) self.assertEqual(tsigkey_data["name"], tsigkey['name']) self.assertEqual(tsigkey_data["scope"], 'POOL') # Test RBAC expected_allowed = ['os_admin'] if CONF.dns_feature_enabled.enforce_new_defaults: expected_allowed.append('os_system_admin') self.check_CUD_RBAC_enforcement( 'TsigkeyClient', 'create_tsigkey', expected_allowed, False, tsigkey_data['resource_id'], tsigkey_data['name'], tsigkey_data['algorithm'], tsigkey_data['secret'], tsigkey_data['scope'])
def test_create_zone_import_and_wait_for_zone(self): name = dns_data_utils.rand_zone_name('testimport') zonefile = dns_data_utils.rand_zonefile_data(name=name) LOG.info('Import zone %r', name) _, zone_import = self.client.create_zone_import(zonefile) self.addCleanup(self.client.delete_zone_import, zone_import['id']) LOG.info('Wait for the zone import to COMPLETE') waiters.wait_for_zone_import_status(self.client, zone_import['id'], "COMPLETE") LOG.info('Check the zone import looks good') _, zone_import = self.client.show_zone_import(zone_import['id']) self.assertEqual('COMPLETE', zone_import['status']) self.assertIsNotNone(zone_import['zone_id']) self.assertIsNotNone(zone_import['links'].get('zone')) LOG.info('Wait for the imported zone to go to ACTIVE') waiters.wait_for_zone_status(self.zones_client, zone_import['zone_id'], "ACTIVE") LOG.info('Check the imported zone looks good') _, zone = self.zones_client.show_zone(zone_import['zone_id']) self.assertEqual('NONE', zone['action']) self.assertEqual('ACTIVE', zone['status']) self.assertEqual(name, zone['name'])
def test_update_tsigkey(self): LOG.info('Create a resource') zone_name = dns_data_utils.rand_zone_name(name="update_tsigkey", suffix=self.tld_name) zone = self.zone_client.create_zone(name=zone_name)[1] self.addCleanup(self.wait_zone_delete, self.zone_client, zone['id']) LOG.info('Create a tsigkey') tsigkey = self.admin_client.create_tsigkey(resource_id=zone['id'])[1] self.addCleanup(self.admin_client.delete_tsigkey, tsigkey['id']) tsigkey_data = {"name": "Patch tsigkey", "secret": "NewSecretKey"} LOG.info('Update the tsigkey') patch_tsigkey = self.admin_client.update_tsigkey( tsigkey['id'], name=tsigkey_data['name'], secret=tsigkey_data['secret'])[1] self.assertEqual(tsigkey_data['name'], patch_tsigkey['name']) self.assertEqual(tsigkey_data['secret'], patch_tsigkey['secret']) # Test RBAC expected_allowed = ['os_admin'] if CONF.dns_feature_enabled.enforce_new_defaults: expected_allowed.append('os_system_admin') self.check_CUD_RBAC_enforcement('TsigkeyClient', 'update_tsigkey', expected_allowed, False, tsigkey['id'], name=tsigkey_data['name'], secret=tsigkey_data['secret'])
def test_list_tsigkey_filter_by_name(self): tsigkey_name = data_utils.rand_name('ddd_tsgikey') LOG.info('As Primary user create a zone for: {} '.format(tsigkey_name)) zone_name = dns_data_utils.rand_zone_name( name="list_tsigkey_filter_name", suffix=self.tld_name) zone = self.zone_client.create_zone(name=zone_name)[1] self.addCleanup(self.wait_zone_delete, self.zone_client, zone['id']) LOG.info('As Admin user create a tsigkey: {} '.format(tsigkey_name)) tsigkey = self.admin_client.create_tsigkey(resource_id=zone['id'], name=tsigkey_name)[1] self.addCleanup(self.admin_client.delete_tsigkey, tsigkey['id']) LOG.info('As Admin, list all tsigkeys named:{}'.format(tsigkey_name)) listed_tsigkeys = self.admin_client.list_tsigkeys( params={'name': tsigkey_name})[1]['tsigkeys'] self.assertEqual( 1, len(listed_tsigkeys), 'Failed, only a single tsigkey, named: {} should be ' 'listed.'.format(tsigkey_name)) LOG.info('As Admin, list all tsigkeys named:"zababun"') listed_tsigkeys = self.admin_client.list_tsigkeys( params={'name': 'zababun'})[1]['tsigkeys'] self.assertEqual(0, len(listed_tsigkeys), 'Failed, no tsigkey should be listed')
def test_create_and_delete_zone(self): LOG.info('Create a zone') zone_name = dns_data_utils.rand_zone_name( name="create_and_delete_zone", suffix=self.tld_name) zone = self.client.create_zone(name=zone_name)[1] self.addCleanup(self.wait_zone_delete, self.client, zone['id'], ignore_errors=lib_exc.NotFound) LOG.info('Ensure we respond with CREATE+PENDING') self.assertEqual(const.CREATE, zone['action']) self.assertEqual(const.PENDING, zone['status']) waiters.wait_for_zone_status(self.client, zone['id'], const.ACTIVE) LOG.info('Re-Fetch the zone') zone = self.client.show_zone(zone['id'])[1] LOG.info('Ensure we respond with NONE+ACTIVE') self.assertEqual(const.NONE, zone['action']) self.assertEqual(const.ACTIVE, zone['status']) LOG.info('Delete the zone') zone = self.client.delete_zone(zone['id'])[1] LOG.info('Ensure we respond with DELETE+PENDING') self.assertEqual(const.DELETE, zone['action']) self.assertEqual(const.PENDING, zone['status']) waiters.wait_for_zone_404(self.client, zone['id'])
def create_zone(self, name=None, email=None, ttl=None, description=None, wait_until=False, params=None): """Create a zone with the specified parameters. :param name: The name of the zone. Default: Random Value :param email: The email for the zone. Default: Random Value :param ttl: The ttl for the zone. Default: Random Value :param description: A description of the zone. Default: Random Value :param wait_until: Block until the zone reaches the desiered status :param params: A Python dict that represents the query paramaters to include in the request URI. :return: A tuple with the server response and the created zone. """ zone = { 'name': name or dns_data_utils.rand_zone_name(), 'email': email or dns_data_utils.rand_email(), 'ttl': ttl or dns_data_utils.rand_ttl(), 'description': description or data_utils.rand_name('test-zone'), } resp, body = self._create_request('zones', zone, params=params) # Create Zone should Return a HTTP 202 self.expected_success(202, resp.status) if wait_until: waiters.wait_for_zone_status(self, body['id'], wait_until) return resp, body
def resource_setup(cls): super(BaseZonesTest, cls).resource_setup() # Make sure we have an allowed TLD available tld_name = dns_data_utils.rand_zone_name(name="BaseZonesTest") cls.tld_name = f".{tld_name}" cls.class_tld = cls.admin_tld_client.create_tld(tld_name=tld_name[:-1])
def test_update_blacklist(self): LOG.info('Create a blacklist') _, blacklist = self.admin_client.create_blacklist() self.addCleanup(self.admin_client.delete_blacklist, blacklist['id']) LOG.info('Update the blacklist') pattern = dns_data_utils.rand_zone_name() description = data_utils.rand_name() _, body = self.admin_client.update_blacklist( uuid=blacklist['id'], pattern=pattern, description=description, ) LOG.info('Ensure we response with updated values') self.assertEqual(pattern, body['pattern']) self.assertEqual(description, body['description']) expected_allowed = ['os_admin'] if CONF.dns_feature_enabled.enforce_new_defaults: expected_allowed = ['os_system_admin'] self.check_CUD_RBAC_enforcement( 'BlacklistsClient', 'update_blacklist', expected_allowed, False, uuid=blacklist['id'], pattern=pattern, description=description)
def create_blacklist(self, pattern=None, description=None, params=None): """Create a blacklist :param pattern: The blacklist pattern. Default: Random Value :param description: A description of the blacklist. Default: Random Value :param params: A Python dict that represents the query paramaters to include in the request URI. :return: A tuple with the server response and the created blacklist. """ blacklist = { 'pattern': pattern or dns_data_utils.rand_zone_name(), 'description': description or data_utils.rand_name(), } if pattern == '': blacklist['pattern'] = '' resp, body = self._create_request('blacklists', blacklist, params=params) self.expected_success(201, resp.status) return resp, body
def test_delete_zone_with_existing_recordset(self): LOG.info('Create a Zone') zone_name = dns_data_utils.rand_zone_name(name="TestZone", suffix=self.tld_name) zone = self.zone_client.create_zone(name=zone_name, wait_until=const.ACTIVE)[1] self.addCleanup(self.wait_zone_delete, self.zone_client, zone['id']) LOG.info('Create a Recordset') recordset_data = dns_data_utils.rand_recordset_data( record_type='A', zone_name=zone['name']) record = self.client.create_recordset(zone['id'], recordset_data, wait_until=const.ACTIVE)[1] LOG.info("Delete a Zone and wait till it's done") body = self.zone_client.delete_zone(zone['id'])[1] LOG.info('Ensure we respond with DELETE+PENDING') self.assertEqual(const.DELETE, body['action']) self.assertEqual(const.PENDING, body['status']) LOG.info('Ensure successful deletion of Zone') waiters.wait_for_zone_404(self.zone_client, zone['id']) LOG.info('Ensure successful deletion of Recordset') self.assertRaises( lib_exc.NotFound, lambda: self.client.show_recordset(zone['id'], record['id']))
def update_blacklist(self, uuid, pattern=None, description=None, params=None): """Update a blacklist with the specified parameters. :param uuid: The unique identifier of the blacklist. :param pattern: The blacklist pattern. Default: Random Value :param description: A description of the blacklist. Default: Random Value :param params: A Python dict that represents the query paramaters to include in the request URI. :return: A tuple with the server response and the updated blacklist. """ blacklist = { 'pattern': pattern or dns_data_utils.rand_zone_name(prefix='testdomain'), 'description': description or data_utils.rand_name(), } resp, body = self._update_request('blacklists', uuid, blacklist, params=params) self.expected_success(200, resp.status) return resp, body
def test_show_tsigkey(self): LOG.info('Create a resource') zone_name = dns_data_utils.rand_zone_name(name="show_tsigkey", suffix=self.tld_name) zone = self.zone_client.create_zone(name=zone_name)[1] self.addCleanup(self.wait_zone_delete, self.zone_client, zone['id']) LOG.info('Create a tsigkey') tsigkey = self.admin_client.create_tsigkey(resource_id=zone['id'])[1] self.addCleanup(self.admin_client.delete_tsigkey, tsigkey['id']) LOG.info('Fetch the tsigkey') body = self.admin_client.show_tsigkey(tsigkey['id'])[1] LOG.info('Ensure the fetched response matches the created tsigkey') self.assertExpected(tsigkey, body, self.excluded_keys) # Test RBAC expected_allowed = ['os_admin'] if CONF.dns_feature_enabled.enforce_new_defaults: expected_allowed = ['os_system_admin', 'os_system_reader'] self.check_list_show_RBAC_enforcement('TsigkeyClient', 'show_tsigkey', expected_allowed, True, tsigkey['id'])
def test_manually_trigger_update_secondary_zone_negative(self): # Create a PRIMARY zone LOG.info('Create a PRIMARY zone') zone_name = dns_data_utils.rand_zone_name( name="manually_trigger_update_primary", suffix=self.tld_name) pr_zone = self.client.create_zone(name=zone_name)[1] self.addCleanup(self.wait_zone_delete, self.client, pr_zone['id']) waiters.wait_for_zone_status(self.client, pr_zone['id'], 'ACTIVE') LOG.info('Ensure we respond with CREATE+PENDING') self.assertEqual('CREATE', pr_zone['action']) self.assertEqual('PENDING', pr_zone['status']) # Get the Name Servers created for a PRIMARY zone nameservers = [ dic['hostname'] for dic in self.client.show_zone_nameservers( pr_zone['id'])[1]['nameservers'] ] # Make sure that the nameservers are not available using DNS # query and if it does, skip the test. LOG.info('Check if NameServers are available, skip the test if not') for ns in nameservers: if self._query_nameserver(ns, 5, pr_zone['name'], zone_type='SOA') is True: raise self.skipException( "Nameserver:{} is available, but negative test scenario " "needs it to be unavailable, therefore test is " "skipped.".format(ns.strip('.'))) # Create a SECONDARY zone LOG.info('Create a SECONDARY zone') zone_name = dns_data_utils.rand_zone_name( name="manually_trigger_update_secondary", suffix=self.tld_name) sec_zone = self.client.create_zone(name=zone_name, zone_type=const.SECONDARY_ZONE_TYPE, primaries=nameservers)[1] self.addCleanup(self.wait_zone_delete, self.client, sec_zone['id']) LOG.info('Ensure we respond with CREATE+PENDING') self.assertEqual('CREATE', sec_zone['action']) self.assertEqual('PENDING', sec_zone['status']) # Manually trigger_update zone LOG.info('Manually Trigger an Update of a Secondary Zone when the ' 'nameservers not pingable. Expected: error status code 500') with self.assertRaisesDns(lib_exc.ServerFault, 'unknown', 500): self.client.trigger_manual_update(sec_zone['id'])
def test_list_transfer_requests_impersonate_another_project(self): LOG.info('Create a Primary zone') zone_name = dns_data_utils.rand_zone_name( name="list_transfer_request_impersonate", suffix=self.tld_name) primary_zone = self.zone_client.create_zone(name=zone_name)[1] self.addCleanup(self.wait_zone_delete, self.zone_client, primary_zone['id']) LOG.info('Create an Alt zone') alt_zone_name = dns_data_utils.rand_zone_name( name="list_transfer_request_impersonate_alt", suffix=self.tld_name) alt_zone = self.alt_zone_client.create_zone(name=alt_zone_name)[1] self.addCleanup(self.wait_zone_delete, self.alt_zone_client, alt_zone['id']) LOG.info('Create a zone transfer_request using Primary client') primary_transfer_request = self.client.create_transfer_request( primary_zone['id'])[1] self.addCleanup(self.client.delete_transfer_request, primary_transfer_request['id']) LOG.info('Create a zone transfer_request using Alt client') alt_transfer_request = self.alt_client.create_transfer_request( alt_zone['id'])[1] self.addCleanup(self.alt_client.delete_transfer_request, alt_transfer_request['id']) request_ids = [ item['id'] for item in self.admin_client.list_transfer_requests( headers={'x-auth-sudo-project-id': self.alt_client.project_id}, params={'limit': 1000})[1]['transfer_requests'] ] self.assertEqual([alt_transfer_request['id']], request_ids) # Test RBAC with x-auth-all-projects and x-auth-sudo-project-id header if CONF.dns_feature_enabled.enforce_new_defaults: expected_allowed = ['os_system_admin'] else: expected_allowed = ['os_admin'] self.check_list_IDs_RBAC_enforcement( 'TransferRequestClient', 'list_transfer_requests', expected_allowed, [primary_transfer_request['id']], headers={'x-auth-sudo-project-id': self.client.project_id})
def test_create_tsigkey_for_zone_invalid_algorithm(self): zone_name = dns_data_utils.rand_zone_name( name="create_tsigkey_invalid_algo", suffix=self.tld_name) zone = self.zone_client.create_zone(name=zone_name)[1] self.addCleanup(self.wait_zone_delete, self.zone_client, zone['id']) tsigkey_data = { "name": dns_data_utils.rand_zone_name('Example_Key'), "algorithm": "zababun", "secret": "SomeSecretKey", "scope": "ZONE", "resource_id": zone['id'] } self.assertRaisesDns(lib_exc.BadRequest, 'invalid_object', 400, self.admin_client.create_tsigkey, tsigkey_data['resource_id'], tsigkey_data['name'], tsigkey_data['algorithm'], tsigkey_data['secret'], tsigkey_data['scope'])
def test_huge_size_description(self): LOG.info('Trying to create a zone using huge size description') self.assertRaisesDns(lib_exc.BadRequest, 'invalid_object', 400, self.client.create_zone, description=dns_data_utils.rand_zone_name() * 10000)
def test_show_import_impersonate_another_project(self): LOG.info('Import zone "A" using primary client') zone_name = dns_data_utils.rand_zone_name( name="show_zone_import_impersonate", suffix=self.tld_name) zone_data = dns_data_utils.rand_zonefile_data(name=zone_name) zone_import = self.client.create_zone_import( zonefile_data=zone_data)[1] self.addCleanup(self.clean_up_resources, zone_import['id']) # Make sure we complete the import and have the zone_id for cleanup waiters.wait_for_zone_import_status(self.client, zone_import['id'], const.COMPLETE) LOG.info('Show a zone import for a Primary tenant, using Alt tenant. ' 'Expected:404 NotFound') self.assertRaises( lib_exc.NotFound, lambda: self.alt_client.show_zone_import(zone_import['id'])) LOG.info('Show a zone import for a Primary tenant using Alt tenant ' 'and "x-auth-sudo-project-id" HTTP header. ' 'Expected:403 Forbidden') self.assertRaises( lib_exc.Forbidden, lambda: self.alt_client.show_zone_import( zone_import['id'], headers={'x-auth-sudo-project-id': zone_import['project_id']})) LOG.info('Show a zone import for a Primary tenant, using Admin ' 'tenant and "x-auth-sudo-project-id" HTTP header.') resp_body = self.admin_client.show_zone_import( uuid=None, headers={'x-auth-sudo-project-id': zone_import['project_id']})[1] LOG.info('Show a zone import for a Primary tenant, using Admin ' 'tenant without "x-auth-sudo-project-id" HTTP header. ' 'Expected:404 NotFound') self.assertRaises( lib_exc.NotFound, lambda: self.admin_client.show_zone_import(zone_import['id'])) LOG.info('Ensure that the shown response matches the expected one') self.assertExpected(zone_import, resp_body['imports'][0], self.excluded_keys) # Test with x-auth-sudo-project-id header if CONF.dns_feature_enabled.enforce_new_defaults: expected_allowed = ['os_system_admin'] else: expected_allowed = ['os_admin'] self.check_list_show_RBAC_enforcement( 'ZoneImportsClient', 'show_zone_import', expected_allowed, False, zone_import['id'], headers={'x-auth-sudo-project-id': self.client.project_id})
def test_list_zone_exports_all_projects(self): LOG.info('Create a primary zone and its export') zone_name = dns_data_utils.rand_zone_name( name='list_zone_exports_all_projects', suffix=self.tld_name) primary_zone = self.zone_client.create_zone(name=zone_name)[1] self.addCleanup( self.wait_zone_delete, self.zone_client, primary_zone['id']) primary_export = self.client.create_zone_export(primary_zone['id'])[1] self.addCleanup(self.client.delete_zone_export, primary_export['id']) LOG.info('Create an alt zone and its export') alt_zone_name = dns_data_utils.rand_zone_name( name='list_zone_exports_all_projects_alt', suffix=self.tld_name) alt_zone = self.alt_zone_client.create_zone(name=alt_zone_name)[1] self.addCleanup( self.wait_zone_delete, self.alt_zone_client, alt_zone['id']) alt_export = self.alt_client.create_zone_export(alt_zone['id'])[1] self.addCleanup(self.alt_client.delete_zone_export, alt_export['id']) LOG.info('As admin user list zone exports for all projects') # Note: This is an all-projects list call, so other tests running # in parallel will impact the list result set. Since the default # pagination limit is only 20, we set a param limit of 1000 here. listed_exports_ids = [ item['id'] for item in self.admin_client.list_zone_exports( headers=self.all_projects_header, params={'limit': 1000})[1]['exports']] LOG.info('Make sure that all previously created zone ' 'export IDs are listed') for id in [primary_export['id'], alt_export['id']]: self.assertIn( id, listed_exports_ids, 'Failed, expected ID:{} was not found in ' 'listed IDs:{}'.format(id, listed_exports_ids)) # Test RBAC with x-auth-all-projects if CONF.dns_feature_enabled.enforce_new_defaults: expected_allowed = ['os_system_admin'] else: expected_allowed = ['os_admin'] self.check_list_IDs_RBAC_enforcement( 'ZoneExportsClient', 'list_zone_exports', expected_allowed, [alt_export['id']], headers=self.all_projects_header)
def test_create_tsigkey_for_zone_empty_secret(self): LOG.info('Create a zone resource') zone_name = dns_data_utils.rand_zone_name( name="create_tsigkey_empty_secret", suffix=self.tld_name) zone = self.zone_client.create_zone(name=zone_name)[1] self.addCleanup(self.wait_zone_delete, self.zone_client, zone['id']) tsigkey_data = { "name": dns_data_utils.rand_zone_name('Example_Key'), "algorithm": "hmac-sha256", "secret": '', "scope": "ZONE", "resource_id": zone['id'] } self.assertRaisesDns(lib_exc.BadRequest, 'invalid_object', 400, self.admin_client.create_tsigkey, tsigkey_data['resource_id'], tsigkey_data['name'], tsigkey_data['algorithm'], tsigkey_data['secret'], tsigkey_data['scope'])
def test_no_create_superdomain_by_alt_user(self): zone_name = dns_data_utils.rand_zone_name() LOG.info('Create a zone as a default user') _, zone = self.client.create_zone(name='a.b.' + zone_name) self.addCleanup(self.wait_zone_delete, self.client, zone['id']) LOG.info('Create a zone as an alt user with existing superdomain') self.assertRaises(lib_exc.Forbidden, self.alt_client.create_zone, name=zone_name)
def test_create_blacklist(self): LOG.info('Create a blacklist') blacklist = { 'pattern': dns_data_utils.rand_zone_name(), 'description': data_utils.rand_name(), } _, body = self.admin_client.create_blacklist(**blacklist) self.addCleanup(self.admin_client.delete_blacklist, body['id']) self.assertExpected(blacklist, body, self.excluded_keys)
def test_update_blacklist(self): LOG.info('Create a blacklist') _, blacklist = self.admin_client.create_blacklist() self.addCleanup(self.admin_client.delete_blacklist, blacklist['id']) LOG.info('Update the blacklist') pattern = dns_data_utils.rand_zone_name() description = data_utils.rand_name() _, body = self.admin_client.update_blacklist( uuid=blacklist['id'], pattern=pattern, description=description, ) LOG.info('Ensure we response with updated values') self.assertEqual(pattern, body['pattern']) self.assertEqual(description, body['description'])
def create_blacklist(self, pattern=None, description=None, params=None): """Create a blacklist :param pattern: The blacklist pattern. Default: Random Value :param description: A description of the blacklist. Default: Random Value :param params: A Python dict that represents the query paramaters to include in the request URI. :return: A tuple with the server response and the created blacklist. """ blacklist = { 'pattern': pattern or dns_data_utils.rand_zone_name(), 'description': description or data_utils.rand_name(), } resp, body = self._create_request('blacklists', blacklist, params=params) self.expected_success(201, resp.status) return resp, body