def test_create_zone_import_and_wait_for_zone(self): name = dns_data_utils.rand_zone_name('testimport') zonefile = dns_data_utils.rand_zonefile_data(name=name) LOG.info('Import zone %r', name) _, zone_import = self.client.create_zone_import(zonefile) self.addCleanup(self.client.delete_zone_import, zone_import['id']) LOG.info('Wait for the zone import to COMPLETE') waiters.wait_for_zone_import_status(self.client, zone_import['id'], "COMPLETE") LOG.info('Check the zone import looks good') _, zone_import = self.client.show_zone_import(zone_import['id']) self.assertEqual('COMPLETE', zone_import['status']) self.assertIsNotNone(zone_import['zone_id']) self.assertIsNotNone(zone_import['links'].get('zone')) LOG.info('Wait for the imported zone to go to ACTIVE') waiters.wait_for_zone_status(self.zones_client, zone_import['zone_id'], "ACTIVE") LOG.info('Check the imported zone looks good') _, zone = self.zones_client.show_zone(zone_import['zone_id']) self.assertEqual('NONE', zone['action']) self.assertEqual('ACTIVE', zone['status']) self.assertEqual(name, zone['name'])
def test_create_zone_import_invalid_name(self): LOG.info('Try to create a zone import using invalid name') zone_import = self.client.create_zone_import( zonefile_data=dns_data_utils.rand_zonefile_data(name='@@@'))[1] self.addCleanup(self.clean_up_resources, zone_import['id']) waiters.wait_for_zone_import_status(self.client, zone_import['id'], "ERROR")
def test_create_zone_import_and_wait_for_zone(self): name = dns_data_utils.rand_zone_name('testimport') zonefile = dns_data_utils.rand_zonefile_data(name=name) LOG.info('Import zone %r', name) _, zone_import = self.client.create_zone_import(zonefile) self.addCleanup(self.client.delete_zone_import, zone_import['id']) LOG.info('Wait for the zone import to COMPLETE') waiters.wait_for_zone_import_status(self.client, zone_import['id'], "COMPLETE") LOG.info('Check the zone import looks good') _, zone_import = self.client.show_zone_import(zone_import['id']) self.addCleanup(self.wait_zone_delete, self.zones_client, zone_import['zone_id']) self.assertEqual('COMPLETE', zone_import['status']) self.assertIsNotNone(zone_import['zone_id']) self.assertIsNotNone(zone_import['links'].get('zone')) LOG.info('Wait for the imported zone to go to ACTIVE') waiters.wait_for_zone_status(self.zones_client, zone_import['zone_id'], "ACTIVE") LOG.info('Check the imported zone looks good') _, zone = self.zones_client.show_zone(zone_import['zone_id']) self.assertEqual('NONE', zone['action']) self.assertEqual('ACTIVE', zone['status']) self.assertEqual(name, zone['name'])
def test_show_import_impersonate_another_project(self): LOG.info('Import zone "A" using primary client') zone_name = dns_data_utils.rand_zone_name( name="show_zone_import_impersonate", suffix=self.tld_name) zone_data = dns_data_utils.rand_zonefile_data(name=zone_name) zone_import = self.client.create_zone_import( zonefile_data=zone_data)[1] self.addCleanup(self.clean_up_resources, zone_import['id']) # Make sure we complete the import and have the zone_id for cleanup waiters.wait_for_zone_import_status(self.client, zone_import['id'], const.COMPLETE) LOG.info('Show a zone import for a Primary tenant, using Alt tenant. ' 'Expected:404 NotFound') self.assertRaises( lib_exc.NotFound, lambda: self.alt_client.show_zone_import(zone_import['id'])) LOG.info('Show a zone import for a Primary tenant using Alt tenant ' 'and "x-auth-sudo-project-id" HTTP header. ' 'Expected:403 Forbidden') self.assertRaises( lib_exc.Forbidden, lambda: self.alt_client.show_zone_import( zone_import['id'], headers={'x-auth-sudo-project-id': zone_import['project_id']})) LOG.info('Show a zone import for a Primary tenant, using Admin ' 'tenant and "x-auth-sudo-project-id" HTTP header.') resp_body = self.admin_client.show_zone_import( uuid=None, headers={'x-auth-sudo-project-id': zone_import['project_id']})[1] LOG.info('Show a zone import for a Primary tenant, using Admin ' 'tenant without "x-auth-sudo-project-id" HTTP header. ' 'Expected:404 NotFound') self.assertRaises( lib_exc.NotFound, lambda: self.admin_client.show_zone_import(zone_import['id'])) LOG.info('Ensure that the shown response matches the expected one') self.assertExpected(zone_import, resp_body['imports'][0], self.excluded_keys) # Test with x-auth-sudo-project-id header if CONF.dns_feature_enabled.enforce_new_defaults: expected_allowed = ['os_system_admin'] else: expected_allowed = ['os_admin'] self.check_list_show_RBAC_enforcement( 'ZoneImportsClient', 'show_zone_import', expected_allowed, False, zone_import['id'], headers={'x-auth-sudo-project-id': self.client.project_id})
def test_create_zone_import_invalid_ttl(self): LOG.info('Try to create a zone import using invalid TTL value') zone_name = dns_data_utils.rand_zone_name( name="create_zone_import_invalid_ttl", suffix=self.tld_name) zone_data = dns_data_utils.rand_zonefile_data(name=zone_name, ttl='zahlabut') zone_import = self.client.create_zone_import( zonefile_data=zone_data)[1] self.addCleanup(self.clean_up_resources, zone_import['id']) waiters.wait_for_zone_import_status(self.client, zone_import['id'], "ERROR")
def test_list_import_zones_all_projects(self): LOG.info('Create import zone "A" using primary client') zone_name = dns_data_utils.rand_zone_name( name="_zone_imports_all_projects", suffix=self.tld_name) zone_data = dns_data_utils.rand_zonefile_data(name=zone_name) zone_import = self.client.create_zone_import( zonefile_data=zone_data)[1] self.addCleanup(self.clean_up_resources, zone_import['id']) # Make sure we complete the import and have the zone_id for cleanup waiters.wait_for_zone_import_status(self.client, zone_import['id'], const.COMPLETE) LOG.info('As Alt user list import zones for a Primary tenant, ' 'using "x-auth-sudo-project-id" HTTP header. ' 'Expected: 403 Forbidden') self.assertRaises( lib_exc.Forbidden, lambda: self.alt_client.list_zone_imports( headers={'x-auth-sudo-project-id': zone_import['project_id']})) LOG.info('As Alt tenant list zone imports for all projects, using ' '"x-auth-all-projects" HTTP header, Expected: 403 Forbidden') self.assertRaises( lib_exc.Forbidden, lambda: self.alt_client.list_zone_imports( headers=self.all_projects_header)) LOG.info('As Admin tenant list import zones for all projects') # Note: This is an all-projects list call, so other tests running # in parallel will impact the list result set. Since the default # pagination limit is only 20, we set a param limit of 1000 here. body = self.admin_client.list_zone_imports( headers=self.all_projects_header, params={'limit': 1000})[1]['imports'] LOG.info('Ensure the fetched response includes previously ' 'created import ID') listed_zone_import_ids = [item['id'] for item in body] self.assertIn( zone_import['id'], listed_zone_import_ids, "Failed, expected import ID:{} wasn't found in " "listed import IDs".format(zone_import['id'], listed_zone_import_ids)) # Test RBAC with x-auth-all-projects if CONF.dns_feature_enabled.enforce_new_defaults: expected_allowed = ['os_system_admin'] else: expected_allowed = ['os_admin'] self.check_list_IDs_RBAC_enforcement('ZoneImportsClient', 'list_zone_imports', expected_allowed, [zone_import['id']], headers=self.all_projects_header)
def test_list_zones_imports(self): LOG.info('Create a zone import') zone_name = dns_data_utils.rand_zone_name(name="list_zone_imports", suffix=self.tld_name) zone_data = dns_data_utils.rand_zonefile_data(name=zone_name) zone_import = self.client.create_zone_import( zonefile_data=zone_data)[1] self.addCleanup(self.clean_up_resources, zone_import['id']) # Make sure we complete the import and have the zone_id for cleanup waiters.wait_for_zone_import_status(self.client, zone_import['id'], const.COMPLETE) LOG.info('List zones imports') body = self.client.list_zone_imports()[1] self.assertGreater(len(body['imports']), 0) # TODO(johnsom) Test reader role once this bug is fixed: # https://bugs.launchpad.net/tempest/+bug/1964509 # Test RBAC - Users that are allowed to call list, but should get # zero zones. if CONF.dns_feature_enabled.enforce_new_defaults: expected_allowed = [ 'os_system_admin', 'os_system_reader', 'os_admin', 'os_project_member', 'os_project_reader' ] else: expected_allowed = ['os_alt'] self.check_list_RBAC_enforcement_count('ZoneImportsClient', 'list_zone_imports', expected_allowed, 0) # Test that users who should see the zone, can see it. expected_allowed = ['os_primary'] self.check_list_IDs_RBAC_enforcement('ZoneImportsClient', 'list_zone_imports', expected_allowed, [zone_import['id']]) # Test RBAC with x-auth-sudo-project-id header if CONF.dns_feature_enabled.enforce_new_defaults: expected_allowed = ['os_system_admin'] else: expected_allowed = ['os_admin'] self.check_list_IDs_RBAC_enforcement( 'ZoneImportsClient', 'list_zone_imports', expected_allowed, [zone_import['id']], headers={'x-auth-sudo-project-id': self.client.project_id})
def test_delete_zone_import(self): LOG.info('Create a zone import') zone_name = dns_data_utils.rand_zone_name(name="delete_zone_import", suffix=self.tld_name) zone_data = dns_data_utils.rand_zonefile_data(name=zone_name) zone_import = self.client.create_zone_import( zonefile_data=zone_data)[1] waiters.wait_for_zone_import_status(self.client, zone_import['id'], const.COMPLETE) zone_import = self.client.show_zone_import(zone_import['id'])[1] self.addCleanup(self.wait_zone_delete, self.zone_client, zone_import['zone_id']) # Test RBAC expected_allowed = ['os_admin', 'os_primary'] if CONF.dns_feature_enabled.enforce_new_defaults: expected_allowed.append('os_system_admin') self.check_CUD_RBAC_enforcement('ZoneImportsClient', 'delete_zone_import', expected_allowed, True, zone_import['id']) # Test RBAC with x-auth-all-projects and x-auth-sudo-project-id header expected_allowed = ['os_admin', 'os_primary'] if CONF.dns_feature_enabled.enforce_new_defaults: expected_allowed.append('os_system_admin') self.check_CUD_RBAC_enforcement('ZoneImportsClient', 'delete_zone_import', expected_allowed, False, zone_import['id'], headers=self.all_projects_header) self.check_CUD_RBAC_enforcement( 'ZoneImportsClient', 'delete_zone_import', expected_allowed, False, zone_import['id'], headers={'x-auth-sudo-project-id': self.client.project_id}) LOG.info('Delete the zone') resp, body = self.client.delete_zone_import(zone_import['id']) LOG.info('Ensure successful deletion of imported zones') self.assertRaises( lib_exc.NotFound, lambda: self.client.show_zone_import(zone_import['id']))
def test_create_zone_import(self): LOG.info('Create a zone import') zone_name = dns_data_utils.rand_zone_name(name="create_zone_import", suffix=self.tld_name) zone_data = dns_data_utils.rand_zonefile_data(name=zone_name) zone_import = self.client.create_zone_import( zonefile_data=zone_data)[1] self.addCleanup(self.clean_up_resources, zone_import['id']) # Make sure we complete the import and have the zone_id for cleanup waiters.wait_for_zone_import_status(self.client, zone_import['id'], const.COMPLETE) # Test with no extra header overrides (sudo-project-id) expected_allowed = ['os_admin', 'os_primary', 'os_alt'] if CONF.dns_feature_enabled.enforce_new_defaults: expected_allowed.append('os_system_admin') expected_allowed.append('os_project_member') self.check_CUD_RBAC_enforcement('ZoneImportsClient', 'create_zone_import', expected_allowed, False)
def create_zone_import(self, zonefile_data=None, params=None, wait_until=None): """Create a zone import. :param zonefile_data: A tuple that represents zone data. :param params: A Python dict that represents the query paramaters to include in the request URI. :return: Serialized imported zone as a dictionary. """ headers = {'Content-Type': 'text/dns'} zone_data = zonefile_data or dns_data_utils.rand_zonefile_data() resp, body = self._create_request( 'zones/tasks/imports', zone_data, headers=headers) # Create Zone should Return a HTTP 202 self.expected_success(202, resp.status) if wait_until: waiters.wait_for_zone_import_status(self, body['id'], wait_until) return resp, body
def test_show_zone_import(self): LOG.info('Create a zone import') zone_name = dns_data_utils.rand_zone_name(name="show_zone_import", suffix=self.tld_name) zone_data = dns_data_utils.rand_zonefile_data(name=zone_name) zone_import = self.client.create_zone_import( zonefile_data=zone_data)[1] self.addCleanup(self.clean_up_resources, zone_import['id']) # Make sure we complete the import and have the zone_id for cleanup waiters.wait_for_zone_import_status(self.client, zone_import['id'], const.COMPLETE) LOG.info('Re-Fetch the zone import') resp, body = self.client.show_zone_import(zone_import['id']) LOG.info('Ensure the fetched response matches the expected one') self.assertExpected(zone_import, body, self.excluded_keys) # TODO(johnsom) Test reader roles once this bug is fixed. # https://bugs.launchpad.net/tempest/+bug/1964509 # Test with no extra header overrides (all_projects, sudo-project-id) expected_allowed = ['os_primary'] self.check_list_show_RBAC_enforcement('ZoneImportsClient', 'show_zone_import', expected_allowed, True, zone_import['id']) # Test with x-auth-all-projects if CONF.dns_feature_enabled.enforce_new_defaults: expected_allowed = ['os_system_admin'] else: expected_allowed = ['os_admin'] self.check_list_show_RBAC_enforcement('ZoneImportsClient', 'show_zone_import', expected_allowed, False, zone_import['id'], headers=self.all_projects_header)
def create_zone_import(self, zonefile_data=None, params=None, wait_until=None): """Create a zone import. :param zonefile_data: A tuple that represents zone data. :param params: A Python dict that represents the query paramaters to include in the request URI. :return: Serialized imported zone as a dictionary. """ headers = {'Content-Type': 'text/dns'} zone_data = zonefile_data or dns_data_utils.rand_zonefile_data() resp, body = self._create_request('zones/tasks/imports', zone_data, headers=headers) # Create Zone should Return a HTTP 202 self.expected_success(202, resp.status) if wait_until: waiters.wait_for_zone_import_status(self, body['id'], wait_until) return resp, body