class SharedZoneTestContext(object): """ Creates multiple zones to test authorization / access to shared zones across users """ def __init__(self): self.ok_vinyldns_client = VinylDNSClient(VinylDNSTestContext.vinyldns_url, 'okAccessKey', 'okSecretKey') self.dummy_vinyldns_client = VinylDNSClient(VinylDNSTestContext.vinyldns_url, 'dummyAccessKey', 'dummySecretKey') self.shared_zone_vinyldns_client = VinylDNSClient(VinylDNSTestContext.vinyldns_url, 'sharedZoneUserAccessKey', 'sharedZoneUserSecretKey') self.dummy_group = None self.ok_group = None self.shared_record_group = None self.tear_down() # ensures that the environment is clean before starting try: ok_group = { 'name': 'ok-group', 'email': '*****@*****.**', 'description': 'this is a description', 'members': [ { 'id': 'ok'} ], 'admins': [ { 'id': 'ok'} ] } self.ok_group = self.ok_vinyldns_client.create_group(ok_group, status=200) # in theory this shouldn't be needed, but getting 'user is not in group' errors on zone creation self.confirm_member_in_group(self.ok_vinyldns_client, self.ok_group) dummy_group = { 'name': 'dummy-group', 'email': '*****@*****.**', 'description': 'this is a description', 'members': [ { 'id': 'dummy'} ], 'admins': [ { 'id': 'dummy'} ] } self.dummy_group = self.dummy_vinyldns_client.create_group(dummy_group, status=200) # in theory this shouldn't be needed, but getting 'user is not in group' errors on zone creation self.confirm_member_in_group(self.dummy_vinyldns_client, self.dummy_group) shared_record_group = { 'name': 'record-ownergroup', 'email': '*****@*****.**', 'description': 'this is a description', 'members': [ { 'id': 'sharedZoneUser'}, { 'id': 'ok'} ], 'admins': [ { 'id': 'sharedZoneUser'}, { 'id': 'ok'} ] } self.shared_record_group = self.ok_vinyldns_client.create_group(shared_record_group, status=200) ok_zone_change = self.ok_vinyldns_client.create_zone( { 'name': 'ok.', 'email': '*****@*****.**', 'shared': False, 'adminGroupId': self.ok_group['id'], 'isTest': True, 'connection': { 'name': 'ok.', 'keyName': VinylDNSTestContext.dns_key_name, 'key': VinylDNSTestContext.dns_key, 'primaryServer': VinylDNSTestContext.dns_ip }, 'transferConnection': { 'name': 'ok.', 'keyName': VinylDNSTestContext.dns_key_name, 'key': VinylDNSTestContext.dns_key, 'primaryServer': VinylDNSTestContext.dns_ip } }, status=202) self.ok_zone = ok_zone_change['zone'] dummy_zone_change = self.dummy_vinyldns_client.create_zone( { 'name': 'dummy.', 'email': '*****@*****.**', 'shared': False, 'adminGroupId': self.dummy_group['id'], 'isTest': True, 'connection': { 'name': 'dummy.', 'keyName': VinylDNSTestContext.dns_key_name, 'key': VinylDNSTestContext.dns_key, 'primaryServer': VinylDNSTestContext.dns_ip }, 'transferConnection': { 'name': 'dummy.', 'keyName': VinylDNSTestContext.dns_key_name, 'key': VinylDNSTestContext.dns_key, 'primaryServer': VinylDNSTestContext.dns_ip } }, status=202) self.dummy_zone = dummy_zone_change['zone'] ip6_reverse_zone_change = self.ok_vinyldns_client.create_zone( { 'name': '1.9.e.f.c.c.7.2.9.6.d.f.ip6.arpa.', 'email': '*****@*****.**', 'shared': False, 'adminGroupId': self.ok_group['id'], 'isTest': True, 'connection': { 'name': 'ip6.', 'keyName': VinylDNSTestContext.dns_key_name, 'key': VinylDNSTestContext.dns_key, 'primaryServer': VinylDNSTestContext.dns_ip }, 'transferConnection': { 'name': 'ip6.', 'keyName': VinylDNSTestContext.dns_key_name, 'key': VinylDNSTestContext.dns_key, 'primaryServer': VinylDNSTestContext.dns_ip } }, status=202 ) self.ip6_reverse_zone = ip6_reverse_zone_change['zone'] ip4_reverse_zone_change = self.ok_vinyldns_client.create_zone( { 'name': '30.172.in-addr.arpa.', 'email': '*****@*****.**', 'shared': False, 'adminGroupId': self.ok_group['id'], 'isTest': True, 'connection': { 'name': 'ip4.', 'keyName': VinylDNSTestContext.dns_key_name, 'key': VinylDNSTestContext.dns_key, 'primaryServer': VinylDNSTestContext.dns_ip }, 'transferConnection': { 'name': 'ip4.', 'keyName': VinylDNSTestContext.dns_key_name, 'key': VinylDNSTestContext.dns_key, 'primaryServer': VinylDNSTestContext.dns_ip } }, status=202 ) self.ip4_reverse_zone = ip4_reverse_zone_change['zone'] classless_base_zone_change = self.ok_vinyldns_client.create_zone( { 'name': '2.0.192.in-addr.arpa.', 'email': '*****@*****.**', 'shared': False, 'adminGroupId': self.ok_group['id'], 'isTest': True, 'connection': { 'name': 'classless-base.', 'keyName': VinylDNSTestContext.dns_key_name, 'key': VinylDNSTestContext.dns_key, 'primaryServer': VinylDNSTestContext.dns_ip }, 'transferConnection': { 'name': 'classless-base.', 'keyName': VinylDNSTestContext.dns_key_name, 'key': VinylDNSTestContext.dns_key, 'primaryServer': VinylDNSTestContext.dns_ip } }, status=202 ) self.classless_base_zone = classless_base_zone_change['zone'] classless_zone_delegation_change = self.ok_vinyldns_client.create_zone( { 'name': '192/30.2.0.192.in-addr.arpa.', 'email': '*****@*****.**', 'shared': False, 'adminGroupId': self.ok_group['id'], 'isTest': True, 'connection': { 'name': 'classless.', 'keyName': VinylDNSTestContext.dns_key_name, 'key': VinylDNSTestContext.dns_key, 'primaryServer': VinylDNSTestContext.dns_ip }, 'transferConnection': { 'name': 'classless.', 'keyName': VinylDNSTestContext.dns_key_name, 'key': VinylDNSTestContext.dns_key, 'primaryServer': VinylDNSTestContext.dns_ip } }, status=202 ) self.classless_zone_delegation_zone = classless_zone_delegation_change['zone'] system_test_zone_change = self.ok_vinyldns_client.create_zone( { 'name': 'system-test.', 'email': '*****@*****.**', 'shared': False, 'adminGroupId': self.ok_group['id'], 'isTest': True, 'connection': { 'name': 'system-test.', 'keyName': VinylDNSTestContext.dns_key_name, 'key': VinylDNSTestContext.dns_key, 'primaryServer': VinylDNSTestContext.dns_ip }, 'transferConnection': { 'name': 'system-test.', 'keyName': VinylDNSTestContext.dns_key_name, 'key': VinylDNSTestContext.dns_key, 'primaryServer': VinylDNSTestContext.dns_ip } }, status=202 ) self.system_test_zone = system_test_zone_change['zone'] # parent zone gives access to the dummy user, dummy user cannot manage ns records parent_zone_change = self.ok_vinyldns_client.create_zone( { 'name': 'parent.com.', 'email': '*****@*****.**', 'shared': False, 'adminGroupId': self.ok_group['id'], 'isTest': True, 'acl': { 'rules': [ { 'accessLevel': 'Delete', 'description': 'some_test_rule', 'userId': 'dummy' } ] }, 'connection': { 'name': 'parent.', 'keyName': VinylDNSTestContext.dns_key_name, 'key': VinylDNSTestContext.dns_key, 'primaryServer': VinylDNSTestContext.dns_ip }, 'transferConnection': { 'name': 'parent.', 'keyName': VinylDNSTestContext.dns_key_name, 'key': VinylDNSTestContext.dns_key, 'primaryServer': VinylDNSTestContext.dns_ip } }, status=202) self.parent_zone = parent_zone_change['zone'] shared_zone_change = self.set_up_shared_zone('shared-zone') self.shared_zone = shared_zone_change['zone'] non_test_shared_zone_change = self.set_up_shared_zone('non-test-shared-zone') self.non_test_shared_zone = non_test_shared_zone_change['zone'] # wait until our zones are created self.ok_vinyldns_client.wait_until_zone_exists(system_test_zone_change) self.ok_vinyldns_client.wait_until_zone_exists(ok_zone_change) self.dummy_vinyldns_client.wait_until_zone_exists(dummy_zone_change) self.ok_vinyldns_client.wait_until_zone_exists(ip6_reverse_zone_change) self.ok_vinyldns_client.wait_until_zone_exists(ip4_reverse_zone_change) self.ok_vinyldns_client.wait_until_zone_exists(classless_base_zone_change) self.ok_vinyldns_client.wait_until_zone_exists(classless_zone_delegation_change) self.ok_vinyldns_client.wait_until_zone_exists(system_test_zone_change) self.ok_vinyldns_client.wait_until_zone_exists(parent_zone_change) self.shared_zone_vinyldns_client.wait_until_zone_change_status_synced(shared_zone_change) shared_sync_change = self.shared_zone_vinyldns_client.sync_zone(self.shared_zone['id']) self.shared_zone_vinyldns_client.wait_until_zone_change_status_synced(non_test_shared_zone_change) non_test_shared_sync_change = self.shared_zone_vinyldns_client.sync_zone(self.non_test_shared_zone['id']) self.shared_zone_vinyldns_client.wait_until_zone_change_status_synced(shared_sync_change) self.shared_zone_vinyldns_client.wait_until_zone_change_status_synced(non_test_shared_sync_change) # validate all in there zones = self.dummy_vinyldns_client.list_zones()['zones'] assert_that(len(zones), is_(2)) zones = self.ok_vinyldns_client.list_zones()['zones'] assert_that(len(zones), is_(7)) zones = self.shared_zone_vinyldns_client.list_zones()['zones'] assert_that(len(zones), is_(2)) except: # teardown if there was any issue in setup try: self.tear_down() except: pass raise def set_up_shared_zone(self, zone_id): # shared zones are created through test data loader, but needs connection info added here to use get_shared_zone = self.shared_zone_vinyldns_client.get_zone(zone_id) shared_zone = get_shared_zone['zone'] connection_info = { 'name': 'shared.', 'keyName': VinylDNSTestContext.dns_key_name, 'key': VinylDNSTestContext.dns_key, 'primaryServer': VinylDNSTestContext.dns_ip } shared_zone['connection'] = connection_info shared_zone['transferConnection'] = connection_info return self.shared_zone_vinyldns_client.update_zone(shared_zone, status=202) def tear_down(self): """ The ok_vinyldns_client is a zone admin on _all_ the zones. We shouldn't have to do any checks now, as zone admins have full rights to all zones, including deleting all records (even in the old shared model) """ clear_zones(self.dummy_vinyldns_client) clear_zones(self.ok_vinyldns_client) clear_groups(self.dummy_vinyldns_client) clear_groups(self.ok_vinyldns_client) def confirm_member_in_group(self, client, group): retries = 2 success = group in client.list_all_my_groups(status=200) while retries >= 0 and not success: success = group in client.list_all_my_groups(status=200) time.sleep(.05) retries -= 1 assert_that(success, is_(True))
class ListZonesTestContext(object): def __init__(self): self.client = VinylDNSClient(VinylDNSTestContext.vinyldns_url, 'listZonesAccessKey', 'listZonesSecretKey') self.tear_down() # ensures that the environment is clean before starting try: group = { 'name': 'list-zones-group', 'email': '*****@*****.**', 'description': 'this is a description', 'members': [ { 'id': 'list-zones-user'} ], 'admins': [ { 'id': 'list-zones-user'} ] } self.list_zones_group = self.client.create_group(group, status=200) search_zone_1_change = self.client.create_zone( { 'name': 'list-zones-test-searched-1.', 'email': '*****@*****.**', 'shared': False, 'adminGroupId': self.list_zones_group['id'], 'isTest': True, 'connection': { 'name': 'vinyldns.', 'keyName': VinylDNSTestContext.dns_key_name, 'key': VinylDNSTestContext.dns_key, 'primaryServer': VinylDNSTestContext.dns_ip }, 'transferConnection': { 'name': 'vinyldns.', 'keyName': VinylDNSTestContext.dns_key_name, 'key': VinylDNSTestContext.dns_key, 'primaryServer': VinylDNSTestContext.dns_ip } }, status=202) self.search_zone_1 = search_zone_1_change['zone'] search_zone_2_change = self.client.create_zone( { 'name': 'list-zones-test-searched-2.', 'email': '*****@*****.**', 'shared': False, 'adminGroupId': self.list_zones_group['id'], 'isTest': True, 'connection': { 'name': 'vinyldns.', 'keyName': VinylDNSTestContext.dns_key_name, 'key': VinylDNSTestContext.dns_key, 'primaryServer': VinylDNSTestContext.dns_ip }, 'transferConnection': { 'name': 'vinyldns.', 'keyName': VinylDNSTestContext.dns_key_name, 'key': VinylDNSTestContext.dns_key, 'primaryServer': VinylDNSTestContext.dns_ip } }, status=202) self.search_zone_2 = search_zone_2_change['zone'] search_zone_3_change = self.client.create_zone( { 'name': 'list-zones-test-searched-3.', 'email': '*****@*****.**', 'shared': False, 'adminGroupId': self.list_zones_group['id'], 'isTest': True, 'connection': { 'name': 'vinyldns.', 'keyName': VinylDNSTestContext.dns_key_name, 'key': VinylDNSTestContext.dns_key, 'primaryServer': VinylDNSTestContext.dns_ip }, 'transferConnection': { 'name': 'vinyldns.', 'keyName': VinylDNSTestContext.dns_key_name, 'key': VinylDNSTestContext.dns_key, 'primaryServer': VinylDNSTestContext.dns_ip } }, status=202) self.search_zone_3 = search_zone_3_change['zone'] non_search_zone_1_change = self.client.create_zone( { 'name': 'list-zones-test-unfiltered-1.', 'email': '*****@*****.**', 'shared': False, 'adminGroupId': self.list_zones_group['id'], 'isTest': True, 'connection': { 'name': 'vinyldns.', 'keyName': VinylDNSTestContext.dns_key_name, 'key': VinylDNSTestContext.dns_key, 'primaryServer': VinylDNSTestContext.dns_ip }, 'transferConnection': { 'name': 'vinyldns.', 'keyName': VinylDNSTestContext.dns_key_name, 'key': VinylDNSTestContext.dns_key, 'primaryServer': VinylDNSTestContext.dns_ip } }, status=202) self.non_search_zone_1 = non_search_zone_1_change['zone'] non_search_zone_2_change = self.client.create_zone( { 'name': 'list-zones-test-unfiltered-2.', 'email': '*****@*****.**', 'shared': False, 'adminGroupId': self.list_zones_group['id'], 'isTest': True, 'connection': { 'name': 'vinyldns.', 'keyName': VinylDNSTestContext.dns_key_name, 'key': VinylDNSTestContext.dns_key, 'primaryServer': VinylDNSTestContext.dns_ip }, 'transferConnection': { 'name': 'vinyldns.', 'keyName': VinylDNSTestContext.dns_key_name, 'key': VinylDNSTestContext.dns_key, 'primaryServer': VinylDNSTestContext.dns_ip } }, status=202) self.non_search_zone_2 = non_search_zone_2_change['zone'] self.zone_ids = [self.search_zone_1['id'], self.search_zone_2['id'], self.search_zone_3['id'], self.non_search_zone_1['id'], self.non_search_zone_2['id']] zone_changes = [search_zone_1_change, search_zone_2_change, search_zone_3_change, non_search_zone_1_change, non_search_zone_2_change] for change in zone_changes: self.client.wait_until_zone_exists(change) except: # teardown if there was any issue in setup try: self.tear_down() except: pass raise def tear_down(self): clear_zones(self.client) clear_groups(self.client)
class ZoneHistoryContext(object): """ Creates a zone with multiple zone changes and record set changes """ def __init__(self): self.client = VinylDNSClient(VinylDNSTestContext.vinyldns_url, 'history-key', 'history-secret') self.tear_down() self.group = None group = { 'name': 'history-group', 'email': '*****@*****.**', 'description': 'this is a description', 'members': [{ 'id': 'history-id' }], 'admins': [{ 'id': 'history-id' }] } self.group = self.client.create_group(group, status=200) # in theory this shouldn't be needed, but getting 'user is not in group' errors on zone creation self.confirm_member_in_group(self.client, self.group) zone_change = self.client.create_zone( { 'name': 'system-test-history.', 'email': '*****@*****.**', 'shared': True, 'adminGroupId': self.group['id'], 'connection': { 'name': 'vinyldns.', 'keyName': VinylDNSTestContext.dns_key_name, 'key': VinylDNSTestContext.dns_key, 'primaryServer': VinylDNSTestContext.dns_ip }, 'transferConnection': { 'name': 'vinyldns.', 'keyName': VinylDNSTestContext.dns_key_name, 'key': VinylDNSTestContext.dns_key, 'primaryServer': VinylDNSTestContext.dns_ip } }, status=202) self.zone = zone_change['zone'] self.client.wait_until_zone_exists(zone_change) # change the zone nine times to we have update events in zone change history, ten total changes including creation for i in range(2, 11): zone_update = dict(self.zone) zone_update['connection']['key'] = VinylDNSTestContext.dns_key zone_update['transferConnection'][ 'key'] = VinylDNSTestContext.dns_key zone_update[ 'email'] = 'i.changed.this.{0}[email protected]'.format( i) zone_update = self.client.update_zone(zone_update, status=202)['zone'] # create some record sets (achange, a_record) = self.create_recordset(TestData.A) (aaaachange, aaaa_record) = self.create_recordset(TestData.AAAA) (cnamechange, cname_record) = self.create_recordset(TestData.CNAME) # wait here for all the record sets to be created self.client.wait_until_recordset_exists(a_record['zoneId'], a_record['id']) self.client.wait_until_recordset_exists(aaaa_record['zoneId'], aaaa_record['id']) self.client.wait_until_recordset_exists(cname_record['zoneId'], cname_record['id']) # update the record sets a_record_update = dict(a_record) a_record_update['ttl'] += 100 a_record_update['records'][0]['address'] = '9.9.9.9' (achange, a_record_update) = self.update_recordset(a_record_update) aaaa_record_update = dict(aaaa_record) aaaa_record_update['ttl'] += 100 aaaa_record_update['records'][0]['address'] = '2003:db8:0:0:0:0:0:4' (aaaachange, aaaa_record_update) = self.update_recordset(aaaa_record_update) cname_record_update = dict(cname_record) cname_record_update['ttl'] += 100 cname_record_update['records'][0]['cname'] = 'changed-cname.' (cnamechange, cname_record_update) = self.update_recordset(cname_record_update) self.client.wait_until_recordset_change_status(achange, 'Complete') self.client.wait_until_recordset_change_status(aaaachange, 'Complete') self.client.wait_until_recordset_change_status(cnamechange, 'Complete') # delete the recordsets self.delete_recordset(a_record) self.delete_recordset(aaaa_record) self.delete_recordset(cname_record) self.client.wait_until_recordset_deleted(a_record['zoneId'], a_record['id']) self.client.wait_until_recordset_deleted(aaaa_record['zoneId'], aaaa_record['id']) self.client.wait_until_recordset_deleted(cname_record['zoneId'], cname_record['id']) # the resulting context should contain all of the parts so it makes it simple to test self.results = { 'zone': self.zone, 'zoneUpdate': zone_update, 'creates': [a_record, aaaa_record, cname_record], 'updates': [a_record_update, aaaa_record_update, cname_record_update] } # finalizer called by py.test when the simulation is torn down def tear_down(self): self.clear_zones() self.clear_group() def clear_group(self): groups = self.client.list_all_my_groups() group_ids = map(lambda x: x['id'], groups) for group_id in group_ids: self.client.delete_group(group_id, status=200) def clear_zones(self): # Get the groups for the ok user groups = self.client.list_all_my_groups() group_ids = map(lambda x: x['id'], groups) zones = self.client.list_zones()['zones'] # we only want to delete zones that the ok user "owns" zones_to_delete = filter( lambda x: (x['adminGroupId'] in group_ids) or (x['account'] in group_ids), zones) zone_names_to_delete = map(lambda x: x['name'], zones_to_delete) zoneids_to_delete = map(lambda x: x['id'], zones_to_delete) self.client.abandon_zones(zoneids_to_delete) def create_recordset(self, rs): rs['zoneId'] = self.zone['id'] result = self.client.create_recordset(rs, status=202) return result, result['recordSet'] def update_recordset(self, rs): rs['zoneId'] = self.zone['id'] result = self.client.update_recordset(rs, status=202) return result, result['recordSet'] def delete_recordset(self, rs): result = self.client.delete_recordset(self.zone['id'], rs['id'], status=202) return result, result['recordSet'] def confirm_member_in_group(self, client, group): retries = 2 success = group in client.list_all_my_groups(status=200) while retries >= 0 and not success: success = group in client.list_all_my_groups(status=200) time.sleep(.05) retries -= 1 assert_that(success, is_(True))