Merge "New negative test cases for "pool" test suite"
diff --git a/designate_tempest_plugin/clients.py b/designate_tempest_plugin/clients.py
index 87b43c4..6fbfc05 100644
--- a/designate_tempest_plugin/clients.py
+++ b/designate_tempest_plugin/clients.py
@@ -47,6 +47,10 @@
import TransferAcceptClient
from designate_tempest_plugin.services.dns.v2.json.tsigkey_client \
import TsigkeyClient
+from designate_tempest_plugin.services.dns.v2.json.service_client \
+ import SevriceClient
+from designate_tempest_plugin.services.dns.v2.json.designate_limit_client \
+ import DesignateLimitClient
CONF = config.CONF
@@ -93,6 +97,8 @@
self.transfer_request_client = TransferRequestClient(**params)
self.transfer_accept_client = TransferAcceptClient(**params)
self.tsigkey_client = TsigkeyClient(**params)
+ self.service_client = SevriceClient(**params)
+ self.designate_limit_client = DesignateLimitClient(**params)
self.query_client = QueryClient(
nameservers=CONF.dns.nameservers,
diff --git a/designate_tempest_plugin/common/constants.py b/designate_tempest_plugin/common/constants.py
new file mode 100644
index 0000000..84ee5ae
--- /dev/null
+++ b/designate_tempest_plugin/common/constants.py
@@ -0,0 +1,25 @@
+# Copyright 2021 Red Hat.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# Designate statuses strings
+PENDING = 'PENDING'
+COMPLETE = 'COMPLETE'
+ERROR = 'ERROR'
+DELETED = 'DELETED'
+ACTIVE = 'ACTIVE'
+UP = 'UP'
+
+# Zone types
+PRIMARY_ZONE_TYPE = 'PRIMARY'
+SECONDARY_ZONE_TYPE = 'SECONDARY'
diff --git a/designate_tempest_plugin/services/dns/json/base.py b/designate_tempest_plugin/services/dns/json/base.py
index c478654..1f12642 100644
--- a/designate_tempest_plugin/services/dns/json/base.py
+++ b/designate_tempest_plugin/services/dns/json/base.py
@@ -63,12 +63,15 @@
return json.dumps(data)
def deserialize(self, resp, object_str):
- if 'application/json' in resp['content-type']:
- return json.loads(object_str)
- elif 'text/dns' in resp['content-type']:
- return models.ZoneFile.from_text(object_str.decode("utf-8"))
+ if 'content-type' in resp.keys():
+ if 'application/json' in resp['content-type']:
+ return json.loads(object_str)
+ elif 'text/dns' in resp['content-type']:
+ return models.ZoneFile.from_text(object_str.decode("utf-8"))
+ else:
+ raise lib_exc.InvalidContentType()
else:
- raise lib_exc.InvalidContentType()
+ return None
@classmethod
def expected_success(cls, expected_code, read_code):
@@ -103,7 +106,8 @@
params=params)
def _create_request(self, resource, data=None, params=None,
- headers=None, extra_headers=False):
+ headers=None, extra_headers=False,
+ expected_statuses=None):
"""Create an object of the specified type.
:param resource: The name of the REST resource, e.g., 'zones'.
:param data: A Python dict that represents an object of the
@@ -117,6 +121,9 @@
method are to be used but additional
headers are needed in the request
pass them in as a dict.
+ :param expected_statuses: If set, it will override the default expected
+ statuses list with the status codes provided
+ by caller function
:returns: A tuple with the server response and the deserialized created
object.
"""
@@ -125,7 +132,11 @@
resp, body = self.post(uri, body=body, headers=headers,
extra_headers=extra_headers)
- self.expected_success(self.CREATE_STATUS_CODES, resp.status)
+
+ if expected_statuses is None:
+ self.expected_success(self.CREATE_STATUS_CODES, resp.status)
+ else:
+ self.expected_success(expected_statuses, resp.status)
return resp, self.deserialize(resp, body)
diff --git a/designate_tempest_plugin/services/dns/v2/json/designate_limit_client.py b/designate_tempest_plugin/services/dns/v2/json/designate_limit_client.py
new file mode 100644
index 0000000..a4e3aef
--- /dev/null
+++ b/designate_tempest_plugin/services/dns/v2/json/designate_limit_client.py
@@ -0,0 +1,27 @@
+# Copyright 2021 Red Hat.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+from designate_tempest_plugin.services.dns.v2.json import base
+
+
+class DesignateLimitClient(base.DnsClientV2Base):
+
+ @base.handle_errors
+ def list_designate_limits(self, headers=None):
+ """Show the limits for Designate fields
+
+ :param headers: (dict): The headers to use for the request.
+ :return: Dictionary of limits
+ """
+ return self._list_request(
+ 'limits', headers=headers)[1]
diff --git a/designate_tempest_plugin/services/dns/v2/json/recordset_client.py b/designate_tempest_plugin/services/dns/v2/json/recordset_client.py
index 19f58d3..33e9ee2 100644
--- a/designate_tempest_plugin/services/dns/v2/json/recordset_client.py
+++ b/designate_tempest_plugin/services/dns/v2/json/recordset_client.py
@@ -81,18 +81,20 @@
return resp, body
@base.handle_errors
- def show_recordset(self, zone_uuid, recordset_uuid, params=None):
+ def show_recordset(self, zone_uuid, recordset_uuid,
+ params=None, headers=None):
"""Gets a specific recordset related to a specific zone.
:param zone_uuid: Unique identifier of the zone in UUID format.
:param recordset_uuid: Unique identifier of the recordset in
UUID format.
:param params: A Python dict that represents the query paramaters to
include in the request URI.
+ :param headers (dict): The headers to use for the request.
:return: Serialized recordset as a list.
"""
return self._show_request(
'zones/{0}/recordsets'.format(zone_uuid), recordset_uuid,
- params=params)
+ params=params, headers=headers)
@base.handle_errors
def delete_recordset(self, zone_uuid, recordset_uuid, params=None):
@@ -113,15 +115,17 @@
return resp, body
@base.handle_errors
- def list_recordset(self, uuid, params=None):
+ def list_recordset(self, uuid, params=None, headers=None):
"""List recordsets related to the specified zone.
:param uuid: Unique identifier of the zone in UUID format.
:param params: A Python dict that represents the query paramaters to
include in the request URI.
+ :param headers (dict): The headers to use for the request.
:return: Serialized recordset as a list.
"""
return self._list_request(
- 'zones/{0}/recordsets'.format(uuid), params=params)
+ 'zones/{0}/recordsets'.format(uuid),
+ params=params, headers=headers)
@base.handle_errors
def show_zones_recordset(self, recordset_uuid, params=None):
diff --git a/designate_tempest_plugin/services/dns/v2/json/service_client.py b/designate_tempest_plugin/services/dns/v2/json/service_client.py
new file mode 100644
index 0000000..fd24047
--- /dev/null
+++ b/designate_tempest_plugin/services/dns/v2/json/service_client.py
@@ -0,0 +1,27 @@
+# Copyright 2021 Red Hat.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+from designate_tempest_plugin.services.dns.v2.json import base
+
+
+class SevriceClient(base.DnsClientV2Base):
+
+ @base.handle_errors
+ def list_statuses(self, headers=None):
+ """List all Services and statuses
+
+ :param headers: (dict): The headers to use for the request.
+ :return: Serialized service statuses as a list.
+ """
+ return self._list_request(
+ 'service_statuses', headers=headers)[1]['service_statuses']
diff --git a/designate_tempest_plugin/services/dns/v2/json/transfer_accepts_client.py b/designate_tempest_plugin/services/dns/v2/json/transfer_accepts_client.py
index fe0fd0f..a0612e9 100644
--- a/designate_tempest_plugin/services/dns/v2/json/transfer_accepts_client.py
+++ b/designate_tempest_plugin/services/dns/v2/json/transfer_accepts_client.py
@@ -47,3 +47,15 @@
"""
return self._show_request(
'zones/tasks/transfer_accepts', uuid, params=params)
+
+ @base.handle_errors
+ def list_transfer_accept(self, params=None, headers=None):
+ """Lists all accepted zone transfers.
+ :param params: A Python dict that represents the query paramaters to
+ include in the accept URI.
+ :param headers (dict): The headers to use for the request.
+ :return: List of accepted zone transfers
+ """
+ return self._list_request(
+ 'zones/tasks/transfer_accepts', params=params,
+ headers=headers)[1]['transfer_accepts']
diff --git a/designate_tempest_plugin/services/dns/v2/json/transfer_request_client.py b/designate_tempest_plugin/services/dns/v2/json/transfer_request_client.py
index f494cde..9523175 100644
--- a/designate_tempest_plugin/services/dns/v2/json/transfer_request_client.py
+++ b/designate_tempest_plugin/services/dns/v2/json/transfer_request_client.py
@@ -60,26 +60,30 @@
return resp, body
@base.handle_errors
- def show_transfer_request(self, uuid, params=None):
+ def show_transfer_request(self, uuid, params=None, headers=None):
"""Gets a specific transfer_requestsed zone.
:param uuid: Unique identifier of the transfer_requestsed zone in
UUID format.
:param params: A Python dict that represents the query paramaters to
include in the request URI.
+
+ :param headers (dict): The headers to use for the request.
:return: Serialized transfer_requestsed zone as a dictionary.
"""
return self._show_request(
- 'zones/tasks/transfer_requests', uuid, params=params)
+ 'zones/tasks/transfer_requests', uuid,
+ params=params, headers=headers)
@base.handle_errors
- def list_transfer_requests(self, params=None):
+ def list_transfer_requests(self, params=None, headers=None):
"""Gets all the transfer_requestsed zones
:param params: A Python dict that represents the query paramaters to
include in the request URI.
+ :param headers (dict): The headers to use for the request.
:return: Serialized transfer_requestsed zone as a list.
"""
return self._list_request(
- 'zones/tasks/transfer_requests', params=params)
+ 'zones/tasks/transfer_requests', params=params, headers=headers)
@base.handle_errors
def delete_transfer_request(self, uuid, params=None):
diff --git a/designate_tempest_plugin/services/dns/v2/json/zone_exports_client.py b/designate_tempest_plugin/services/dns/v2/json/zone_exports_client.py
index 3bbd6c9..8915ceb 100644
--- a/designate_tempest_plugin/services/dns/v2/json/zone_exports_client.py
+++ b/designate_tempest_plugin/services/dns/v2/json/zone_exports_client.py
@@ -43,16 +43,17 @@
return resp, body
@base.handle_errors
- def show_zone_export(self, uuid, params=None):
+ def show_zone_export(self, uuid, params=None, headers=None):
"""Get the zone export task
:param uuid: Unique identifier of the zone export task in UUID format.
:param params: A Python dict that represents the query paramaters to
include in the request URI.
+ :param headers (dict): The headers to use for the request.
:return: Serialized exported zone as a dictionary.
"""
return self._show_request(
- 'zones/tasks/exports', uuid, params=params)
+ 'zones/tasks/exports', uuid, params=params, headers=headers)
@base.handle_errors
def show_exported_zonefile(self, uuid, params=None):
@@ -70,15 +71,16 @@
headers=headers, params=params)
@base.handle_errors
- def list_zone_exports(self, params=None):
+ def list_zone_exports(self, params=None, headers=None):
"""List zone export tasks
:param params: A Python dict that represents the query paramaters to
include in the request URI.
+ :param headers (dict): The headers to use for the request.
:return: Serialized exported zone as a list.
"""
return self._list_request(
- 'zones/tasks/exports', params=params)
+ 'zones/tasks/exports', params=params, headers=headers)
@base.handle_errors
def delete_zone_export(self, uuid, params=None):
diff --git a/designate_tempest_plugin/services/dns/v2/json/zone_imports_client.py b/designate_tempest_plugin/services/dns/v2/json/zone_imports_client.py
index 872fc13..86d9fb1 100644
--- a/designate_tempest_plugin/services/dns/v2/json/zone_imports_client.py
+++ b/designate_tempest_plugin/services/dns/v2/json/zone_imports_client.py
@@ -43,25 +43,27 @@
return resp, body
@base.handle_errors
- def show_zone_import(self, uuid, params=None):
+ def show_zone_import(self, uuid, params=None, headers=None):
"""Gets a specific zone import.
:param uuid: Unique identifier of the imported zone in UUID format.
:param params: A Python dict that represents the query paramaters to
include in the request URI.
+ :param headers (dict): The headers to use for the request.
:return: Serialized imported zone as a dictionary.
"""
return self._show_request(
- 'zones/tasks/imports', uuid, params=params)
+ 'zones/tasks/imports', uuid, params=params, headers=headers)
@base.handle_errors
- def list_zone_imports(self, params=None):
+ def list_zone_imports(self, params=None, headers=None):
"""Gets all the imported zones.
:param params: A Python dict that represents the query paramaters to
include in the request URI.
+ :param headers (dict): The headers to use for the request.
:return: Serialized imported zones as a list.
"""
return self._list_request(
- 'zones/tasks/imports', params=params)
+ 'zones/tasks/imports', params=params, headers=headers)
@base.handle_errors
def delete_zone_import(self, uuid, params=None):
diff --git a/designate_tempest_plugin/services/dns/v2/json/zones_client.py b/designate_tempest_plugin/services/dns/v2/json/zones_client.py
index ac360e6..04a628b 100644
--- a/designate_tempest_plugin/services/dns/v2/json/zones_client.py
+++ b/designate_tempest_plugin/services/dns/v2/json/zones_client.py
@@ -13,6 +13,8 @@
# under the License.
from tempest.lib.common.utils import data_utils
+from designate_tempest_plugin.common import constants as const
+
from designate_tempest_plugin import data_utils as dns_data_utils
from designate_tempest_plugin.common import waiters
from designate_tempest_plugin.services.dns.v2.json import base
@@ -23,7 +25,10 @@
@base.handle_errors
def create_zone(self, name=None, email=None, ttl=None, description=None,
- wait_until=False, params=None):
+ attributes=None, wait_until=False,
+ zone_type=const.PRIMARY_ZONE_TYPE,
+ primaries=None, params=None):
+
"""Create a zone with the specified parameters.
:param name: The name of the zone.
@@ -34,18 +39,43 @@
Default: Random Value
:param description: A description of the zone.
Default: Random Value
+ :param attributes: Key:Value pairs of information about this zone,
+ and the pool the user would like to place the zone in.
+ This information can be used by the scheduler to place
+ zones on the correct pool.
:param wait_until: Block until the zone reaches the desiered status
+ :param zone_type: PRIMARY or SECONDARY
+ Default: PRIMARY
+ :param primaries: List of Primary nameservers. Required for SECONDARY
+ Default: None
:param params: A Python dict that represents the query paramaters to
include in the request URI.
:return: A tuple with the server response and the created zone.
"""
- zone = {
- 'name': name or dns_data_utils.rand_zone_name(),
- 'email': email or dns_data_utils.rand_email(),
- 'ttl': ttl or dns_data_utils.rand_ttl(),
- 'description': description or data_utils.rand_name('test-zone'),
- }
+ zone = {
+ 'name': name or dns_data_utils.rand_zone_name()
+ if name != '' else '',
+ 'email': email or dns_data_utils.rand_email()
+ if email != '' else '',
+ 'ttl': ttl or dns_data_utils.rand_ttl()
+ if ttl != 0 else 0,
+ 'description': description or data_utils.rand_name('test-zone')
+ if description != '' else '',
+ 'attributes': attributes or {
+ 'attribute_key': data_utils.rand_name('attribute_value')}
+ }
+ # If SECONDARY, "email" and "ttl" cannot be supplied
+ if zone_type == const.SECONDARY_ZONE_TYPE:
+ zone['type'] = zone_type
+ del zone['email']
+ del zone['ttl']
+ if primaries is None:
+ raise AttributeError(
+ 'Error - "primaries" is mandatory parameter'
+ ' for a SECONDARY zone type')
+
+ zone['masters'] = primaries
resp, body = self._create_request('zones', zone, params=params)
# Create Zone should Return a HTTP 202
@@ -57,23 +87,38 @@
return resp, body
@base.handle_errors
- def show_zone(self, uuid, params=None):
+ def show_zone(self, uuid, params=None, headers=None):
"""Gets a specific zone.
:param uuid: Unique identifier of the zone in UUID format.
:param params: A Python dict that represents the query paramaters to
include in the request URI.
+ :param headers (dict): The headers to use for the request.
:return: Serialized zone as a dictionary.
"""
- return self._show_request('zones', uuid, params=params)
+ return self._show_request(
+ 'zones', uuid, params=params, headers=headers)
@base.handle_errors
- def list_zones(self, params=None):
+ def show_zone_nameservers(self, zone_uuid, params=None):
+ """Gets list of Zone Name Servers
+ :param zone_uuid: Unique identifier of the zone in UUID format.
+ :param params: A Python dict that represents the query paramaters to
+ include in the request URI.
+ :return: Serialized nameservers as a list.
+ """
+ return self._show_request(
+ 'zones/{0}/nameservers'.format(zone_uuid), uuid=None,
+ params=params)
+
+ @base.handle_errors
+ def list_zones(self, params=None, headers=None):
"""Gets a list of zones.
:param params: A Python dict that represents the query paramaters to
include in the request URI.
+ :param headers (dict): The headers to use for the request.
:return: Serialized zones as a list.
"""
- return self._list_request('zones', params=params)
+ return self._list_request('zones', params=params, headers=headers)
@base.handle_errors
def delete_zone(self, uuid, params=None):
@@ -121,3 +166,34 @@
waiters.wait_for_zone_status(self, body['id'], wait_until)
return resp, body
+
+ @base.handle_errors
+ def trigger_manual_update(self, zone_id, headers=None):
+ """Trigger manually update for secondary zone.
+
+ :param zone_id: Secondary zone ID.
+ :param headers (dict): The headers to use for the request.
+ :return: A tuple with the server response and body.
+ """
+ resp, body = self._create_request(
+ 'zones/{}/tasks/xfr'.format(zone_id), headers=headers)
+ # Trigger Zone Update should Return a HTTP 202
+ self.expected_success(202, resp.status)
+ return resp, body
+
+ @base.handle_errors
+ def abandon_zone(self, zone_id, headers=None):
+ """This removes a zone from the designate database without removing
+ it from the backends.
+
+ :param zone_id: Zone ID.
+ :param headers (dict): The headers to use for the request.
+ :return: A tuple with the server response and body.
+ """
+ resp, body = self._create_request(
+ 'zones/{}/tasks/abandon'.format(zone_id),
+ headers=headers,
+ expected_statuses=self.DELETE_STATUS_CODES)
+
+ self.expected_success(self.DELETE_STATUS_CODES, resp.status)
+ return resp, body
diff --git a/designate_tempest_plugin/tests/api/v2/test_designate_limits.py b/designate_tempest_plugin/tests/api/v2/test_designate_limits.py
new file mode 100644
index 0000000..a2c92dc
--- /dev/null
+++ b/designate_tempest_plugin/tests/api/v2/test_designate_limits.py
@@ -0,0 +1,52 @@
+# Copyright 2021 Red Hat.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+from oslo_log import log as logging
+from tempest.lib import decorators
+
+from designate_tempest_plugin.tests import base
+
+LOG = logging.getLogger(__name__)
+
+
+class DesignateLimit(base.BaseDnsV2Test):
+ credentials = ['admin']
+
+ @classmethod
+ def setup_credentials(cls):
+ # Do not create network resources for these test.
+ cls.set_network_resources()
+ super(DesignateLimit, cls).setup_credentials()
+
+ @classmethod
+ def setup_clients(cls):
+ super(DesignateLimit, cls).setup_clients()
+
+ cls.admin_client = cls.os_admin.designate_limit_client
+
+ @decorators.idempotent_id('828572be-8662-11eb-8ff2-74e5f9e2a801')
+ def test_list_designate_limits(self):
+ expected_default_limits_fields = [
+ "max_page_limit", "max_recordset_name_length",
+ "max_recordset_records", "max_zone_name_length",
+ "max_zone_records", "max_zone_recordsets",
+ "max_zones", "min_ttl"].sort()
+ project_limits = self.admin_client.list_designate_limits()
+ LOG.info(
+ 'Retrieved designate limits are: {} '.format(project_limits))
+ self.assertEqual(
+ expected_default_limits_fields,
+ list(project_limits.keys()).sort(),
+ 'Retrieved fields: {} are not as expected: {} '.format(
+ list(project_limits.keys()).sort(),
+ expected_default_limits_fields))
diff --git a/designate_tempest_plugin/tests/api/v2/test_recordset.py b/designate_tempest_plugin/tests/api/v2/test_recordset.py
index 53d148d..b8f59fb 100644
--- a/designate_tempest_plugin/tests/api/v2/test_recordset.py
+++ b/designate_tempest_plugin/tests/api/v2/test_recordset.py
@@ -49,6 +49,9 @@
@ddt.ddt
class RecordsetsTest(BaseRecordsetsTest):
+
+ credentials = ["admin", 'primary', 'alt']
+
@classmethod
def setup_credentials(cls):
# Do not create network resources for these test.
@@ -60,7 +63,11 @@
super(RecordsetsTest, cls).setup_clients()
cls.client = cls.os_primary.recordset_client
+ cls.alt_client = cls.os_alt.recordset_client
+ cls.admin_client = cls.os_admin.recordset_client
cls.zone_client = cls.os_primary.zones_client
+ cls.alt_zone_client = cls.os_alt.zones_client
+ cls.admin_zone_client = cls.os_admin.zones_client
@decorators.attr(type='smoke')
@decorators.idempotent_id('631d74fd-6909-4684-a61b-5c4d2f92c3e7')
@@ -205,9 +212,92 @@
self.assertEqual(record['description'], update['description'])
self.assertNotEqual(record['ttl'], update['ttl'])
+ @decorators.idempotent_id('3f3575a0-a28b-11eb-ab42-74e5f9e2a801')
+ def test_show_recordsets_impersonate_another_project(self):
+
+ LOG.info('Create a Recordset')
+ recordset_data = data_utils.rand_recordset_data(
+ record_type='A', zone_name=self.zone['name'])
+ resp, body = self.client.create_recordset(
+ self.zone['id'], recordset_data)
+ self.assertEqual('PENDING', body['status'],
+ 'Failed, expected status is PENDING')
+ LOG.info('Wait until the recordset is active')
+ waiters.wait_for_recordset_status(
+ self.client, self.zone['id'],
+ body['id'], 'ACTIVE')
+
+ LOG.info('Re-Fetch the Recordset as Alt tenant with '
+ '"x-auth-sudo-project-id" HTTP header included in request. '
+ 'Expected: 403')
+ self.assertRaises(
+ lib_exc.Forbidden, lambda: self.alt_client.show_recordset(
+ self.zone['id'], body['id'], headers={
+ 'x-auth-sudo-project-id': body['project_id']}))
+
+ LOG.info('Re-Fetch the Recordset as Admin tenant without '
+ '"x-auth-sudo-project-id" HTTP header. Expected: 404')
+ self.assertRaises(lib_exc.NotFound,
+ lambda: self.admin_client.show_recordset(
+ self.zone['id'], body['id']))
+
+ record = self.admin_client.show_recordset(
+ self.zone['id'], body['id'],
+ headers={'x-auth-sudo-project-id': body['project_id']})[1]
+
+ LOG.info('Ensure the fetched response matches the expected one')
+ self.assertExpected(body, record,
+ self.excluded_keys + ['action', 'status'])
+
+ @decorators.idempotent_id('9f364a64-a2aa-11eb-aad4-74e5f9e2a801')
+ def test_admin_list_all_recordsets_for_a_project(self):
+
+ LOG.info('Create a Recordset as Primary tenant')
+ recordset_data_primary_1 = data_utils.rand_recordset_data(
+ record_type='A', zone_name=self.zone['name'])
+ body_pr_1 = self.client.create_recordset(
+ self.zone['id'], recordset_data_primary_1)[1]
+ self.assertEqual('PENDING', body_pr_1['status'],
+ 'Failed, expected status is PENDING')
+ recordset_data_primary_2 = data_utils.rand_recordset_data(
+ record_type='A', zone_name=self.zone['name'])
+ body_pr_2 = self.client.create_recordset(
+ self.zone['id'], recordset_data_primary_2)[1]
+ self.assertEqual('PENDING', body_pr_2['status'],
+ 'Failed, expected status is PENDING')
+
+ LOG.info('Re-Fetch Recordsets as Alt tenant for a Primary project. '
+ 'Expected: 404')
+ self.assertRaises(lib_exc.NotFound,
+ lambda: self.alt_client.list_recordset(
+ self.zone['id']))
+
+ LOG.info('Re-Fetch Recordsets as Alt tenant for a Primary project '
+ 'using "x-auth-all-projects" HTTP header. Expected: 403')
+ self.assertRaises(lib_exc.Forbidden,
+ lambda: self.alt_client.list_recordset(
+ self.zone['id'],
+ headers={'x-auth-all-projects': True}))
+
+ LOG.info('Re-Fetch Recordsets as Admin tenant for a Primary project '
+ 'using "x-auth-all-projects" HTTP header.')
+ primary_recordsets_ids = [
+ item['id'] for item in self.admin_client.list_recordset(
+ self.zone['id'],
+ headers={'x-auth-all-projects': True})[1]['recordsets']]
+
+ for recordset_id in [body_pr_1['id'], body_pr_2['id']]:
+ self.assertIn(
+ recordset_id, primary_recordsets_ids,
+ 'Failed, recordset ID:{} was not found in listed '
+ 'recordsets: {}'.format(recordset_id, primary_recordsets_ids))
+
@ddt.ddt
class RecordsetsNegativeTest(BaseRecordsetsTest):
+
+ credentials = ['primary', 'alt']
+
@classmethod
def setup_credentials(cls):
# Do not create network resources for these test.
@@ -219,6 +309,7 @@
super(RecordsetsNegativeTest, cls).setup_clients()
cls.client = cls.os_primary.recordset_client
+ cls.alt_client = cls.os_alt.recordset_client
cls.zone_client = cls.os_primary.zones_client
@decorators.idempotent_id('98c94f8c-217a-4056-b996-b1f856d0753e')
@@ -311,6 +402,46 @@
with self.assertRaisesDns(lib_exc.BadRequest, 'invalid_uuid', 400):
self.client.delete_recordset(zone['id'], 'invalid')
+ @decorators.idempotent_id('64e01dc4-a2a8-11eb-aad4-74e5f9e2a801')
+ def test_show_recordsets_invalid_ids(self):
+
+ LOG.info('Create a Recordset')
+ recordset_data = data_utils.rand_recordset_data(
+ record_type='A', zone_name=self.zone['name'])
+ resp, body = self.client.create_recordset(
+ self.zone['id'], recordset_data)
+ self.assertEqual('PENDING', body['status'],
+ 'Failed, expected status is PENDING')
+ LOG.info('Wait until the recordset is active')
+ waiters.wait_for_recordset_status(
+ self.client, self.zone['id'],
+ body['id'], 'ACTIVE')
+
+ LOG.info('Ensure 404 NotFound status code is received if '
+ 'recordset ID is invalid.')
+ self.assertRaises(
+ lib_exc.NotFound, lambda: self.client.show_recordset(
+ zone_uuid=self.zone['id'],
+ recordset_uuid=lib_data_utils.rand_uuid()))
+
+ LOG.info('Ensure 404 NotFound status code is received if '
+ 'zone ID is invalid.')
+ self.assertRaises(
+ lib_exc.NotFound, lambda: self.client.show_recordset(
+ zone_uuid=lib_data_utils.rand_uuid(),
+ recordset_uuid=body['id']))
+
+ @decorators.idempotent_id('c1d9f046-a2b1-11eb-aad4-74e5f9e2a801')
+ def test_create_recordset_for_other_tenant(self):
+ recordset_data = data_utils.rand_recordset_data(
+ record_type='A', zone_name=self.zone['name'])
+
+ LOG.info('Create a Recordset as Alt tenant for a zone created by '
+ 'Primary tenant. Expected: 404 NotFound')
+ self.assertRaises(
+ lib_exc.NotFound, lambda: self.alt_client.create_recordset(
+ self.zone['id'], recordset_data))
+
class RootRecordsetsTests(BaseRecordsetsTest):
@classmethod
@@ -435,35 +566,55 @@
recordsets_created = {}
for client in clients_list:
if client == 'primary':
+ # Create a zone and wait till it's ACTIVE
zone = self.zone_client.create_zone()[1]
self.addCleanup(self.wait_zone_delete,
self.zone_client,
zone['id'])
+ waiters.wait_for_zone_status(
+ self.zone_client, zone['id'], 'ACTIVE')
+
+ # Create a recordset and wait till it's ACTIVE
recordset_data = data_utils.rand_recordset_data(
record_type='A', zone_name=zone['name'])
resp, body = self.client.create_recordset(
zone['id'], recordset_data)
self.assertEqual('PENDING', body['status'],
'Failed, expected status is PENDING')
- waiters.wait_for_zone_status(
- self.zone_client, zone['id'], 'ACTIVE')
+ LOG.info('Wait until the recordset is active')
+ waiters.wait_for_recordset_status(
+ self.client, zone['id'],
+ body['id'], 'ACTIVE')
+
+ # Add "project_id" into the recordset_data
recordset_data['project_id'] = zone['project_id']
recordsets_created['primary'] = recordset_data
+
if client == 'alt':
+ # Create a zone and wait till it's ACTIVE
alt_zone = self.alt_zone_client.create_zone()[1]
self.addCleanup(self.wait_zone_delete,
self.alt_zone_client,
alt_zone['id'])
+ waiters.wait_for_zone_status(
+ self.alt_zone_client, alt_zone['id'], 'ACTIVE')
+
+ # Create a recordset and wait till it's ACTIVE
recordset_data = data_utils.rand_recordset_data(
record_type='A', zone_name=alt_zone['name'])
resp, body = self.alt_client.create_recordset(
alt_zone['id'], recordset_data)
self.assertEqual('PENDING', body['status'],
'Failed, expected status is PENDING')
- waiters.wait_for_zone_status(
- self.alt_zone_client, alt_zone['id'], 'ACTIVE')
+ LOG.info('Wait until the recordset is active')
+ waiters.wait_for_recordset_status(
+ self.alt_client, alt_zone['id'],
+ body['id'], 'ACTIVE')
+
+ # Add "project_id" into the recordset_data
recordset_data['project_id'] = alt_zone['project_id']
recordsets_created['alt'] = recordset_data
+
return recordsets_created
@decorators.idempotent_id('9c0f58ad-1b31-4899-b184-5380720604e5')
diff --git a/designate_tempest_plugin/tests/api/v2/test_service_statuses.py b/designate_tempest_plugin/tests/api/v2/test_service_statuses.py
new file mode 100644
index 0000000..68396c5
--- /dev/null
+++ b/designate_tempest_plugin/tests/api/v2/test_service_statuses.py
@@ -0,0 +1,66 @@
+# Copyright 2021 Red Hat.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+from oslo_log import log as logging
+from designate_tempest_plugin.common import constants as const
+from tempest import config
+from tempest.lib import decorators
+
+from designate_tempest_plugin.tests import base
+
+LOG = logging.getLogger(__name__)
+
+
+CONF = config.CONF
+
+
+class ServiceStatus(base.BaseDnsV2Test):
+
+ credentials = ['primary', 'admin']
+
+ @classmethod
+ def setup_credentials(cls):
+ # Do not create network resources for these test.
+ cls.set_network_resources()
+ super(ServiceStatus, cls).setup_credentials()
+
+ @classmethod
+ def setup_clients(cls):
+ super(ServiceStatus, cls).setup_clients()
+
+ cls.client = cls.os_primary.service_client
+ cls.admin_client = cls.os_admin.service_client
+
+ @decorators.idempotent_id('bf277a76-8583-11eb-a557-74e5f9e2a801')
+ def test_list_service_statuses(self):
+
+ services_statuses_tup = [
+ (item['service_name'],
+ item['status']) for item in self.admin_client.list_statuses()]
+ LOG.info("Listed service tuples: (name,status)' are:{} ".format(
+ services_statuses_tup))
+
+ LOG.info('Make sure that all expected/mandatory services are '
+ 'listed in API response.')
+ expected_services = ['central', 'mdns', 'worker', 'producer']
+ for service in expected_services:
+ self.assertIn(
+ service, [item[0] for item in services_statuses_tup],
+ "Failed, expected service: {} wasn't detected in API "
+ "response".format(service))
+
+ LOG.info('Make sure that all listed services are in UP status.')
+ self.assertEqual(
+ {const.UP}, set([item[1] for item in services_statuses_tup]),
+ "Failed, not all listed services are in UP status, "
+ "services: {}".format(services_statuses_tup))
diff --git a/designate_tempest_plugin/tests/api/v2/test_transfer_accepts.py b/designate_tempest_plugin/tests/api/v2/test_transfer_accepts.py
index 70c9e30..1f7c1e1 100644
--- a/designate_tempest_plugin/tests/api/v2/test_transfer_accepts.py
+++ b/designate_tempest_plugin/tests/api/v2/test_transfer_accepts.py
@@ -13,6 +13,7 @@
# under the License.
from oslo_log import log as logging
from tempest.lib import decorators
+from tempest.lib import exceptions as lib_exc
from designate_tempest_plugin.tests import base
@@ -25,6 +26,8 @@
class TransferAcceptTest(BaseTransferAcceptTest):
+ credentials = ['primary', 'alt', 'admin']
+
@classmethod
def setup_credentials(cls):
# Do not create network resources for these test.
@@ -35,20 +38,32 @@
def setup_clients(cls):
super(TransferAcceptTest, cls).setup_clients()
- cls.zone_client = cls.os_primary.zones_client
- cls.request_client = cls.os_primary.transfer_request_client
- cls.client = cls.os_primary.transfer_accept_client
+ # Primary clients
+ cls.prm_zone_client = cls.os_primary.zones_client
+ cls.prm_request_client = cls.os_primary.transfer_request_client
+ cls.prm_accept_client = cls.os_primary.transfer_accept_client
+
+ # Alt clients
+ cls.alt_zone_client = cls.os_alt.zones_client
+ cls.alt_request_client = cls.os_alt.transfer_request_client
+ cls.alt_accept_client = cls.os_alt.transfer_accept_client
+
+ # Admin clients
+ cls.admin_zone_client = cls.os_admin.zones_client
+ cls.admin_request_client = cls.os_admin.transfer_request_client
+ cls.admin_accept_client = cls.os_admin.transfer_accept_client
@decorators.idempotent_id('1c6baf97-a83e-4d2e-a5d8-9d37fb7808f3')
def test_create_transfer_accept(self):
LOG.info('Create a zone')
- _, zone = self.zone_client.create_zone()
- self.addCleanup(self.wait_zone_delete, self.zone_client, zone['id'])
+ _, zone = self.prm_zone_client.create_zone()
+ self.addCleanup(
+ self.wait_zone_delete, self.prm_zone_client, zone['id'])
LOG.info('Create a zone transfer_request')
- _, transfer_request = self.request_client.create_transfer_request(
- zone['id'])
- self.addCleanup(self.request_client.delete_transfer_request,
+ _, transfer_request = self.prm_request_client.create_transfer_request(
+ zone['id'])
+ self.addCleanup(self.prm_request_client.delete_transfer_request,
transfer_request['id'])
data = {
@@ -56,7 +71,8 @@
"zone_transfer_request_id": transfer_request['id']
}
LOG.info('Create a zone transfer_accept')
- _, transfer_accept = self.client.create_transfer_accept(data)
+ _, transfer_accept = self.prm_accept_client.create_transfer_accept(
+ data)
LOG.info('Ensure we respond with ACTIVE status')
self.assertEqual('COMPLETE', transfer_accept['status'])
@@ -64,13 +80,14 @@
@decorators.idempotent_id('37c6afbb-3ea3-4fd8-94ea-a426244f019a')
def test_show_transfer_accept(self):
LOG.info('Create a zone')
- _, zone = self.zone_client.create_zone()
- self.addCleanup(self.wait_zone_delete, self.zone_client, zone['id'])
+ _, zone = self.prm_zone_client.create_zone()
+ self.addCleanup(
+ self.wait_zone_delete, self.prm_zone_client, zone['id'])
LOG.info('Create a zone transfer_request')
- _, transfer_request = self.request_client.create_transfer_request(
+ _, transfer_request = self.prm_request_client.create_transfer_request(
zone['id'])
- self.addCleanup(self.request_client.delete_transfer_request,
+ self.addCleanup(self.prm_request_client.delete_transfer_request,
transfer_request['id'])
data = {
@@ -79,11 +96,123 @@
}
LOG.info('Create a zone transfer_accept')
- _, transfer_accept = self.client.create_transfer_accept(data)
+ _, transfer_accept = self.prm_accept_client.create_transfer_accept(
+ data)
LOG.info('Fetch the transfer_accept')
- _, body = self.client.show_transfer_accept(transfer_accept['id'])
+ _, body = self.prm_accept_client.show_transfer_accept(
+ transfer_accept['id'])
LOG.info('Ensure the fetched response matches the '
'created transfer_accept')
self.assertExpected(transfer_accept, body, self.excluded_keys)
+
+ @decorators.idempotent_id('89b516f0-8c9f-11eb-a322-74e5f9e2a801')
+ def test_ownership_transferred_zone(self):
+
+ LOG.info('Create a Primary zone')
+ zone = self.prm_zone_client.create_zone()[1]
+ self.addCleanup(self.wait_zone_delete, self.prm_zone_client,
+ zone['id'], ignore_errors=lib_exc.NotFound)
+
+ LOG.info('Create a Primary zone transfer_request')
+ transfer_request = self.prm_request_client.create_transfer_request(
+ zone['id'])[1]
+ self.addCleanup(self.prm_request_client.delete_transfer_request,
+ transfer_request['id'])
+
+ data = {
+ "key": transfer_request['key'],
+ "zone_transfer_request_id": transfer_request['id']
+ }
+ LOG.info('Create an Alt zone transfer_accept')
+ transfer_accept = self.alt_accept_client.create_transfer_accept(
+ data)[1]
+
+ LOG.info('Ensure we respond with ACTIVE status')
+ self.assertEqual('COMPLETE', transfer_accept['status'])
+
+ # Make sure that the "project_id" of transferred zone has been changed
+ alt_transferred_zone = self.alt_zone_client.show_zone(zone['id'])[1]
+
+ self.assertNotEqual(
+ zone['project_id'], alt_transferred_zone['project_id'],
+ 'Failed, shown "project_id" for a transferred zone:{} should be '
+ 'different than the original "project_id" used in '
+ 'creation {}:'.format(
+ alt_transferred_zone['project_id'], zone['project_id']))
+
+ @decorators.idempotent_id('0fcd314c-8cae-11eb-a322-74e5f9e2a801')
+ def test_list_transfer_accepts(self):
+ """Test list API including filtering result option"""
+
+ number_of_zones_to_transfer = 3
+ transfer_request_ids = []
+ for _ in range(number_of_zones_to_transfer):
+
+ LOG.info('Create a Primary zone')
+ zone = self.prm_zone_client.create_zone()[1]
+ self.addCleanup(self.wait_zone_delete, self.prm_zone_client,
+ zone['id'], ignore_errors=lib_exc.NotFound)
+
+ LOG.info('Create a Primary zone transfer_request')
+ transfer_request = self.prm_request_client.create_transfer_request(
+ zone['id'])[1]
+ self.addCleanup(self.prm_request_client.delete_transfer_request,
+ transfer_request['id'])
+
+ data = {
+ "key": transfer_request['key'],
+ "zone_transfer_request_id": transfer_request['id']
+ }
+ LOG.info('Create an Alt zone transfer_accept')
+ transfer_accept = self.alt_accept_client.create_transfer_accept(
+ data)[1]
+
+ LOG.info('Ensure we respond with ACTIVE status')
+ self.assertEqual('COMPLETE', transfer_accept['status'])
+ transfer_request_ids.append(transfer_accept['id'])
+
+ # As Admin list all accepted zone transfers, expected:
+ # each previously transferred zone is listed.
+ LOG.info('Use Admin client to list all "accepted zone transfers"')
+ admin_client_accept_ids = [
+ item['id'] for item in
+ self.admin_accept_client.list_transfer_accept(
+ headers={'x-auth-all-projects': True})]
+ for tr_id in transfer_request_ids:
+ self.assertIn(
+ tr_id, admin_client_accept_ids,
+ 'Failed, expected transfer accept ID:{} is not listed in'
+ ' transfer accept IDs:{} '.format(tr_id, transfer_request_ids))
+
+ # As Admin list all accepted zone transfers in COMPLETE status only,
+ # expected: each previously transferred zone is listed.
+ LOG.info('Use Admin client to list all "accepted zone transfers", '
+ 'filter COMPLETE status only accepts.')
+ admin_client_accept_ids = [
+ item['id'] for item in
+ self.admin_accept_client.list_transfer_accept(
+ headers={'x-auth-all-projects': True},
+ params={'status': 'COMPLETE'})]
+ for tr_id in transfer_request_ids:
+ self.assertIn(
+ tr_id, admin_client_accept_ids,
+ 'Failed, expected transfer accept ID:{} is not listed in'
+ ' transfer accept IDs:{} '.format(
+ tr_id, transfer_request_ids))
+
+ # As Admin list all accepted zone transfers in "non existing" status,
+ # expected: received list is empty.
+ not_existing_status = 'zahlabut'
+ LOG.info('Use Admin client to list all "accepted zone transfers", '
+ 'filter {} status only accepts.'.format(not_existing_status))
+ admin_client_accept_ids = [
+ item['id'] for item in
+ self.admin_accept_client.list_transfer_accept(
+ headers={'x-auth-all-projects': True},
+ params={'status': not_existing_status})]
+ self.assertEmpty(
+ admin_client_accept_ids,
+ "Failed, filtered list should be empty, but actually it's not, "
+ "filtered IDs:{} ".format(admin_client_accept_ids))
diff --git a/designate_tempest_plugin/tests/api/v2/test_transfer_request.py b/designate_tempest_plugin/tests/api/v2/test_transfer_request.py
index bae2510..666fd79 100644
--- a/designate_tempest_plugin/tests/api/v2/test_transfer_request.py
+++ b/designate_tempest_plugin/tests/api/v2/test_transfer_request.py
@@ -27,7 +27,7 @@
class TransferRequestTest(BaseTransferRequestTest):
- credentials = ['primary', 'alt']
+ credentials = ['primary', 'alt', 'admin']
@classmethod
def setup_credentials(cls):
@@ -40,8 +40,10 @@
super(TransferRequestTest, cls).setup_clients()
cls.zone_client = cls.os_primary.zones_client
+ cls.alt_zone_client = cls.os_alt.zones_client
cls.client = cls.os_primary.transfer_request_client
cls.alt_client = cls.os_alt.transfer_request_client
+ cls.admin_client = cls.os_admin.transfer_request_client
@decorators.idempotent_id('2381d489-ad84-403d-b0a2-8b77e4e966bf')
def test_create_transfer_request(self):
@@ -107,6 +109,34 @@
'created transfer_request')
self.assertExpected(transfer_request, body, self.excluded_keys)
+ @decorators.idempotent_id('5bed4582-9cfb-11eb-a160-74e5f9e2a801')
+ @decorators.skip_because(bug="1926572")
+ def test_show_transfer_request_impersonate_another_project(self):
+ LOG.info('Create a zone')
+ zone = self.zone_client.create_zone()[1]
+ self.addCleanup(self.wait_zone_delete, self.zone_client, zone['id'])
+
+ LOG.info('Create a zone transfer_request')
+ transfer_request = self.client.create_transfer_request(zone['id'])[1]
+ self.addCleanup(self.client.delete_transfer_request,
+ transfer_request['id'])
+
+ LOG.info('As Admin tenant fetch the transfer_request without using '
+ '"x-auth-sudo-project-id" HTTP header. Expected: 404')
+ self.assertRaises(lib_exc.NotFound,
+ lambda: self.admin_client.show_transfer_request(
+ transfer_request['id']))
+
+ LOG.info('As Admin tenant fetch the transfer_request using '
+ '"x-auth-sudo-project-id" HTTP header.')
+ body = self.admin_client.show_transfer_request(
+ transfer_request['id'],
+ headers={'x-auth-sudo-project-id': zone['project_id']})[1]
+
+ LOG.info('Ensure the fetched response matches the '
+ 'created transfer_request')
+ self.assertExpected(transfer_request, body, self.excluded_keys)
+
@decorators.idempotent_id('235ded87-0c47-430b-8cad-4f3194b927a6')
def test_show_transfer_request_as_target(self):
# Checks the target of a scoped transfer request can see
@@ -166,6 +196,48 @@
self.assertGreater(len(body['transfer_requests']), 0)
+ @decorators.idempotent_id('db985892-9d02-11eb-a160-74e5f9e2a801')
+ def test_list_transfer_requests_all_projects(self):
+ LOG.info('Create a Primary zone')
+ primary_zone = self.zone_client.create_zone()[1]
+ self.addCleanup(self.wait_zone_delete,
+ self.zone_client, primary_zone['id'])
+
+ LOG.info('Create an Alt zone')
+ alt_zone = self.alt_zone_client.create_zone()[1]
+ self.addCleanup(self.wait_zone_delete,
+ self.alt_zone_client, alt_zone['id'])
+
+ LOG.info('Create a zone transfer_request using Primary client')
+ primary_transfer_request = self.client.create_transfer_request(
+ primary_zone['id'])[1]
+ self.addCleanup(self.client.delete_transfer_request,
+ primary_transfer_request['id'])
+
+ LOG.info('Create a zone transfer_request using Alt client')
+ alt_transfer_request = self.alt_client.create_transfer_request(
+ alt_zone['id'])[1]
+ self.addCleanup(self.alt_client.delete_transfer_request,
+ alt_transfer_request['id'])
+
+ LOG.info('List transfer_requests for all projects using Admin tenant '
+ 'without "x-auth-all-projects" HTTP header. '
+ 'Expected: empty list')
+ self.assertEqual([], self.admin_client.list_transfer_requests()[1][
+ 'transfer_requests'], 'Failed, requests list is not empty')
+
+ LOG.info('List transfer_requests for all projects using Admin tenant '
+ 'and "x-auth-all-projects" HTTP header.')
+ request_ids = [
+ item['id'] for item in self.admin_client.list_transfer_requests(
+ headers={'x-auth-all-projects': True})[1]['transfer_requests']]
+
+ for request_id in [primary_transfer_request['id'],
+ alt_transfer_request['id']]:
+ self.assertIn(request_id, request_ids,
+ "Failed, transfer request ID:{} wasn't found in "
+ "listed IDs{}".format(request_id, request_ids))
+
@decorators.idempotent_id('de5e9d32-c723-4518-84e5-58da9722cc13')
def test_update_transfer_request(self):
LOG.info('Create a zone')
diff --git a/designate_tempest_plugin/tests/api/v2/test_zone_tasks.py b/designate_tempest_plugin/tests/api/v2/test_zone_tasks.py
new file mode 100644
index 0000000..5816cd4
--- /dev/null
+++ b/designate_tempest_plugin/tests/api/v2/test_zone_tasks.py
@@ -0,0 +1,175 @@
+# Copyright 2021 Red Hat.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from socket import gaierror
+
+from oslo_log import log as logging
+from tempest.lib import decorators
+from tempest.lib import exceptions as lib_exc
+
+from designate_tempest_plugin.common import constants as const
+from designate_tempest_plugin.common import waiters
+from designate_tempest_plugin.tests import base
+
+from designate_tempest_plugin.services.dns.query.query_client \
+ import SingleQueryClient
+
+LOG = logging.getLogger(__name__)
+
+
+class BaseZonesTest(base.BaseDnsV2Test):
+ excluded_keys = ['created_at', 'updated_at', 'version', 'links',
+ 'status', 'action']
+
+
+class ZoneTasks(BaseZonesTest):
+ credentials = ['primary', 'alt', 'admin']
+
+ @classmethod
+ def setup_credentials(cls):
+ # Do not create network resources for these test.
+ cls.set_network_resources()
+ super(ZoneTasks, cls).setup_credentials()
+
+ @classmethod
+ def setup_clients(cls):
+ super(ZoneTasks, cls).setup_clients()
+
+ cls.client = cls.os_primary.zones_client
+ cls.alt_client = cls.os_alt.zones_client
+ cls.admin_client = cls.os_admin.zones_client
+ cls.query_client = cls.os_primary.query_client
+
+ @decorators.idempotent_id('287e2cd0-a0e7-11eb-b962-74e5f9e2a801')
+ def test_zone_abandon(self):
+
+ LOG.info('Create a PRIMARY zone')
+ pr_zone = self.client.create_zone()[1]
+
+ LOG.info('Ensure we respond with CREATE+PENDING')
+ self.assertEqual('CREATE', pr_zone['action'])
+ self.assertEqual('PENDING', pr_zone['status'])
+
+ LOG.info('Fetch the zone')
+ self.client.show_zone(pr_zone['id'])
+
+ LOG.info('Check that the zone was created on Nameserver/BIND')
+ waiters.wait_for_query(self.query_client, pr_zone['name'], "SOA")
+
+ LOG.info('Abandon a zone')
+ self.admin_client.abandon_zone(
+ pr_zone['id'],
+ headers={'x-auth-sudo-project-id': pr_zone['project_id']})
+
+ LOG.info('Wait for the zone to become 404/NotFound in Designate')
+ waiters.wait_for_zone_404(self.client, pr_zone['id'])
+
+ LOG.info('Check that the zone is still exists in Nameserver/BIND')
+ waiters.wait_for_query(
+ self.query_client, pr_zone['name'], "SOA")
+
+ @decorators.idempotent_id('90b21d1a-a1ba-11eb-84fa-74e5f9e2a801')
+ def test_zone_abandon_forbidden(self):
+
+ LOG.info('Create a PRIMARY zone and add to the cleanup')
+ pr_zone = self.client.create_zone()[1]
+ self.addCleanup(self.wait_zone_delete, self.client, pr_zone['id'])
+
+ LOG.info('Ensure we respond with CREATE+PENDING')
+ self.assertEqual('CREATE', pr_zone['action'])
+ self.assertEqual('PENDING', pr_zone['status'])
+
+ LOG.info('Fetch the zone')
+ self.client.show_zone(pr_zone['id'])
+
+ LOG.info('Check that the zone was created on Nameserver/BIND')
+ waiters.wait_for_query(self.query_client, pr_zone['name'], "SOA")
+
+ LOG.info('Abandon a zone as primary client, Expected: should '
+ 'fail with: 403 forbidden')
+ self.assertRaises(
+ lib_exc.Forbidden, self.client.abandon_zone,
+ zone_id=pr_zone['id'])
+
+
+class ZoneTasksNegative(BaseZonesTest):
+ credentials = ['primary', 'alt', 'admin']
+
+ @classmethod
+ def setup_credentials(cls):
+ # Do not create network resources for these test.
+ cls.set_network_resources()
+ super(ZoneTasksNegative, cls).setup_credentials()
+
+ @classmethod
+ def setup_clients(cls):
+ super(ZoneTasksNegative, cls).setup_clients()
+
+ cls.client = cls.os_primary.zones_client
+ cls.alt_client = cls.os_alt.zones_client
+ cls.admin_client = cls.os_admin.zones_client
+ cls.query_client = cls.os_primary.query_client
+
+ def _query_nameserver(self, nameserver, query_timeout,
+ zone_name, zone_type='SOA'):
+ query_succeeded = False
+ ns_obj = SingleQueryClient(nameserver, query_timeout)
+ try:
+ ns_obj.query(zone_name, zone_type)
+ query_succeeded = True
+ except gaierror as e:
+ LOG.info('Function "_query_nameserver" failed with:{} '.format(e))
+ return query_succeeded
+
+ @decorators.idempotent_id('ca250d92-8a2b-11eb-b49b-74e5f9e2a801')
+ def test_manually_trigger_update_secondary_zone_negative(self):
+ # Create a PRIMARY zone
+ LOG.info('Create a PRIMARY zone')
+ pr_zone = self.client.create_zone()[1]
+ self.addCleanup(self.wait_zone_delete, self.client, pr_zone['id'])
+
+ LOG.info('Ensure we respond with CREATE+PENDING')
+ self.assertEqual('CREATE', pr_zone['action'])
+ self.assertEqual('PENDING', pr_zone['status'])
+
+ # Get the Name Servers created for a PRIMARY zone
+ nameservers = [
+ dic['hostname'] for dic in self.client.show_zone_nameservers(
+ pr_zone['id'])[1]['nameservers']]
+
+ # Make sure that the nameservers are not available using DNS
+ # query and if it does, skip the test.
+ LOG.info('Check if NameServers are available, skip the test if not')
+ for ns in nameservers:
+ if self._query_nameserver(
+ ns, 5, pr_zone['name'], zone_type='SOA') is True:
+ raise self.skipException(
+ "Nameserver:{} is available, but negative test scenario "
+ "needs it to be unavailable, therefore test is "
+ "skipped.".format(ns.strip('.')))
+
+ # Create a SECONDARY zone
+ LOG.info('Create a SECONDARY zone')
+ sec_zone = self.client.create_zone(
+ zone_type=const.SECONDARY_ZONE_TYPE, primaries=nameservers)[1]
+ self.addCleanup(self.wait_zone_delete, self.client, sec_zone['id'])
+ LOG.info('Ensure we respond with CREATE+PENDING')
+ self.assertEqual('CREATE', sec_zone['action'])
+ self.assertEqual('PENDING', sec_zone['status'])
+
+ # Manually trigger_update zone
+ LOG.info('Manually Trigger an Update of a Secondary Zone when the '
+ 'nameservers not pingable. Expected: error status code 500')
+ with self.assertRaisesDns(lib_exc.ServerFault, 'unknown', 500):
+ self.client.trigger_manual_update(sec_zone['id'])
diff --git a/designate_tempest_plugin/tests/api/v2/test_zones.py b/designate_tempest_plugin/tests/api/v2/test_zones.py
index ee31b9b..78b8d4a 100644
--- a/designate_tempest_plugin/tests/api/v2/test_zones.py
+++ b/designate_tempest_plugin/tests/api/v2/test_zones.py
@@ -11,14 +11,19 @@
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
+import uuid
from oslo_log import log as logging
from tempest.lib import decorators
-from tempest.lib import exceptions as lib_exc
from tempest.lib.common.utils import data_utils
+from tempest.lib import exceptions as lib_exc
+
+
+from designate_tempest_plugin.common import constants as const
from designate_tempest_plugin import data_utils as dns_data_utils
from designate_tempest_plugin.tests import base
+from designate_tempest_plugin.common import waiters
LOG = logging.getLogger(__name__)
@@ -28,6 +33,7 @@
class ZonesTest(BaseZonesTest):
+ credentials = ['admin', 'primary']
@classmethod
def setup_credentials(cls):
# Do not create network resources for these test.
@@ -39,11 +45,27 @@
super(ZonesTest, cls).setup_clients()
cls.client = cls.os_primary.zones_client
+ cls.pool_client = cls.os_admin.pool_client
@decorators.idempotent_id('9d2e20fc-e56f-4a62-9c61-9752a9ec615c')
- def test_create_zone(self):
- LOG.info('Create a zone')
- _, zone = self.client.create_zone()
+ def test_create_zones(self):
+ # Create a PRIMARY zone
+ LOG.info('Create a PRIMARY zone')
+ zone = self.client.create_zone()[1]
+ self.addCleanup(self.wait_zone_delete, self.client, zone['id'])
+
+ LOG.info('Ensure we respond with CREATE+PENDING')
+ self.assertEqual('CREATE', zone['action'])
+ self.assertEqual('PENDING', zone['status'])
+
+ # Get the Name Servers (hosts) created in PRIMARY zone
+ nameservers = self.client.show_zone_nameservers(zone['id'])[1]
+ nameservers = [dic['hostname'] for dic in nameservers['nameservers']]
+
+ # Create a SECONDARY zone
+ LOG.info('Create a SECONDARY zone')
+ zone = self.client.create_zone(
+ zone_type=const.SECONDARY_ZONE_TYPE, primaries=nameservers)[1]
self.addCleanup(self.wait_zone_delete, self.client, zone['id'])
LOG.info('Ensure we respond with CREATE+PENDING')
@@ -62,6 +84,18 @@
LOG.info('Ensure the fetched response matches the created zone')
self.assertExpected(zone, body, self.excluded_keys)
+ @decorators.idempotent_id('49268b24-92de-11eb-9d02-74e5f9e2a801')
+ def test_show_not_existing_zone(self):
+ LOG.info('Fetch non existing zone')
+ self.assertRaises(lib_exc.NotFound,
+ lambda: self.client.show_zone(uuid.uuid1()))
+
+ @decorators.idempotent_id('736e3b50-92e0-11eb-9d02-74e5f9e2a801')
+ def test_use_invalid_id_to_show_zone(self):
+ LOG.info('Fetch the zone using invalid zone ID')
+ with self.assertRaisesDns(lib_exc.BadRequest, 'invalid_uuid', 400):
+ self.client.show_zone(uuid='zahlabut')
+
@decorators.attr(type='smoke')
@decorators.idempotent_id('a4791906-6cd6-4d27-9f15-32273db8bb3d')
def test_delete_zone(self):
@@ -77,6 +111,12 @@
self.assertEqual('DELETE', body['action'])
self.assertEqual('PENDING', body['status'])
+ @decorators.idempotent_id('79921370-92e1-11eb-9d02-74e5f9e2a801')
+ def test_delete_non_existing_zone(self):
+ LOG.info('Delete non existing zone')
+ self.assertRaises(lib_exc.NotFound,
+ lambda: self.client.delete_zone(uuid.uuid1()))
+
@decorators.idempotent_id('5bfa3cfe-5bc8-443b-bf48-cfba44cbb247')
def test_list_zones(self):
LOG.info('Create a zone')
@@ -110,6 +150,13 @@
LOG.info('Ensure we respond with updated values')
self.assertEqual(description, zone['description'])
+ @decorators.idempotent_id('e391e30a-92e0-11eb-9d02-74e5f9e2a801')
+ def test_update_non_existing_zone(self):
+ LOG.info('Update non existing zone')
+ self.assertRaises(lib_exc.NotFound,
+ lambda: self.client.update_zone(
+ uuid.uuid1(), description=data_utils.rand_name()))
+
@decorators.idempotent_id('925192f2-0ed8-4591-8fe7-a9fa028f90a0')
def test_list_zones_dot_json_fails(self):
uri = self.client.get_uri('zones.json')
@@ -117,9 +164,35 @@
self.assertRaises(lib_exc.NotFound,
lambda: self.client.get(uri))
+ @decorators.idempotent_id('d4ce813e-64a5-11eb-9f43-74e5f9e2a801')
+ def test_get_primary_zone_nameservers(self):
+ # Create a zone and get the associated "pool_id"
+ LOG.info('Create a zone')
+ zone = self.client.create_zone()[1]
+ self.addCleanup(self.wait_zone_delete, self.client, zone['id'])
+ zone_pool_id = zone['pool_id']
+
+ # Get zone's Name Servers using dedicated API request
+ zone_nameservers = self.client.show_zone_nameservers(zone['id'])[1]
+ zone_nameservers = zone_nameservers['nameservers']
+ LOG.info('Zone Name Servers are: {}'.format(zone_nameservers))
+ self.assertIsNot(
+ 0, len(zone_nameservers),
+ "Failed - received list of nameservers shouldn't be empty")
+
+ # Use "pool_id" to get the Name Servers used
+ pool = self.pool_client.show_pool(zone_pool_id)[1]
+ pool_nameservers = pool['ns_records']
+ LOG.info('Pool nameservers: {}'.format(pool_nameservers))
+
+ # Make sure that pool's and zone's Name Servers are same
+ self.assertCountEqual(
+ pool_nameservers, zone_nameservers,
+ 'Failed - Pool and Zone nameservers should be the same')
+
class ZonesAdminTest(BaseZonesTest):
- credentials = ['primary', 'admin']
+ credentials = ['primary', 'admin', 'alt']
@classmethod
def setup_credentials(cls):
@@ -133,19 +206,82 @@
cls.client = cls.os_primary.zones_client
cls.admin_client = cls.os_admin.zones_client
+ cls.alt_client = cls.os_alt.zones_client
- @decorators.idempotent_id('6477f92d-70ba-46eb-bd6c-fc50c405e222')
- def test_get_other_tenant_zone(self):
- LOG.info('Create a zone as a user')
- _, zone = self.client.create_zone()
+ @decorators.idempotent_id('f6fe8cce-8b04-11eb-a861-74e5f9e2a801')
+ def test_show_zone_impersonate_another_project(self):
+ LOG.info('Create zone "A" using primary client')
+ zone = self.client.create_zone()[1]
self.addCleanup(self.wait_zone_delete, self.client, zone['id'])
- LOG.info('Fetch the zone as an admin')
- _, body = self.admin_client.show_zone(
- zone['id'], params={'all_projects': True})
+ LOG.info('As Alt tenant show zone created by Primary tenant. '
+ 'Expected: 404 NotFound')
+ self.assertRaises(
+ lib_exc.NotFound, self.alt_client.show_zone, uuid=zone['id'])
- LOG.info('Ensure the fetched response matches the created zone')
- self.assertExpected(zone, body, self.excluded_keys)
+ LOG.info('As Admin tenant show zone created by Primary tenant. '
+ 'Expected: 404 NotFound')
+ self.assertRaises(
+ lib_exc.NotFound, self.admin_client.show_zone, uuid=zone['id'])
+
+ LOG.info('As Alt tenant show zone created by Primary tenant using '
+ '"x-auth-sudo-project-id" HTTP header. '
+ 'Expected: 403 Forbidden')
+ self.assertRaises(
+ lib_exc.Forbidden, self.alt_client.show_zone, uuid=None,
+ headers={'x-auth-sudo-project-id': zone['project_id']})
+
+ LOG.info('As Admin user impersonate another project '
+ '(using "x-auth-sudo-project-id" HTTP header) to show '
+ 'a Primary tenant zone.')
+ body = self.admin_client.show_zone(
+ uuid=None, headers={
+ 'x-auth-sudo-project-id': zone['project_id']})[1]
+
+ LOG.info('Ensure the fetched response matches the impersonated'
+ ' project, it means the ID of a zone "A"')
+ self.assertExpected(zone, body['zones'][0], self.excluded_keys)
+
+ @decorators.idempotent_id('e1cf7104-8b06-11eb-a861-74e5f9e2a801')
+ def test_list_all_projects_zones(self):
+
+ LOG.info('Create zone "A" using Primary client')
+ primary_zone = self.client.create_zone()[1]
+ self.addCleanup(
+ self.wait_zone_delete, self.client, primary_zone['id'])
+ LOG.info('Wait till the zone is ACTIVE')
+ waiters.wait_for_zone_status(
+ self.client, primary_zone['id'], 'ACTIVE')
+
+ LOG.info('Create zone "B" using Alt client')
+ alt_zone = self.alt_client.create_zone()[1]
+ self.addCleanup(
+ self.wait_zone_delete, self.alt_client, alt_zone['id'])
+ LOG.info('Wait till the zone is ACTIVE')
+ waiters.wait_for_zone_status(
+ self.alt_client, alt_zone['id'], 'ACTIVE')
+
+ LOG.info('Create zone "C" using Admin client')
+ admin_zone = self.admin_client.create_zone()[1]
+ self.addCleanup(
+ self.wait_zone_delete, self.admin_client, admin_zone['id'])
+ LOG.info('Wait till the zone is ACTIVE')
+ waiters.wait_for_zone_status(
+ self.admin_client, admin_zone['id'], 'ACTIVE')
+
+ LOG.info('As admin user list all projects zones')
+ body = self.admin_client.list_zones(
+ headers={'x-auth-all-projects': True})[1]['zones']
+ listed_zone_ids = [item['id'] for item in body]
+
+ LOG.info('Ensure the fetched response includes all zone '
+ 'IDs created within the test')
+
+ for id in [primary_zone['id'], alt_zone['id'], admin_zone['id']]:
+ self.assertIn(
+ id, listed_zone_ids,
+ 'Failed, id:{} was not found in listed zones:{} '.format(
+ id, listed_zone_ids))
class ZoneOwnershipTest(BaseZonesTest):
@@ -201,3 +337,58 @@
LOG.info('Create a zone as an alt user with existing superdomain')
self.assertRaises(lib_exc.Forbidden,
self.alt_client.create_zone, name=zone_name)
+
+
+class ZonesNegativeTest(BaseZonesTest):
+ @classmethod
+ def setup_credentials(cls):
+ # Do not create network resources for these test.
+ cls.set_network_resources()
+ super(ZonesNegativeTest, cls).setup_credentials()
+
+ @classmethod
+ def setup_clients(cls):
+ super(ZonesNegativeTest, cls).setup_clients()
+ cls.client = cls.os_primary.zones_client
+
+ @decorators.idempotent_id('551853c0-8593-11eb-8c8a-74e5f9e2a801')
+ def test_no_valid_zone_name(self):
+ no_valid_names = ['a' * 1000, '___', '!^%&^#%^!@#', 'ggg', '.a', '']
+ for name in no_valid_names:
+ LOG.info('Trying to create a zone named: {} '.format(name))
+ self.assertRaisesDns(
+ lib_exc.BadRequest, 'invalid_object', 400,
+ self.client.create_zone, name=name)
+
+ @decorators.idempotent_id('551853c0-8593-11eb-8c8a-74e5f9e2a801')
+ def test_no_valid_email(self):
+ no_valid_emails = [
+ 'zahlabut#gmail.com', '123456', '___', '', '*&^*^%$']
+ for email in no_valid_emails:
+ LOG.info(
+ 'Trying to create a zone using: {} as email'
+ ' value: '.format(email))
+ self.assertRaisesDns(
+ lib_exc.BadRequest, 'invalid_object', 400,
+ self.client.create_zone, email=email)
+
+ @decorators.idempotent_id('551853c0-8593-11eb-8c8a-74e5f9e2a801')
+ def test_no_valid_ttl(self):
+ no_valid_tls = ['zahlabut', -60000,
+ 2147483647 + 10] # Max valid TTL is 2147483647
+
+ for ttl in no_valid_tls:
+ LOG.info(
+ 'Trying to create a zone using: {} as TTL'
+ ' value: '.format(ttl))
+ self.assertRaisesDns(
+ lib_exc.BadRequest, 'invalid_object', 400,
+ self.client.create_zone, ttl=ttl)
+
+ @decorators.idempotent_id('a3b0a928-a682-11eb-9899-74e5f9e2a801')
+ def test_huge_size_description(self):
+ LOG.info('Trying to create a zone using huge size description')
+ self.assertRaisesDns(
+ lib_exc.BadRequest, 'invalid_object', 400,
+ self.client.create_zone,
+ description=dns_data_utils.rand_zone_name() * 10000)
diff --git a/designate_tempest_plugin/tests/api/v2/test_zones_exports.py b/designate_tempest_plugin/tests/api/v2/test_zones_exports.py
index 13cd077..ef9ba6d 100644
--- a/designate_tempest_plugin/tests/api/v2/test_zones_exports.py
+++ b/designate_tempest_plugin/tests/api/v2/test_zones_exports.py
@@ -27,6 +27,8 @@
class ZonesExportTest(BaseZoneExportsTest):
+ credentials = ['primary', 'admin', 'alt']
+
@classmethod
def setup_credentials(cls):
# Do not create network resources for these test.
@@ -38,7 +40,10 @@
super(ZonesExportTest, cls).setup_clients()
cls.zone_client = cls.os_primary.zones_client
+ cls.alt_zone_client = cls.os_alt.zones_client
cls.client = cls.os_primary.zone_exports_client
+ cls.alt_client = cls.os_alt.zone_exports_client
+ cls.admin_client = cls.os_admin.zone_exports_client
@decorators.idempotent_id('2dd8a9a0-98a2-4bf6-bb51-286583b30f40')
def test_create_zone_export(self):
@@ -70,6 +75,29 @@
LOG.info('Ensure the fetched response matches the zone export')
self.assertExpected(zone_export, body, self.excluded_keys)
+ @decorators.idempotent_id('fb04507c-9600-11eb-b1cd-74e5f9e2a801')
+ def test_show_zone_export_impersonate_another_project(self):
+ LOG.info('Create a zone')
+ zone = self.zone_client.create_zone()[1]
+ self.addCleanup(self.wait_zone_delete, self.zone_client, zone['id'])
+
+ LOG.info('Create a zone export using primary client')
+ resp, zone_export = self.client.create_zone_export(zone['id'])
+ self.addCleanup(self.client.delete_zone_export, zone_export['id'])
+
+ LOG.info('Impersonate "primary" client, to show created zone exports')
+ body = self.admin_client.show_zone_export(uuid=None, headers={
+ 'x-auth-sudo-project-id': zone['project_id']})[1]['exports']
+ listed_export_ids = [item['id'] for item in body]
+
+ LOG.info('Ensure that the fetched response, contains the ID '
+ 'for a zone export created by primary client.')
+ self.assertIn(
+ zone_export['id'], listed_export_ids,
+ 'Failed, expected ID:{} was not found in listed export zones '
+ 'for a primary client: {}'.format(
+ zone_export['id'], listed_export_ids))
+
@decorators.idempotent_id('97234f00-8bcb-43f8-84dd-874f8bc4a80e')
def test_delete_zone_export(self):
LOG.info('Create a zone')
@@ -100,3 +128,138 @@
_, body = self.client.list_zone_exports()
self.assertGreater(len(body['exports']), 0)
+
+ @decorators.idempotent_id('f34e7f34-9613-11eb-b1cd-74e5f9e2a801')
+ def test_list_zone_exports_all_projects(self):
+ LOG.info('Create a primary zone and its export')
+ primary_zone = self.zone_client.create_zone()[1]
+ self.addCleanup(
+ self.wait_zone_delete, self.zone_client, primary_zone['id'])
+ primary_export = self.client.create_zone_export(primary_zone['id'])[1]
+ self.addCleanup(self.client.delete_zone_export, primary_export['id'])
+
+ LOG.info('Create an alt zone and its export')
+ alt_zone = self.alt_zone_client.create_zone()[1]
+ self.addCleanup(
+ self.wait_zone_delete, self.alt_zone_client, alt_zone['id'])
+ alt_export = self.alt_client.create_zone_export(alt_zone['id'])[1]
+ self.addCleanup(self.alt_client.delete_zone_export, alt_export['id'])
+
+ LOG.info('As admin user list zone exports for all projects')
+ listed_exports_ids = [
+ item['id'] for item in self.admin_client.list_zone_exports(
+ headers={'x-auth-all-projects': True})[1]['exports']]
+
+ LOG.info('Make sure that all previously created zone '
+ 'export IDs are listed')
+ for id in [primary_export['id'], alt_export['id']]:
+ self.assertIn(
+ id, listed_exports_ids,
+ 'Failed, expected ID:{} was not found in '
+ 'listed IDs:{}'.format(id, listed_exports_ids))
+
+ @decorators.idempotent_id('e4a11a14-9aaa-11eb-be59-74e5f9e2a801')
+ @decorators.skip_because(bug='1926058')
+ def test_list_zone_exports_filter_results(self):
+
+ LOG.info('Create a primary zone and its export')
+ primary_zone = self.zone_client.create_zone()[1]
+ self.addCleanup(
+ self.wait_zone_delete, self.zone_client, primary_zone['id'])
+ primary_export = self.client.create_zone_export(primary_zone['id'])[1]
+ self.addCleanup(self.client.delete_zone_export, primary_export['id'])
+
+ LOG.info('Create an alt zone, its export and delete it')
+ alt_zone = self.alt_zone_client.create_zone()[1]
+ self.addCleanup(
+ self.wait_zone_delete, self.alt_zone_client, alt_zone['id'])
+ alt_export = self.alt_client.create_zone_export(alt_zone['id'])[1]
+ self.alt_client.delete_zone_export(alt_export['id'])
+ LOG.info('Ensure the zone export has been successfully deleted')
+ self.assertRaises(lib_exc.NotFound,
+ lambda: self.alt_client.show_zone_export(alt_export['id']))
+
+ LOG.info('Filter out "export zones" in status:ZAHLABUT,'
+ ' expected: empty list')
+ self.assertEqual(
+ [], self.admin_client.list_zone_exports(
+ headers={'x-auth-all-projects': True},
+ params={'status': 'ZAHLABUT'})[1]['exports'],
+ 'Failed, filtered result is expected to be empty.')
+
+ LOG.info('Filter out "export zones" with message:ZABABUN,'
+ ' expected: empty list')
+ self.assertEqual(
+ [], self.admin_client.list_zone_exports(
+ headers={'x-auth-all-projects': True},
+ params={'message': 'ZABABUN'})[1]['exports'],
+ 'Failed, filtered result is expected to be empty.')
+
+ LOG.info('Filter out "export zones" that have been created for '
+ 'a primary zone. Expected: single zone export is listed')
+ self.assertEqual(
+ 1, len(self.admin_client.list_zone_exports(
+ headers={'x-auth-all-projects': True},
+ params={'zone_id': primary_zone['id']})[1]['exports']),
+ 'Failed, filtered result should contain a single zone '
+ '(primary zone export)')
+
+ LOG.info('Filter out "export zones" that have been created for '
+ 'an alt zone expected: empty list (it was deleted)')
+ self.assertEqual(
+ [], self.admin_client.list_zone_exports(
+ headers={'x-auth-all-projects': True},
+ params={'zone_id': primary_zone['id']})[1]['exports'],
+ 'Failed, filtered result should contain a single zone '
+ '(primary zone export)')
+
+
+class ZonesExportTestNegative(BaseZoneExportsTest):
+ credentials = ['primary', 'alt']
+
+ @classmethod
+ def setup_credentials(cls):
+ # Do not create network resources for these test.
+ cls.set_network_resources()
+ super(ZonesExportTestNegative, cls).setup_credentials()
+
+ @classmethod
+ def setup_clients(cls):
+ super(ZonesExportTestNegative, cls).setup_clients()
+
+ cls.zone_client = cls.os_primary.zones_client
+ cls.client = cls.os_primary.zone_exports_client
+ cls.alt_client = cls.os_alt.zone_exports_client
+
+ @decorators.idempotent_id('76ab8ec4-95fd-11eb-b1cd-74e5f9e2a801')
+ def test_create_zone_export_using_invalid_zone_id(self):
+ self.assertRaises(
+ lib_exc.NotFound, self.client.create_zone_export,
+ 'e35bc796-9841-11eb-898b-74e5f9e2a801')
+
+ @decorators.idempotent_id('943dad4a-9617-11eb-b1cd-74e5f9e2a801')
+ def test_export_not_your_zone(self):
+ LOG.info('Create a primary zone.')
+ primary_zone = self.zone_client.create_zone()[1]
+ self.addCleanup(
+ self.wait_zone_delete, self.zone_client, primary_zone['id'])
+
+ LOG.info('Make sure that "404 NotFound" status code is raised.')
+ self.assertRaises(
+ lib_exc.NotFound, self.alt_client.create_zone_export,
+ primary_zone['id'])
+
+ @decorators.idempotent_id('518dc308-9604-11eb-b1cd-74e5f9e2a801')
+ def test_create_zone_export_using_deleted_zone(self):
+ LOG.info('Create a zone')
+ zone = self.zone_client.create_zone()[1]
+ self.addCleanup(self.wait_zone_delete, self.zone_client, zone['id'],
+ ignore_errors=lib_exc.NotFound)
+
+ LOG.info("Delete the zone and wait till it's done.")
+ self.zone_client.delete_zone(zone['id'])[1]
+ self.wait_zone_delete(self.zone_client, zone['id'])
+
+ LOG.info('Ensure we respond with NotFound exception')
+ self.assertRaises(
+ lib_exc.NotFound, self.client.create_zone_export, zone['id'])
diff --git a/designate_tempest_plugin/tests/api/v2/test_zones_imports.py b/designate_tempest_plugin/tests/api/v2/test_zones_imports.py
index dcbcd13..950e021 100644
--- a/designate_tempest_plugin/tests/api/v2/test_zones_imports.py
+++ b/designate_tempest_plugin/tests/api/v2/test_zones_imports.py
@@ -16,8 +16,10 @@
from tempest.lib import decorators
from tempest.lib import exceptions as lib_exc
+from designate_tempest_plugin.common import constants as const
from designate_tempest_plugin.common import waiters
from designate_tempest_plugin.tests import base
+from designate_tempest_plugin import data_utils as dns_data_utils
LOG = logging.getLogger(__name__)
@@ -28,6 +30,8 @@
class ZonesImportTest(BaseZonesImportTest):
+ credentials = ['primary', 'admin', 'alt']
+
@classmethod
def setup_credentials(cls):
# Do not create network resources for these test.
@@ -39,14 +43,19 @@
super(ZonesImportTest, cls).setup_clients()
cls.client = cls.os_primary.zone_imports_client
+ cls.alt_client = cls.os_alt.zone_imports_client
+ cls.admin_client = cls.os_admin.zone_imports_client
cls.zone_client = cls.os_primary.zones_client
def clean_up_resources(self, zone_import_id):
- waiters.wait_for_zone_import_status(self.client, zone_import_id,
- "COMPLETE")
- _, zone_import = self.client.show_zone_import(zone_import_id)
- self.client.delete_zone_import(zone_import['id'])
- self.wait_zone_delete(self.zone_client, zone_import['zone_id'])
+ zone_import = self.client.show_zone_import(zone_import_id)[1]
+ if zone_import['zone_id']: # A zone was actually created.
+ waiters.wait_for_zone_import_status(
+ self.client, zone_import_id, const.COMPLETE)
+ self.client.delete_zone_import(zone_import['id'])
+ self.wait_zone_delete(self.zone_client, zone_import['zone_id'])
+ else: # Import has failed and zone wasn't created.
+ self.client.delete_zone_import(zone_import['id'])
@decorators.idempotent_id('2e2d907d-0609-405b-9c96-3cb2b87e3dce')
def test_create_zone_import(self):
@@ -55,7 +64,25 @@
self.addCleanup(self.clean_up_resources, zone_import['id'])
LOG.info('Ensure we respond with PENDING')
- self.assertEqual('PENDING', zone_import['status'])
+ self.assertEqual(const.PENDING, zone_import['status'])
+
+ @decorators.idempotent_id('31eaf25a-9532-11eb-a55d-74e5f9e2a801')
+ def test_create_zone_import_invalid_ttl(self):
+ LOG.info('Try to create a zone import using invalid TTL value')
+ zone_import = self.client.create_zone_import(
+ zonefile_data=dns_data_utils.rand_zonefile_data(ttl='zahlabut'))[1]
+ self.addCleanup(self.clean_up_resources, zone_import['id'])
+ waiters.wait_for_zone_import_status(
+ self.client, zone_import['id'], "ERROR")
+
+ @decorators.idempotent_id('31eaf25a-9532-11eb-a55d-74e5f9e2a801')
+ def test_create_zone_import_invalid_name(self):
+ LOG.info('Try to create a zone import using invalid name')
+ zone_import = self.client.create_zone_import(
+ zonefile_data=dns_data_utils.rand_zonefile_data(name='@@@'))[1]
+ self.addCleanup(self.clean_up_resources, zone_import['id'])
+ waiters.wait_for_zone_import_status(
+ self.client, zone_import['id'], "ERROR")
@decorators.attr(type='smoke')
@decorators.idempotent_id('c8909558-0dc6-478a-9e91-eb97b52e59e0')
@@ -75,7 +102,7 @@
LOG.info('Create a zone import')
_, zone_import = self.client.create_zone_import()
waiters.wait_for_zone_import_status(self.client, zone_import['id'],
- "COMPLETE")
+ const.COMPLETE)
_, zone_import = self.client.show_zone_import(zone_import['id'])
self.addCleanup(self.wait_zone_delete,
self.zone_client,
@@ -98,3 +125,78 @@
_, body = self.client.list_zone_imports()
self.assertGreater(len(body['imports']), 0)
+
+ @decorators.idempotent_id('2c1fa20e-9554-11eb-a55d-74e5f9e2a801')
+ def test_show_import_impersonate_another_project(self):
+
+ LOG.info('Import zone "A" using primary client')
+ zone_import = self.client.create_zone_import()[1]
+ self.addCleanup(self.clean_up_resources, zone_import['id'])
+
+ LOG.info('Ensure we respond with PENDING')
+ self.assertEqual(const.PENDING, zone_import['status'])
+
+ LOG.info('Show a zone import for a Primary tenant, using Alt tenant. '
+ 'Expected:404 NotFound')
+ self.assertRaises(lib_exc.NotFound,
+ lambda: self.alt_client.show_zone_import(
+ zone_import['id']))
+
+ LOG.info('Show a zone import for a Primary tenant using Alt tenant '
+ 'and "x-auth-sudo-project-id" HTTP header. '
+ 'Expected:403 Forbidden')
+ self.assertRaises(
+ lib_exc.Forbidden,
+ lambda: self.alt_client.show_zone_import(
+ zone_import['id'],
+ headers={'x-auth-sudo-project-id': zone_import[
+ 'project_id']}))
+
+ LOG.info('Show a zone import for a Primary tenant, using Admin '
+ 'tenant and "x-auth-sudo-project-id" HTTP header.')
+ resp_body = self.admin_client.show_zone_import(uuid=None, headers={
+ 'x-auth-sudo-project-id': zone_import['project_id']})[1]
+
+ LOG.info('Show a zone import for a Primary tenant, using Admin '
+ 'tenant without "x-auth-sudo-project-id" HTTP header. '
+ 'Expected:404 NotFound')
+ self.assertRaises(
+ lib_exc.NotFound, lambda: self.admin_client.show_zone_import(
+ zone_import['id']))
+
+ LOG.info('Ensure that the shown response matches the expected one')
+ self.assertExpected(
+ zone_import, resp_body['imports'][0], self.excluded_keys)
+
+ @decorators.idempotent_id('7bd06ec6-9556-11eb-a55d-74e5f9e2a801')
+ def test_list_import_zones_all_projects(self):
+ LOG.info('Create import zone "A" using primary client')
+ zone_import = self.client.create_zone_import()[1]
+ self.addCleanup(self.clean_up_resources, zone_import['id'])
+
+ LOG.info('As Alt user list import zones for a Primary tenant, '
+ 'using "x-auth-sudo-project-id" HTTP header. '
+ 'Expected: 403 Forbidden')
+ self.assertRaises(
+ lib_exc.Forbidden, lambda: self.alt_client.list_zone_imports(
+ headers={
+ 'x-auth-sudo-project-id': zone_import['project_id']}))
+
+ LOG.info('As Alt tenant list zone imports for all projects, using '
+ '"x-auth-all-projects" HTTP header, Expected: 403 Forbidden')
+ self.assertRaises(
+ lib_exc.Forbidden, lambda: self.alt_client.list_zone_imports(
+ headers={'x-auth-all-projects': True}))
+
+ LOG.info('As Admin tenant list import zones for all projects')
+ body = self.admin_client.list_zone_imports(headers={
+ 'x-auth-all-projects': True})[1]['imports']
+
+ LOG.info('Ensure the fetched response includes previously '
+ 'created import ID')
+ listed_zone_import_ids = [item['id'] for item in body]
+ self.assertIn(
+ zone_import['id'], listed_zone_import_ids,
+ "Failed, expected import ID:{} wasn't found in "
+ "listed import IDs".format(
+ zone_import['id'], listed_zone_import_ids))
diff --git a/designate_tempest_plugin/tests/scenario/v2/test_zones_transfer.py b/designate_tempest_plugin/tests/scenario/v2/test_zones_transfer.py
index c12bd96..88e9c8f 100644
--- a/designate_tempest_plugin/tests/scenario/v2/test_zones_transfer.py
+++ b/designate_tempest_plugin/tests/scenario/v2/test_zones_transfer.py
@@ -16,22 +16,25 @@
from tempest.lib import exceptions as lib_exc
from designate_tempest_plugin.tests import base
+from designate_tempest_plugin import data_utils as dns_data_utils
LOG = logging.getLogger(__name__)
class ZonesTransferTest(base.BaseDnsV2Test):
- credentials = ['primary', 'alt']
+ credentials = ['primary', 'alt', 'admin']
@classmethod
def setup_clients(cls):
super(ZonesTransferTest, cls).setup_clients()
cls.zones_client = cls.os_primary.zones_client
cls.alt_zones_client = cls.os_alt.zones_client
+ cls.admin_zones_client = cls.os_admin.zones_client
cls.request_client = cls.os_primary.transfer_request_client
cls.alt_request_client = cls.os_alt.transfer_request_client
cls.accept_client = cls.os_primary.transfer_accept_client
cls.alt_accept_client = cls.os_alt.transfer_accept_client
+ cls.admin_accept_client = cls.os_admin.transfer_accept_client
@decorators.idempotent_id('60bd80ac-c979-4686-9a03-f2f775f272ab')
def test_zone_transfer(self):
@@ -63,3 +66,43 @@
LOG.info('Ensure 404 when fetching the zone as primary tenant')
self.assertRaises(lib_exc.NotFound,
lambda: self.zones_client.show_zone(zone['id']))
+
+ LOG.info('Accept the request as admin tenant, should fail '
+ 'with: "invalid_zone_transfer_request"')
+ with self.assertRaisesDns(
+ lib_exc.BadRequest, 'invalid_zone_transfer_request', 400):
+ self.admin_accept_client.create_transfer_accept(accept_data)
+
+ @decorators.idempotent_id('5855b772-a036-11eb-9973-74e5f9e2a801')
+ def test_zone_transfer_target_project(self):
+ LOG.info('Create a zone as "primary" tenant')
+ zone = self.zones_client.create_zone()[1]
+
+ LOG.info('Create transfer_request with target project set to '
+ '"Admin" tenant')
+ transfer_request_data = dns_data_utils.rand_transfer_request_data(
+ target_project_id=self.os_admin.credentials.project_id)
+ transfer_request = self.request_client.create_transfer_request(
+ zone['id'], transfer_request_data)[1]
+ self.addCleanup(self.request_client.delete_transfer_request,
+ transfer_request['id'])
+ LOG.info('Ensure we respond with ACTIVE status')
+ self.assertEqual('ACTIVE', transfer_request['status'])
+
+ LOG.info('Accept the request as "alt" tenant, Expected: should fail '
+ 'as "admin" was set as a target project.')
+ accept_data = {
+ "key": transfer_request['key'],
+ "zone_transfer_request_id": transfer_request['id']
+ }
+ self.assertRaises(
+ lib_exc.Forbidden, self.alt_accept_client.create_transfer_accept,
+ transfer_accept_data=accept_data)
+
+ LOG.info('Accept the request as "Admin" tenant, Expected: should work')
+ self.admin_accept_client.create_transfer_accept(accept_data)
+ LOG.info('Fetch the zone as "Admin" tenant')
+ admin_zone = self.admin_zones_client.show_zone(zone['id'])[1]
+ self.addCleanup(self.wait_zone_delete,
+ self.admin_zones_client,
+ admin_zone['id'])