Merge "New API test - test_list_service_statuses"
diff --git a/designate_tempest_plugin/services/dns/v2/json/recordset_client.py b/designate_tempest_plugin/services/dns/v2/json/recordset_client.py
index 1cf281c..19f58d3 100644
--- a/designate_tempest_plugin/services/dns/v2/json/recordset_client.py
+++ b/designate_tempest_plugin/services/dns/v2/json/recordset_client.py
@@ -150,3 +150,14 @@
"""
return self._list_request(
'recordsets', params=params)
+
+ @base.handle_errors
+ def list_owned_recordsets(self, params=None, headers=None):
+ """Lists recordsets for all projects in Designate.
+ :param params: A Python dict that represents the query paramaters to
+ include in the request URI.
+ :param headers: (dict): The headers to use for the request.
+ :return: Serialized recordset as a list.
+ """
+ return self._list_request(
+ 'recordsets', params=params, headers=headers)[1]['recordsets']
diff --git a/designate_tempest_plugin/services/dns/v2/json/transfer_request_client.py b/designate_tempest_plugin/services/dns/v2/json/transfer_request_client.py
index f494cde..9523175 100644
--- a/designate_tempest_plugin/services/dns/v2/json/transfer_request_client.py
+++ b/designate_tempest_plugin/services/dns/v2/json/transfer_request_client.py
@@ -60,26 +60,30 @@
return resp, body
@base.handle_errors
- def show_transfer_request(self, uuid, params=None):
+ def show_transfer_request(self, uuid, params=None, headers=None):
"""Gets a specific transfer_requestsed zone.
:param uuid: Unique identifier of the transfer_requestsed zone in
UUID format.
:param params: A Python dict that represents the query paramaters to
include in the request URI.
+
+ :param headers (dict): The headers to use for the request.
:return: Serialized transfer_requestsed zone as a dictionary.
"""
return self._show_request(
- 'zones/tasks/transfer_requests', uuid, params=params)
+ 'zones/tasks/transfer_requests', uuid,
+ params=params, headers=headers)
@base.handle_errors
- def list_transfer_requests(self, params=None):
+ def list_transfer_requests(self, params=None, headers=None):
"""Gets all the transfer_requestsed zones
:param params: A Python dict that represents the query paramaters to
include in the request URI.
+ :param headers (dict): The headers to use for the request.
:return: Serialized transfer_requestsed zone as a list.
"""
return self._list_request(
- 'zones/tasks/transfer_requests', params=params)
+ 'zones/tasks/transfer_requests', params=params, headers=headers)
@base.handle_errors
def delete_transfer_request(self, uuid, params=None):
diff --git a/designate_tempest_plugin/services/dns/v2/json/zones_client.py b/designate_tempest_plugin/services/dns/v2/json/zones_client.py
index ac360e6..60e669a 100644
--- a/designate_tempest_plugin/services/dns/v2/json/zones_client.py
+++ b/designate_tempest_plugin/services/dns/v2/json/zones_client.py
@@ -23,7 +23,7 @@
@base.handle_errors
def create_zone(self, name=None, email=None, ttl=None, description=None,
- wait_until=False, params=None):
+ attributes=None, wait_until=False, params=None):
"""Create a zone with the specified parameters.
:param name: The name of the zone.
@@ -34,6 +34,10 @@
Default: Random Value
:param description: A description of the zone.
Default: Random Value
+ :param attributes: Key:Value pairs of information about this zone,
+ and the pool the user would like to place the zone in.
+ This information can be used by the scheduler to place
+ zones on the correct pool.
:param wait_until: Block until the zone reaches the desiered status
:param params: A Python dict that represents the query paramaters to
include in the request URI.
@@ -44,6 +48,8 @@
'email': email or dns_data_utils.rand_email(),
'ttl': ttl or dns_data_utils.rand_ttl(),
'description': description or data_utils.rand_name('test-zone'),
+ 'attributes': attributes or {
+ 'attribute_key': data_utils.rand_name('attribute_value')}
}
resp, body = self._create_request('zones', zone, params=params)
diff --git a/designate_tempest_plugin/tests/api/v2/test_recordset.py b/designate_tempest_plugin/tests/api/v2/test_recordset.py
index aadb823..a0e24a8 100644
--- a/designate_tempest_plugin/tests/api/v2/test_recordset.py
+++ b/designate_tempest_plugin/tests/api/v2/test_recordset.py
@@ -19,6 +19,7 @@
import ddt
from designate_tempest_plugin.tests import base
+from designate_tempest_plugin.common import waiters
from designate_tempest_plugin import data_utils
LOG = logging.getLogger(__name__)
@@ -407,7 +408,7 @@
class RecordsetOwnershipTest(BaseRecordsetsTest):
- credentials = ['primary', 'alt']
+ credentials = ['primary', 'alt', 'admin']
@classmethod
def setup_credentials(cls):
@@ -421,8 +422,69 @@
cls.client = cls.os_primary.recordset_client
cls.zone_client = cls.os_primary.zones_client
- cls.alt_zone_client = cls.os_alt.zones_client
cls.alt_client = cls.os_alt.recordset_client
+ cls.alt_zone_client = cls.os_alt.zones_client
+ cls.admin_client = cls.os_admin.recordset_client
+
+ def _create_client_recordset(self, clients_list=None):
+ """Create a zone and asoociated recordset using given credentials
+
+ :param clients_list: supported credentials are: 'primary' and 'alt'.
+ :return: dictionary of created recordsets.
+ """
+ recordsets_created = {}
+ for client in clients_list:
+ if client == 'primary':
+ # Create a zone and wait till it's ACTIVE
+ zone = self.zone_client.create_zone()[1]
+ self.addCleanup(self.wait_zone_delete,
+ self.zone_client,
+ zone['id'])
+ waiters.wait_for_zone_status(
+ self.zone_client, zone['id'], 'ACTIVE')
+
+ # Create a recordset and wait till it's ACTIVE
+ recordset_data = data_utils.rand_recordset_data(
+ record_type='A', zone_name=zone['name'])
+ resp, body = self.client.create_recordset(
+ zone['id'], recordset_data)
+ self.assertEqual('PENDING', body['status'],
+ 'Failed, expected status is PENDING')
+ LOG.info('Wait until the recordset is active')
+ waiters.wait_for_recordset_status(
+ self.client, zone['id'],
+ body['id'], 'ACTIVE')
+
+ # Add "project_id" into the recordset_data
+ recordset_data['project_id'] = zone['project_id']
+ recordsets_created['primary'] = recordset_data
+
+ if client == 'alt':
+ # Create a zone and wait till it's ACTIVE
+ alt_zone = self.alt_zone_client.create_zone()[1]
+ self.addCleanup(self.wait_zone_delete,
+ self.alt_zone_client,
+ alt_zone['id'])
+ waiters.wait_for_zone_status(
+ self.alt_zone_client, alt_zone['id'], 'ACTIVE')
+
+ # Create a recordset and wait till it's ACTIVE
+ recordset_data = data_utils.rand_recordset_data(
+ record_type='A', zone_name=alt_zone['name'])
+ resp, body = self.alt_client.create_recordset(
+ alt_zone['id'], recordset_data)
+ self.assertEqual('PENDING', body['status'],
+ 'Failed, expected status is PENDING')
+ LOG.info('Wait until the recordset is active')
+ waiters.wait_for_recordset_status(
+ self.alt_client, alt_zone['id'],
+ body['id'], 'ACTIVE')
+
+ # Add "project_id" into the recordset_data
+ recordset_data['project_id'] = alt_zone['project_id']
+ recordsets_created['alt'] = recordset_data
+
+ return recordsets_created
@decorators.idempotent_id('9c0f58ad-1b31-4899-b184-5380720604e5')
def test_no_create_recordset_by_alt_tenant(self):
@@ -483,3 +545,56 @@
recordset_data
)
)
+
+ @decorators.idempotent_id('4d0ff972-7c19-11eb-b331-74e5f9e2a801')
+ def test_list_all_recordsets_for_project(self):
+ # Create recordsets using "primary" and "alt" credentials.
+ # Execute "list_owned_recordsets" API to list "primary" recordsets.
+ # Validate that the only "project_id" retrieved within the API is
+ # a "primary" project.
+ primary_project_id = self._create_client_recordset(
+ ['primary', 'alt'])['primary']['project_id']
+ recordsets = self.client.list_owned_recordsets()
+ LOG.info('Received by API recordsets are {} '.format(recordsets))
+ project_ids_api = set([item['project_id'] for item in recordsets])
+ self.assertEqual(
+ {primary_project_id}, project_ids_api,
+ 'Failed, unique project_ids {} are not as expected {}'.format(
+ project_ids_api, primary_project_id))
+
+ @decorators.idempotent_id('bc0af248-7b4f-11eb-98a5-74e5f9e2a801')
+ def test_list_all_projects_recordsets(self):
+ # Create recordsets using "primary" and "alt" credentials.
+ # Execute "list_owned_recordsets" API using admin client to list
+ # recordsets for all projects.
+ # Validate that project_ids of: "primary" and "alt" projects
+ # are both listed in received API response.
+ project_ids_used = [
+ item['project_id'] for item in self._create_client_recordset(
+ ['primary', 'alt']).values()]
+ recordsets = self.admin_client.list_owned_recordsets(
+ headers={'x-auth-all-projects': True})
+ LOG.info('Received by API recordsets are {} '.format(recordsets))
+ project_ids_api = set([item['project_id'] for item in recordsets])
+ for prj_id in project_ids_used:
+ self.assertIn(
+ prj_id, project_ids_api,
+ 'Failed, project_id:{} is missing in received recordsets'
+ ' for all projects {} '.format(prj_id, project_ids_api))
+
+ @decorators.idempotent_id('910eb17e-7c3a-11eb-a40b-74e5f9e2a801')
+ def test_list_recordsets_impersonate_project(self):
+ # Create recordsets using "primary" and "alt" credentials.
+ # Use admin client to impersonate "primary" project.
+ # Validate that received recordsets are all associated with
+ # expected("primary") project only.
+ primary_project_id = self._create_client_recordset(
+ ['primary', 'alt'])['primary']['project_id']
+ recordsets = self.admin_client.list_owned_recordsets(
+ headers={'x-auth-sudo-project-id': primary_project_id})
+ LOG.info('Received by API recordsets are {} '.format(recordsets))
+ project_ids_api = set([item['project_id'] for item in recordsets])
+ self.assertEqual(
+ {primary_project_id}, project_ids_api,
+ 'Failed, unique project_ids {} are not as expected {}'.format(
+ project_ids_api, primary_project_id))
diff --git a/designate_tempest_plugin/tests/api/v2/test_transfer_request.py b/designate_tempest_plugin/tests/api/v2/test_transfer_request.py
index bae2510..666fd79 100644
--- a/designate_tempest_plugin/tests/api/v2/test_transfer_request.py
+++ b/designate_tempest_plugin/tests/api/v2/test_transfer_request.py
@@ -27,7 +27,7 @@
class TransferRequestTest(BaseTransferRequestTest):
- credentials = ['primary', 'alt']
+ credentials = ['primary', 'alt', 'admin']
@classmethod
def setup_credentials(cls):
@@ -40,8 +40,10 @@
super(TransferRequestTest, cls).setup_clients()
cls.zone_client = cls.os_primary.zones_client
+ cls.alt_zone_client = cls.os_alt.zones_client
cls.client = cls.os_primary.transfer_request_client
cls.alt_client = cls.os_alt.transfer_request_client
+ cls.admin_client = cls.os_admin.transfer_request_client
@decorators.idempotent_id('2381d489-ad84-403d-b0a2-8b77e4e966bf')
def test_create_transfer_request(self):
@@ -107,6 +109,34 @@
'created transfer_request')
self.assertExpected(transfer_request, body, self.excluded_keys)
+ @decorators.idempotent_id('5bed4582-9cfb-11eb-a160-74e5f9e2a801')
+ @decorators.skip_because(bug="1926572")
+ def test_show_transfer_request_impersonate_another_project(self):
+ LOG.info('Create a zone')
+ zone = self.zone_client.create_zone()[1]
+ self.addCleanup(self.wait_zone_delete, self.zone_client, zone['id'])
+
+ LOG.info('Create a zone transfer_request')
+ transfer_request = self.client.create_transfer_request(zone['id'])[1]
+ self.addCleanup(self.client.delete_transfer_request,
+ transfer_request['id'])
+
+ LOG.info('As Admin tenant fetch the transfer_request without using '
+ '"x-auth-sudo-project-id" HTTP header. Expected: 404')
+ self.assertRaises(lib_exc.NotFound,
+ lambda: self.admin_client.show_transfer_request(
+ transfer_request['id']))
+
+ LOG.info('As Admin tenant fetch the transfer_request using '
+ '"x-auth-sudo-project-id" HTTP header.')
+ body = self.admin_client.show_transfer_request(
+ transfer_request['id'],
+ headers={'x-auth-sudo-project-id': zone['project_id']})[1]
+
+ LOG.info('Ensure the fetched response matches the '
+ 'created transfer_request')
+ self.assertExpected(transfer_request, body, self.excluded_keys)
+
@decorators.idempotent_id('235ded87-0c47-430b-8cad-4f3194b927a6')
def test_show_transfer_request_as_target(self):
# Checks the target of a scoped transfer request can see
@@ -166,6 +196,48 @@
self.assertGreater(len(body['transfer_requests']), 0)
+ @decorators.idempotent_id('db985892-9d02-11eb-a160-74e5f9e2a801')
+ def test_list_transfer_requests_all_projects(self):
+ LOG.info('Create a Primary zone')
+ primary_zone = self.zone_client.create_zone()[1]
+ self.addCleanup(self.wait_zone_delete,
+ self.zone_client, primary_zone['id'])
+
+ LOG.info('Create an Alt zone')
+ alt_zone = self.alt_zone_client.create_zone()[1]
+ self.addCleanup(self.wait_zone_delete,
+ self.alt_zone_client, alt_zone['id'])
+
+ LOG.info('Create a zone transfer_request using Primary client')
+ primary_transfer_request = self.client.create_transfer_request(
+ primary_zone['id'])[1]
+ self.addCleanup(self.client.delete_transfer_request,
+ primary_transfer_request['id'])
+
+ LOG.info('Create a zone transfer_request using Alt client')
+ alt_transfer_request = self.alt_client.create_transfer_request(
+ alt_zone['id'])[1]
+ self.addCleanup(self.alt_client.delete_transfer_request,
+ alt_transfer_request['id'])
+
+ LOG.info('List transfer_requests for all projects using Admin tenant '
+ 'without "x-auth-all-projects" HTTP header. '
+ 'Expected: empty list')
+ self.assertEqual([], self.admin_client.list_transfer_requests()[1][
+ 'transfer_requests'], 'Failed, requests list is not empty')
+
+ LOG.info('List transfer_requests for all projects using Admin tenant '
+ 'and "x-auth-all-projects" HTTP header.')
+ request_ids = [
+ item['id'] for item in self.admin_client.list_transfer_requests(
+ headers={'x-auth-all-projects': True})[1]['transfer_requests']]
+
+ for request_id in [primary_transfer_request['id'],
+ alt_transfer_request['id']]:
+ self.assertIn(request_id, request_ids,
+ "Failed, transfer request ID:{} wasn't found in "
+ "listed IDs{}".format(request_id, request_ids))
+
@decorators.idempotent_id('de5e9d32-c723-4518-84e5-58da9722cc13')
def test_update_transfer_request(self):
LOG.info('Create a zone')
diff --git a/designate_tempest_plugin/tests/api/v2/test_zones.py b/designate_tempest_plugin/tests/api/v2/test_zones.py
index ee31b9b..83ec020 100644
--- a/designate_tempest_plugin/tests/api/v2/test_zones.py
+++ b/designate_tempest_plugin/tests/api/v2/test_zones.py
@@ -11,6 +11,7 @@
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
+import uuid
from oslo_log import log as logging
from tempest.lib import decorators
from tempest.lib import exceptions as lib_exc
@@ -62,6 +63,18 @@
LOG.info('Ensure the fetched response matches the created zone')
self.assertExpected(zone, body, self.excluded_keys)
+ @decorators.idempotent_id('49268b24-92de-11eb-9d02-74e5f9e2a801')
+ def test_show_not_existing_zone(self):
+ LOG.info('Fetch non existing zone')
+ self.assertRaises(lib_exc.NotFound,
+ lambda: self.client.show_zone(uuid.uuid1()))
+
+ @decorators.idempotent_id('736e3b50-92e0-11eb-9d02-74e5f9e2a801')
+ def test_use_invalid_id_to_show_zone(self):
+ LOG.info('Fetch the zone using invalid zone ID')
+ with self.assertRaisesDns(lib_exc.BadRequest, 'invalid_uuid', 400):
+ self.client.show_zone(uuid='zahlabut')
+
@decorators.attr(type='smoke')
@decorators.idempotent_id('a4791906-6cd6-4d27-9f15-32273db8bb3d')
def test_delete_zone(self):
@@ -77,6 +90,12 @@
self.assertEqual('DELETE', body['action'])
self.assertEqual('PENDING', body['status'])
+ @decorators.idempotent_id('79921370-92e1-11eb-9d02-74e5f9e2a801')
+ def test_delete_non_existing_zone(self):
+ LOG.info('Delete non existing zone')
+ self.assertRaises(lib_exc.NotFound,
+ lambda: self.client.delete_zone(uuid.uuid1()))
+
@decorators.idempotent_id('5bfa3cfe-5bc8-443b-bf48-cfba44cbb247')
def test_list_zones(self):
LOG.info('Create a zone')
@@ -110,6 +129,13 @@
LOG.info('Ensure we respond with updated values')
self.assertEqual(description, zone['description'])
+ @decorators.idempotent_id('e391e30a-92e0-11eb-9d02-74e5f9e2a801')
+ def test_update_non_existing_zone(self):
+ LOG.info('Update non existing zone')
+ self.assertRaises(lib_exc.NotFound,
+ lambda: self.client.update_zone(
+ uuid.uuid1(), description=data_utils.rand_name()))
+
@decorators.idempotent_id('925192f2-0ed8-4591-8fe7-a9fa028f90a0')
def test_list_zones_dot_json_fails(self):
uri = self.client.get_uri('zones.json')
diff --git a/designate_tempest_plugin/tests/scenario/v2/test_zones_transfer.py b/designate_tempest_plugin/tests/scenario/v2/test_zones_transfer.py
index c12bd96..88e9c8f 100644
--- a/designate_tempest_plugin/tests/scenario/v2/test_zones_transfer.py
+++ b/designate_tempest_plugin/tests/scenario/v2/test_zones_transfer.py
@@ -16,22 +16,25 @@
from tempest.lib import exceptions as lib_exc
from designate_tempest_plugin.tests import base
+from designate_tempest_plugin import data_utils as dns_data_utils
LOG = logging.getLogger(__name__)
class ZonesTransferTest(base.BaseDnsV2Test):
- credentials = ['primary', 'alt']
+ credentials = ['primary', 'alt', 'admin']
@classmethod
def setup_clients(cls):
super(ZonesTransferTest, cls).setup_clients()
cls.zones_client = cls.os_primary.zones_client
cls.alt_zones_client = cls.os_alt.zones_client
+ cls.admin_zones_client = cls.os_admin.zones_client
cls.request_client = cls.os_primary.transfer_request_client
cls.alt_request_client = cls.os_alt.transfer_request_client
cls.accept_client = cls.os_primary.transfer_accept_client
cls.alt_accept_client = cls.os_alt.transfer_accept_client
+ cls.admin_accept_client = cls.os_admin.transfer_accept_client
@decorators.idempotent_id('60bd80ac-c979-4686-9a03-f2f775f272ab')
def test_zone_transfer(self):
@@ -63,3 +66,43 @@
LOG.info('Ensure 404 when fetching the zone as primary tenant')
self.assertRaises(lib_exc.NotFound,
lambda: self.zones_client.show_zone(zone['id']))
+
+ LOG.info('Accept the request as admin tenant, should fail '
+ 'with: "invalid_zone_transfer_request"')
+ with self.assertRaisesDns(
+ lib_exc.BadRequest, 'invalid_zone_transfer_request', 400):
+ self.admin_accept_client.create_transfer_accept(accept_data)
+
+ @decorators.idempotent_id('5855b772-a036-11eb-9973-74e5f9e2a801')
+ def test_zone_transfer_target_project(self):
+ LOG.info('Create a zone as "primary" tenant')
+ zone = self.zones_client.create_zone()[1]
+
+ LOG.info('Create transfer_request with target project set to '
+ '"Admin" tenant')
+ transfer_request_data = dns_data_utils.rand_transfer_request_data(
+ target_project_id=self.os_admin.credentials.project_id)
+ transfer_request = self.request_client.create_transfer_request(
+ zone['id'], transfer_request_data)[1]
+ self.addCleanup(self.request_client.delete_transfer_request,
+ transfer_request['id'])
+ LOG.info('Ensure we respond with ACTIVE status')
+ self.assertEqual('ACTIVE', transfer_request['status'])
+
+ LOG.info('Accept the request as "alt" tenant, Expected: should fail '
+ 'as "admin" was set as a target project.')
+ accept_data = {
+ "key": transfer_request['key'],
+ "zone_transfer_request_id": transfer_request['id']
+ }
+ self.assertRaises(
+ lib_exc.Forbidden, self.alt_accept_client.create_transfer_accept,
+ transfer_accept_data=accept_data)
+
+ LOG.info('Accept the request as "Admin" tenant, Expected: should work')
+ self.admin_accept_client.create_transfer_accept(accept_data)
+ LOG.info('Fetch the zone as "Admin" tenant')
+ admin_zone = self.admin_zones_client.show_zone(zone['id'])[1]
+ self.addCleanup(self.wait_zone_delete,
+ self.admin_zones_client,
+ admin_zone['id'])