Merge "Deprecate option for old api_export_size bug"
diff --git a/designate_tempest_plugin/config.py b/designate_tempest_plugin/config.py
index 69be727..3d23b28 100644
--- a/designate_tempest_plugin/config.py
+++ b/designate_tempest_plugin/config.py
@@ -65,7 +65,7 @@
default=True,
help="Is the v2 dns API enabled."),
cfg.BoolOpt('api_admin',
- default=True,
+ default=False,
help="Is the admin dns API enabled."),
cfg.BoolOpt('api_v2_root_recordsets',
default=False,
diff --git a/designate_tempest_plugin/services/dns/v2/json/recordset_client.py b/designate_tempest_plugin/services/dns/v2/json/recordset_client.py
index 4440705..ed07817 100644
--- a/designate_tempest_plugin/services/dns/v2/json/recordset_client.py
+++ b/designate_tempest_plugin/services/dns/v2/json/recordset_client.py
@@ -35,8 +35,9 @@
@base.handle_errors
def create_recordset(self, zone_uuid, recordset_data,
- params=None, wait_until=False, headers=None):
+ params=None, headers=None, wait_until=False):
"""Create a recordset for the specified zone.
+
:param zone_uuid: Unique identifier of the zone in UUID format..
:param recordset_data: A dictionary that represents the recordset
data.
@@ -45,20 +46,28 @@
:param headers (dict): The headers to use for the request.
:return: A tuple with the server response and the created zone.
"""
- resp, body = self._create_request(
- "/zones/{0}/recordsets".format(zone_uuid), params=params,
- data=recordset_data, headers=headers)
+ if headers:
+ resp, body = self._create_request(
+ "/zones/{0}/recordsets".format(zone_uuid), params=params,
+ data=recordset_data, extra_headers=True, headers=headers)
+ else:
+ resp, body = self._create_request(
+ "/zones/{0}/recordsets".format(zone_uuid), params=params,
+ data=recordset_data)
+
# Create Recordset should Return a HTTP 202
self.expected_success(202, resp.status)
+
if wait_until:
waiters.wait_for_recordset_status(
self, zone_uuid, body['id'], wait_until, headers=headers)
+
return resp, body
@base.handle_errors
def update_recordset(self, zone_uuid, recordset_uuid,
- recordet_data, params=None,
- headers=None, extra_headers=None):
+ recordset_data, params=None,
+ headers=None, extra_headers=None, wait_until=False):
"""Update the recordset related to the specified zone.
:param zone_uuid: Unique identifier of the zone in UUID format.
:param recordset_uuid: Unique identifier of the recordset in UUID
@@ -73,17 +82,23 @@
method are to be used but additional
headers are needed in the request
pass them in as a dict.
+ :param wait_until: Block until the recordset reaches the
+ desired status
:return: A tuple with the server response and the created zone.
"""
resp, body = self._put_request(
'zones/{0}/recordsets'.format(zone_uuid), recordset_uuid,
- data=recordet_data, params=params,
+ data=recordset_data, params=params,
headers=headers, extra_headers=extra_headers)
# Update Recordset should Return a HTTP 202, or a 200 if the recordset
# is already active
self.expected_success([200, 202], resp.status)
+ if wait_until:
+ waiters.wait_for_recordset_status(
+ self, zone_uuid, body['id'], wait_until)
+
return resp, body
@base.handle_errors
diff --git a/designate_tempest_plugin/tests/api/v2/test_enabled_api_version.py b/designate_tempest_plugin/tests/api/v2/test_enabled_api_version.py
index c5fcd69..814802f 100644
--- a/designate_tempest_plugin/tests/api/v2/test_enabled_api_version.py
+++ b/designate_tempest_plugin/tests/api/v2/test_enabled_api_version.py
@@ -45,18 +45,37 @@
def test_list_enabled_api_versions(self):
for user in ['admin', 'primary', 'not_auth_user']:
if user == 'admin':
- versions = self.admin_client.list_enabled_api_versions()[1][
- 'versions']['values']
+ ver_doc = self.admin_client.list_enabled_api_versions()[1]
+ # The version document was updated to match OpenStack
+ # version discovery standards in Zed. Accomodate the legacy
+ # format for backward compatibility.
+ try:
+ versions = ver_doc['versions']['values']
+ except TypeError:
+ versions = ver_doc['versions']
if user == 'primary':
- versions = self.primary_client.list_enabled_api_versions()[1][
- 'versions']['values']
+ ver_doc = self.primary_client.list_enabled_api_versions()[1]
+ # The version document was updated to match OpenStack
+ # version discovery standards in Zed. Accomodate the legacy
+ # format for backward compatibility.
+ try:
+ versions = ver_doc['versions']['values']
+ except TypeError:
+ versions = ver_doc['versions']
if user == 'not_auth_user':
response = requests.get(self.primary_client.base_url,
verify=False)
headers = {
k.lower(): v.lower() for k, v in response.headers.items()}
- versions = self.deserialize(
- headers, str(response.text))['versions']['values']
+ # The version document was updated to match OpenStack
+ # version discovery standards in Zed. Accomodate the legacy
+ # format for backward compatibility.
+ try:
+ versions = self.deserialize(
+ headers, str(response.text))['versions']['values']
+ except TypeError:
+ versions = self.deserialize(
+ headers, str(response.text))['versions']
LOG.info('Received enabled API versions for {} '
'user are:{}'.format(user, versions))
@@ -64,7 +83,7 @@
enabled_ids = [
item['id'] for key in item.keys() if key == 'id']
LOG.info('Enabled versions IDs are:{}'.format(enabled_ids))
- possible_options = [['v1'], ['v2'], ['v1', 'v2']]
+ possible_options = [['v1'], ['v2'], ['v1', 'v2'], ['v2.0']]
self.assertIn(
enabled_ids, possible_options,
'Failed, received version: {} is not in possible options'
diff --git a/designate_tempest_plugin/tests/api/v2/test_recordset.py b/designate_tempest_plugin/tests/api/v2/test_recordset.py
index 72495d3..3773537 100644
--- a/designate_tempest_plugin/tests/api/v2/test_recordset.py
+++ b/designate_tempest_plugin/tests/api/v2/test_recordset.py
@@ -1063,7 +1063,7 @@
lib_exc.BadRequest, 'bad_request', 400,
self.admin_client.update_recordset,
zone['id'], recordset['id'],
- recordet_data=dns_data_utils.rand_ns_records(),
+ recordset_data=dns_data_utils.rand_ns_records(),
headers=sudo_managed_headers, extra_headers=True)
if recordset['type'] == 'SOA':
@@ -1071,6 +1071,55 @@
lib_exc.BadRequest, 'bad_request', 400,
self.admin_client.update_recordset,
zone['id'], recordset['id'],
- recordet_data=dns_data_utils.rand_soa_recordset(
+ recordset_data=dns_data_utils.rand_soa_recordset(
zone['name']),
headers=sudo_managed_headers, extra_headers=True)
+
+
+class RecordsetsManagedRecordsNegativeTest(BaseRecordsetsTest):
+
+ credentials = ["admin", "system_admin", "primary"]
+
+ @classmethod
+ def setup_clients(cls):
+ super(RecordsetsManagedRecordsNegativeTest, cls).setup_clients()
+ if CONF.enforce_scope.designate:
+ cls.admin_client = cls.os_system_admin.dns_v2.RecordsetClient()
+ cls.admin_tld_client = cls.os_system_admin.dns_v2.TldClient()
+ else:
+ cls.admin_client = cls.os_admin.dns_v2.RecordsetClient()
+ cls.admin_tld_client = cls.os_admin.dns_v2.TldClient()
+ cls.zone_client = cls.os_primary.dns_v2.ZonesClient()
+ cls.recordset_client = cls.os_primary.dns_v2.RecordsetClient()
+
+ @decorators.idempotent_id('083fa738-bb1b-11ec-b581-201e8823901f')
+ def test_delete_ns_record_not_permitted(self):
+ LOG.info('Get NS type recordset ID')
+ recordsets = self.recordset_client.list_recordset(
+ self.zone['id'])[1]['recordsets']
+ for recordset in recordsets:
+ if recordset['type'] == 'NS':
+ ns_record_id = recordset['id']
+ break
+
+ LOG.info('Primary user tries to delete NS Recordset')
+ self.assertRaises(
+ lib_exc.Forbidden,
+ self.recordset_client.delete_recordset,
+ self.zone['id'], ns_record_id, headers=self.managed_records)
+
+ @decorators.idempotent_id('1e78a742-66ee-11ec-8dc3-201e8823901f')
+ def test_create_soa_record_not_permitted(self):
+ soa_record = ("s1.devstack.org. admin.example.net. 1510721487 3510"
+ " 600 86400 3600")
+ LOG.info('Primary tries to create a Recordset on '
+ 'the existing zone')
+ self.assertRaises(
+ lib_exc.BadRequest,
+ self.recordset_client.create_recordset,
+ self.zone['id'], soa_record)
+ LOG.info('Admin tries to create a Recordset on the existing zone')
+ self.assertRaises(
+ lib_exc.BadRequest,
+ self.admin_client.create_recordset,
+ self.zone['id'], soa_record)
diff --git a/designate_tempest_plugin/tests/api/v2/test_recordset_validation.py b/designate_tempest_plugin/tests/api/v2/test_recordset_validation.py
index a708f6d..63568c8 100644
--- a/designate_tempest_plugin/tests/api/v2/test_recordset_validation.py
+++ b/designate_tempest_plugin/tests/api/v2/test_recordset_validation.py
@@ -70,6 +70,8 @@
name="recordsetvalidation")
self.class_tld = self.admin_tld_client.create_tld(
tld_name=tld_name[:-1])
+ self.addCleanup(
+ self.admin_tld_client.delete_tld, self.class_tld[1]['id'])
zone_name = dns_data_utils.rand_zone_name(name="TestZone",
suffix=f'.{tld_name}')
zone_data = dns_data_utils.rand_zone_data(name=zone_name)
diff --git a/designate_tempest_plugin/tests/base.py b/designate_tempest_plugin/tests/base.py
index 091c3ca..d5cdb6b 100644
--- a/designate_tempest_plugin/tests/base.py
+++ b/designate_tempest_plugin/tests/base.py
@@ -177,6 +177,7 @@
"""Base class for DNS V2 API tests."""
all_projects_header = {'X-Auth-All-Projects': True}
+ managed_records = {'x-designate-edit-managed-records': True}
@classmethod
def skip_checks(cls):
diff --git a/designate_tempest_plugin/tests/scenario/v2/recordset_data.json b/designate_tempest_plugin/tests/scenario/v2/recordset_data.json
index 3168722..6dda986 100644
--- a/designate_tempest_plugin/tests/scenario/v2/recordset_data.json
+++ b/designate_tempest_plugin/tests/scenario/v2/recordset_data.json
@@ -54,11 +54,6 @@
"type": "SPF",
"records": ["\"v=spf1; a -all\""]
},
- "NS": {
- "name": "NS_Record",
- "type": "NS",
- "records": ["ns1.example.org."]
- },
"PTR_IPV4": {
"name": "PTR_Record_IPV4",
"type": "PTR",
diff --git a/designate_tempest_plugin/tests/scenario/v2/test_quotas.py b/designate_tempest_plugin/tests/scenario/v2/test_quotas.py
index 17fd16f..9f126a4 100644
--- a/designate_tempest_plugin/tests/scenario/v2/test_quotas.py
+++ b/designate_tempest_plugin/tests/scenario/v2/test_quotas.py
@@ -16,10 +16,14 @@
from tempest import config
from tempest.lib import decorators
from tempest.lib import exceptions as lib_exc
+from tempest.lib.common.utils import data_utils
+
+import tempest.test
from designate_tempest_plugin.tests import base
from designate_tempest_plugin import data_utils as dns_data_utils
from designate_tempest_plugin.common import constants as const
+from designate_tempest_plugin.common import exceptions
LOG = logging.getLogger(__name__)
@@ -277,3 +281,98 @@
self.zone_client.project_id, quotas)
LOG.info('Try to create Zones. Expected:"413 over_quota"')
self._reach_quota_limit(self.test_quota_limit, 'zones_quota')
+
+
+class QuotasBoundary(base.BaseDnsV2Test, tempest.test.BaseTestCase):
+
+ credentials = ['admin', 'system_admin']
+
+ @classmethod
+ def setup_credentials(cls):
+ # Do not create network resources for these test.
+ cls.set_network_resources()
+ super(QuotasBoundary, cls).setup_credentials()
+
+ @classmethod
+ def skip_checks(cls):
+ super(QuotasBoundary, cls).skip_checks()
+ if not CONF.dns_feature_enabled.api_v2_quotas:
+ skip_msg = ("%s skipped as designate V2 Quotas API is not "
+ "available" % cls.__name__)
+ raise cls.skipException(skip_msg)
+
+ @classmethod
+ def setup_clients(cls):
+ super(QuotasBoundary, cls).setup_clients()
+ if CONF.enforce_scope.designate:
+ cls.admin_tld_client = cls.os_system_admin.dns_v2.TldClient()
+ cls.quota_client = cls.os_system_admin.dns_v2.QuotasClient()
+ cls.project_client = cls.os_system_admin.projects_client
+ cls.zone_client = cls.os_system_admin.dns_v2.ZonesClient()
+ cls.recordset_client = \
+ cls.os_system_admin.dns_v2.RecordsetClient()
+ cls.export_zone_client = \
+ cls.os_system_admin.dns_v2.ZoneExportsClient()
+ else:
+ cls.quota_client = cls.os_admin.dns_v2.QuotasClient()
+ cls.project_client = cls.os_admin.projects_client
+ cls.zone_client = cls.os_admin.dns_v2.ZonesClient()
+ cls.recordset_client = cls.os_admin.dns_v2.RecordsetClient()
+ cls.export_zone_client = cls.os_admin.dns_v2.ZoneExportsClient()
+ cls.admin_tld_client = cls.os_admin.dns_v2.TldClient()
+
+ @classmethod
+ def resource_setup(cls):
+ super(QuotasBoundary, cls).resource_setup()
+ # Make sure we have an allowed TLD available
+ tld_name = dns_data_utils.rand_zone_name(name="QuotasBoundary")
+ cls.tld_name = f".{tld_name}"
+ cls.class_tld = cls.admin_tld_client.create_tld(tld_name=tld_name[:-1])
+
+ @classmethod
+ def resource_cleanup(cls):
+ cls.admin_tld_client.delete_tld(cls.class_tld[1]['id'])
+ super(QuotasBoundary, cls).resource_cleanup()
+
+ @decorators.attr(type='slow')
+ @decorators.idempotent_id('e4981eb2-3803-11ed-9d3c-201e8823901f')
+ def test_zone_quota_boundary(self):
+ # Create a dedicated Project for Boundary tests
+ tenant_id = self.project_client.create_project(
+ name=data_utils.rand_name(name='BoundaryZone'))['project']['id']
+ self.addCleanup(self.project_client.delete_project, tenant_id)
+
+ # Set Quotas (zones:1) for tested project
+ sudo_header = {'x-auth-sudo-project-id': tenant_id}
+ quotas = {
+ 'zones': 1, 'zone_recordsets': 2, 'zone_records': 3,
+ 'recordset_records': 2, 'api_export_size': 3}
+ self.quota_client.set_quotas(
+ project_id=tenant_id, quotas=quotas,
+ headers=sudo_header)
+
+ # Create a first Zone --> Should PASS
+ zone_name = dns_data_utils.rand_zone_name(
+ name="test_zone_quota_boundary_attempt_1", suffix=self.tld_name)
+ zone = self.zone_client.create_zone(
+ name=zone_name, project_id=tenant_id)[1]
+ self.addCleanup(self.wait_zone_delete, self.zone_client, zone['id'])
+
+ # Create a second zone --> should FAIL on: 413 over_quota
+ zone_name = dns_data_utils.rand_zone_name(
+ name="test_zone_quota_boundary_attempt_2", suffix=self.tld_name)
+ try:
+ response_headers, zone = self.zone_client.create_zone(
+ name=zone_name, project_id=tenant_id)
+ if response_headers['status'] != 413:
+ raise exceptions.InvalidStatusError(
+ 'Zone', zone['id'], zone['status'])
+ except Exception as e:
+ self.assertIn('over_quota', str(e),
+ 'Failed, over_quota for a zone was not raised')
+ finally:
+ self.addCleanup(
+ self.wait_zone_delete,
+ self.zone_client, zone['id'],
+ headers=sudo_header,
+ ignore_errors=lib_exc.NotFound)
diff --git a/designate_tempest_plugin/tests/scenario/v2/test_recordsets.py b/designate_tempest_plugin/tests/scenario/v2/test_recordsets.py
index e58a54c..029854a 100644
--- a/designate_tempest_plugin/tests/scenario/v2/test_recordsets.py
+++ b/designate_tempest_plugin/tests/scenario/v2/test_recordsets.py
@@ -9,6 +9,9 @@
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
+
+import time
+
from oslo_log import log as logging
from tempest import config
from tempest.lib.common.utils import test_utils
@@ -17,9 +20,11 @@
import ddt
from designate_tempest_plugin.tests import base
+from designate_tempest_plugin.common import constants as const
from designate_tempest_plugin import data_utils as dns_data_utils
from designate_tempest_plugin.common import waiters
-
+from designate_tempest_plugin.services.dns.query.query_client \
+ import SingleQueryClient
LOG = logging.getLogger(__name__)
@@ -50,7 +55,7 @@
zone_id = CONF.dns.zone_id
if zone_id:
LOG.info('Retrieve info from a zone')
- _, zone = cls.client.show_zone(zone_id)
+ zone = cls.client.show_zone(zone_id)[1]
else:
# Make sure we have an allowed TLD available
tld_name = dns_data_utils.rand_zone_name(name="RecordsetsTest")
@@ -93,8 +98,8 @@
}
LOG.info('Create a Recordset on the existing zone')
- _, recordset = self.recordset_client.create_recordset(
- self.zone['id'], recordset_data)
+ recordset = self.recordset_client.create_recordset(
+ self.zone['id'], recordset_data)[1]
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
self.recordset_client.delete_recordset,
self.zone['id'], recordset['id'])
@@ -108,8 +113,8 @@
'ACTIVE')
LOG.info('Delete the recordset')
- _, body = self.recordset_client.delete_recordset(self.zone['id'],
- recordset['id'])
+ body = self.recordset_client.delete_recordset(
+ self.zone['id'], recordset['id'])[1]
LOG.info('Ensure we respond with DELETE+PENDING')
self.assertEqual('DELETE', body['action'])
@@ -120,20 +125,50 @@
lambda: self.recordset_client.show_recordset(
self.zone['id'], recordset['id']))
- @decorators.idempotent_id('1e78a742-66ee-11ec-8dc3-201e8823901f')
- def test_create_soa_record_not_permitted(self):
- # SOA record is automatically created for a zone, no user
- # should be able to create a SOA record.
- soa_record = ("s1.devstack.org. admin.example.net. 1510721487 3510"
- " 600 86400 3600")
- LOG.info('Primary tries to create a Recordset on '
- 'the existing zone')
- self.assertRaises(
- lib_exc.BadRequest,
- self.recordset_client.create_recordset,
- self.zone['id'], soa_record)
- LOG.info('Admin tries to create a Recordset on the existing zone')
- self.assertRaises(
- lib_exc.BadRequest,
- self.admin_client.create_recordset,
- self.zone['id'], soa_record)
+ @decorators.attr(type='slow')
+ @decorators.idempotent_id('cbf756b0-ba64-11ec-93d4-201e8823901f')
+ @ddt.file_data("recordset_data.json")
+ def test_update_records_propagated_to_backends(self, name, type, records):
+ if name:
+ recordset_name = name + "." + self.zone['name']
+ else:
+ recordset_name = self.zone['name']
+
+ orig_ttl = 666
+ updated_ttl = 777
+ recordset_data = {
+ 'name': recordset_name,
+ 'type': type,
+ 'records': records,
+ 'ttl': orig_ttl
+ }
+
+ LOG.info('Create a Recordset on the existing zone')
+ recordset = self.recordset_client.create_recordset(
+ self.zone['id'], recordset_data, wait_until=const.ACTIVE)[1]
+ self.addCleanup(test_utils.call_and_ignore_notfound_exc,
+ self.recordset_client.delete_recordset,
+ self.zone['id'], recordset['id'])
+
+ LOG.info('Update a Recordset on the existing zone')
+ recordset_data['ttl'] = updated_ttl
+ self.recordset_client.update_recordset(
+ self.zone['id'], recordset['id'],
+ recordset_data, wait_until=const.ACTIVE)
+
+ LOG.info('Per Nameserver "dig" for a record until either:'
+ ' updated TTL is detected or build timeout has reached')
+ for ns in config.CONF.dns.nameservers:
+ start = time.time()
+ while True:
+ ns_obj = SingleQueryClient(ns, config.CONF.dns.query_timeout)
+ ns_record = ns_obj.query(
+ self.zone['name'], rdatatype=recordset_data['type'])
+ if str(updated_ttl) in str(ns_record):
+ return
+ if time.time() - start >= config.CONF.dns.build_timeout:
+ raise lib_exc.TimeoutException(
+ 'Failed, updated TTL:{} for the record was not'
+ ' detected on Nameserver:{} within a timeout of:{}'
+ ' seconds.'.format(
+ updated_ttl, ns, config.CONF.dns.build_timeout))