New test cases for blacklist test suite
1) test_create_blacklist_as_primary_fails
Primary user is not allowed to create blacklist.
2) test_primary_fails_to_create_zone_matches_blacklist_regex
Zone is failed to be created if its name matches existing
blacklist regex.
3) test_primary_fails_to_create_zone_matches_blacklist_name
Zone is failed to be created if its name is in blacklist.
4) test_admin_creates_zone_matches_blacklist_name_or_regex
Users with the Admin role bypass the deny list check.
5) test_create_blacklist_invalid_pattern
Create blacklist using invalid patterns.
6) test_create_blacklist_huge_size_description
Create blacklist using huge size description string.
Change-Id: I6e924d5ba9b411b427e9eed358a90e9ece56156d
diff --git a/designate_tempest_plugin/services/dns/v2/json/blacklists_client.py b/designate_tempest_plugin/services/dns/v2/json/blacklists_client.py
index c3f6de1..bfe65c7 100644
--- a/designate_tempest_plugin/services/dns/v2/json/blacklists_client.py
+++ b/designate_tempest_plugin/services/dns/v2/json/blacklists_client.py
@@ -36,6 +36,9 @@
'description': description or data_utils.rand_name(),
}
+ if pattern == '':
+ blacklist['pattern'] = ''
+
resp, body = self._create_request('blacklists', blacklist,
params=params)
diff --git a/designate_tempest_plugin/tests/api/v2/test_blacklists.py b/designate_tempest_plugin/tests/api/v2/test_blacklists.py
index d39536f..95688b3 100644
--- a/designate_tempest_plugin/tests/api/v2/test_blacklists.py
+++ b/designate_tempest_plugin/tests/api/v2/test_blacklists.py
@@ -30,8 +30,7 @@
class BlacklistsAdminTest(BaseBlacklistsTest):
- credentials = ["admin", "system_admin"]
-
+ credentials = ["admin", "system_admin", "primary"]
@classmethod
def setup_credentials(cls):
# Do not create network resources for these test.
@@ -41,10 +40,12 @@
@classmethod
def setup_clients(cls):
super(BlacklistsAdminTest, cls).setup_clients()
+
if CONF.enforce_scope.designate:
cls.admin_client = cls.os_system_admin.dns_v2.BlacklistsClient()
else:
cls.admin_client = cls.os_admin.dns_v2.BlacklistsClient()
+ cls.primary_client = cls.os_primary.dns_v2.BlacklistsClient()
@decorators.idempotent_id('3a7f7564-6bdd-446e-addc-a3475b4c3f71')
def test_create_blacklist(self):
@@ -58,6 +59,30 @@
self.assertExpected(blacklist, body, self.excluded_keys)
+ @decorators.idempotent_id('ea608152-da3c-11eb-b8b8-74e5f9e2a801')
+ @decorators.skip_because(bug="1934252")
+ def test_create_blacklist_invalid_pattern(self):
+ patterns = ['', '#(*&^%$%$#@$', 'a' * 1000]
+ for pattern in patterns:
+ LOG.info(
+ 'Try to create a blacklist using pattern:{}'.format(pattern))
+ self.assertRaises(
+ lib_exc.BadRequest, self.admin_client.create_blacklist,
+ pattern=pattern)
+
+ @decorators.idempotent_id('664bdaa0-da47-11eb-b8b8-74e5f9e2a801')
+ def test_create_blacklist_huge_size_description(self):
+ LOG.info('Try to create a blacklist using huge size description')
+ self.assertRaises(
+ lib_exc.BadRequest, self.admin_client.create_blacklist,
+ description='a' * 1000)
+
+ @decorators.idempotent_id('fe9de464-d8d1-11eb-bcdc-74e5f9e2a801')
+ def test_create_blacklist_as_primary_fails(self):
+ LOG.info('As Primary user, try to create a blacklist')
+ self.assertRaises(
+ lib_exc.Forbidden, self.primary_client.create_blacklist)
+
@decorators.idempotent_id('5bc02942-6225-4619-8f49-2105581a8dd6')
def test_show_blacklist(self):
LOG.info('Create a blacklist')
diff --git a/designate_tempest_plugin/tests/scenario/v2/test_blacklists.py b/designate_tempest_plugin/tests/scenario/v2/test_blacklists.py
new file mode 100644
index 0000000..696c661
--- /dev/null
+++ b/designate_tempest_plugin/tests/scenario/v2/test_blacklists.py
@@ -0,0 +1,99 @@
+# Copyright 2021 Red Hat.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from oslo_log import log as logging
+from tempest.lib import decorators
+from tempest.lib import exceptions as lib_exc
+
+from designate_tempest_plugin import data_utils as dns_data_utils
+from designate_tempest_plugin.tests import base
+
+LOG = logging.getLogger(__name__)
+
+
+class BaseBlacklistsTest(base.BaseDnsV2Test):
+ excluded_keys = ['created_at', 'updated_at', 'links']
+
+
+class BlacklistE2E(BaseBlacklistsTest):
+
+ credentials = ["admin", 'primary']
+
+ @classmethod
+ def setup_credentials(cls):
+ # Do not create network resources for these test.
+ cls.set_network_resources()
+ super(BlacklistE2E, cls).setup_credentials()
+
+ @classmethod
+ def setup_clients(cls):
+ super(BlacklistE2E, cls).setup_clients()
+ cls.admin_blacklist_client = cls.os_admin.dns_v2.BlacklistsClient()
+ cls.admin_zone_client = cls.os_admin.dns_v2.ZonesClient()
+ cls.primary_zone_client = cls.os_primary.dns_v2.ZonesClient()
+
+ @decorators.idempotent_id('22b1ee72-d8d2-11eb-bcdc-74e5f9e2a801')
+ def test_primary_fails_to_create_zone_matches_blacklist_regex(self):
+ LOG.info('Create a blacklist using regex')
+ blacklist = {
+ 'pattern': '^a.*',
+ 'description': 'Zone starts with "a" char'}
+ body = self.admin_blacklist_client.create_blacklist(**blacklist)[1]
+ self.addCleanup(
+ self.admin_blacklist_client.delete_blacklist, body['id'])
+
+ LOG.info('Try to create a zone that is starts with "a" character')
+ self.assertRaisesDns(
+ lib_exc.BadRequest, 'invalid_zone_name', 400,
+ self.primary_zone_client.create_zone,
+ name='a' + dns_data_utils.rand_zone_name())
+
+ @decorators.idempotent_id('6956f20c-d8d5-11eb-bcdc-74e5f9e2a801')
+ def test_primary_fails_to_create_zone_matches_blacklist_name(self):
+ LOG.info('Create a blacklist using the exact name(string)')
+ zone_name = dns_data_utils.rand_zone_name()
+ blacklist = {
+ 'pattern': zone_name,
+ 'description': 'Zone named:{} '.format(zone_name)}
+ body = self.admin_blacklist_client.create_blacklist(**blacklist)[1]
+ self.addCleanup(
+ self.admin_blacklist_client.delete_blacklist, body['id'])
+
+ LOG.info('Try to create a zone named:{}'.format(zone_name))
+ self.assertRaisesDns(
+ lib_exc.BadRequest, 'invalid_zone_name', 400,
+ self.primary_zone_client.create_zone, name=zone_name)
+
+ @decorators.idempotent_id('de030088-d97e-11eb-8ab8-74e5f9e2a801')
+ def test_admin_creates_zone_matches_blacklist_name_or_regex(self):
+ LOG.info('Create a blacklists using: regex and exact string(name)')
+ zone_name = dns_data_utils.rand_zone_name()
+ blacklists = [
+ {'pattern': '^a.*', 'description': 'Zone starts with "a" char'},
+ {'pattern': zone_name,
+ 'description': 'Deny if Zone named:{} '.format(zone_name)}]
+ for blacklist in blacklists:
+ body = self.admin_blacklist_client.create_blacklist(**blacklist)[1]
+ self.addCleanup(
+ self.admin_blacklist_client.delete_blacklist, body['id'])
+
+ LOG.info('As Admin user try to create zones that are '
+ 'supposed to be blocked')
+ zone = self.admin_zone_client.create_zone(
+ name='a' + dns_data_utils.rand_zone_name())[1]
+ self.addCleanup(
+ self.wait_zone_delete, self.admin_zone_client, zone['id'])
+ zone = self.admin_zone_client.create_zone(name=zone_name)[1]
+ self.addCleanup(
+ self.wait_zone_delete, self.admin_zone_client, zone['id'])