Adding new test cases to: "Zone Ownership Transfers" test suite.

1) test_show_transfer_request_impersonate_another_project Test is based on: "x-auth-sudo-project-id" HTTP header 2) test_list_transfer_requests_all_projects Test is based on: "x-auth-all-projects" HTTP header 3) test_zone_transfer_target_project Test validates that only targeted project is able to accept the transfer request. 4) Improving the existing scenario test: "test_zone_transfer" Zone ownership transfer shouldn't work more than once. Change-Id: I1b345de2c9756ba1bcb0ec7b361c90baff3acb60
2021-04-14 16:47:01 +03:00 · 2021-04-14 16:47:01 +03:00 · 5ec73286a2
parent e98a05ac35
commit 5ec73286a2
3 changed files with 125 additions and 6 deletions
--- a/designate_tempest_plugin/services/dns/v2/json/transfer_request_client.py
+++ b/designate_tempest_plugin/services/dns/v2/json/transfer_request_client.py
@ -60,26 +60,30 @@ class TransferRequestClient(base.DnsClientV2Base):
        return resp, body

    @base.handle_errors
-    def show_transfer_request(self, uuid, params=None):
+    def show_transfer_request(self, uuid, params=None, headers=None):
        """Gets a specific transfer_requestsed zone.
        :param uuid: Unique identifier of the transfer_requestsed zone in
                     UUID format.
        :param params: A Python dict that represents the query paramaters to
                       include in the request URI.
+
+        :param headers (dict): The headers to use for the request.
        :return: Serialized transfer_requestsed zone as a dictionary.
        """
        return self._show_request(
-            'zones/tasks/transfer_requests', uuid, params=params)
+            'zones/tasks/transfer_requests', uuid,
+            params=params, headers=headers)

    @base.handle_errors
-    def list_transfer_requests(self, params=None):
+    def list_transfer_requests(self, params=None, headers=None):
        """Gets all the transfer_requestsed zones
        :param params: A Python dict that represents the query paramaters to
                       include in the request URI.
+        :param headers (dict): The headers to use for the request.
        :return: Serialized transfer_requestsed zone as a list.
        """
        return self._list_request(
-            'zones/tasks/transfer_requests', params=params)
+            'zones/tasks/transfer_requests', params=params, headers=headers)

    @base.handle_errors
    def delete_transfer_request(self, uuid, params=None):
--- a/designate_tempest_plugin/tests/api/v2/test_transfer_request.py
+++ b/designate_tempest_plugin/tests/api/v2/test_transfer_request.py
@ -27,7 +27,7 @@ class BaseTransferRequestTest(base.BaseDnsV2Test):


 class TransferRequestTest(BaseTransferRequestTest):
-    credentials = ['primary', 'alt']
+    credentials = ['primary', 'alt', 'admin']

    @classmethod
    def setup_credentials(cls):
@ -40,8 +40,10 @@ class TransferRequestTest(BaseTransferRequestTest):
        super(TransferRequestTest, cls).setup_clients()

        cls.zone_client = cls.os_primary.zones_client
+        cls.alt_zone_client = cls.os_alt.zones_client
        cls.client = cls.os_primary.transfer_request_client
        cls.alt_client = cls.os_alt.transfer_request_client
+        cls.admin_client = cls.os_admin.transfer_request_client

    @decorators.idempotent_id('2381d489-ad84-403d-b0a2-8b77e4e966bf')
    def test_create_transfer_request(self):
@ -107,6 +109,34 @@ class TransferRequestTest(BaseTransferRequestTest):
                 'created transfer_request')
        self.assertExpected(transfer_request, body, self.excluded_keys)

+    @decorators.idempotent_id('5bed4582-9cfb-11eb-a160-74e5f9e2a801')
+    @decorators.skip_because(bug="1926572")
+    def test_show_transfer_request_impersonate_another_project(self):
+        LOG.info('Create a zone')
+        zone = self.zone_client.create_zone()[1]
+        self.addCleanup(self.wait_zone_delete, self.zone_client, zone['id'])
+
+        LOG.info('Create a zone transfer_request')
+        transfer_request = self.client.create_transfer_request(zone['id'])[1]
+        self.addCleanup(self.client.delete_transfer_request,
+                        transfer_request['id'])
+
+        LOG.info('As Admin tenant fetch the transfer_request without using '
+                 '"x-auth-sudo-project-id" HTTP header. Expected: 404')
+        self.assertRaises(lib_exc.NotFound,
+                          lambda: self.admin_client.show_transfer_request(
+                              transfer_request['id']))
+
+        LOG.info('As Admin tenant fetch the transfer_request using '
+                 '"x-auth-sudo-project-id" HTTP header.')
+        body = self.admin_client.show_transfer_request(
+            transfer_request['id'],
+            headers={'x-auth-sudo-project-id': zone['project_id']})[1]
+
+        LOG.info('Ensure the fetched response matches the '
+                 'created transfer_request')
+        self.assertExpected(transfer_request, body, self.excluded_keys)
+
    @decorators.idempotent_id('235ded87-0c47-430b-8cad-4f3194b927a6')
    def test_show_transfer_request_as_target(self):
        # Checks the target of a scoped transfer request can see
@ -166,6 +196,48 @@ class TransferRequestTest(BaseTransferRequestTest):

        self.assertGreater(len(body['transfer_requests']), 0)

+    @decorators.idempotent_id('db985892-9d02-11eb-a160-74e5f9e2a801')
+    def test_list_transfer_requests_all_projects(self):
+        LOG.info('Create a Primary zone')
+        primary_zone = self.zone_client.create_zone()[1]
+        self.addCleanup(self.wait_zone_delete,
+                        self.zone_client, primary_zone['id'])
+
+        LOG.info('Create an Alt zone')
+        alt_zone = self.alt_zone_client.create_zone()[1]
+        self.addCleanup(self.wait_zone_delete,
+                        self.alt_zone_client, alt_zone['id'])
+
+        LOG.info('Create a zone transfer_request using Primary client')
+        primary_transfer_request = self.client.create_transfer_request(
+            primary_zone['id'])[1]
+        self.addCleanup(self.client.delete_transfer_request,
+                        primary_transfer_request['id'])
+
+        LOG.info('Create a zone transfer_request using Alt client')
+        alt_transfer_request = self.alt_client.create_transfer_request(
+            alt_zone['id'])[1]
+        self.addCleanup(self.alt_client.delete_transfer_request,
+                        alt_transfer_request['id'])
+
+        LOG.info('List transfer_requests for all projects using Admin tenant '
+                 'without "x-auth-all-projects" HTTP header. '
+                 'Expected: empty list')
+        self.assertEqual([], self.admin_client.list_transfer_requests()[1][
+            'transfer_requests'], 'Failed, requests list is not empty')
+
+        LOG.info('List transfer_requests for all projects using Admin tenant '
+                 'and "x-auth-all-projects" HTTP header.')
+        request_ids = [
+            item['id'] for item in self.admin_client.list_transfer_requests(
+                headers={'x-auth-all-projects': True})[1]['transfer_requests']]
+
+        for request_id in [primary_transfer_request['id'],
+                           alt_transfer_request['id']]:
+            self.assertIn(request_id, request_ids,
+                          "Failed, transfer request ID:{} wasn't found in "
+                          "listed IDs{}".format(request_id, request_ids))
+
    @decorators.idempotent_id('de5e9d32-c723-4518-84e5-58da9722cc13')
    def test_update_transfer_request(self):
        LOG.info('Create a zone')
--- a/designate_tempest_plugin/tests/scenario/v2/test_zones_transfer.py
+++ b/designate_tempest_plugin/tests/scenario/v2/test_zones_transfer.py
@ -16,22 +16,25 @@ from tempest.lib import decorators
 from tempest.lib import exceptions as lib_exc

 from designate_tempest_plugin.tests import base
+from designate_tempest_plugin import data_utils as dns_data_utils

 LOG = logging.getLogger(__name__)


 class ZonesTransferTest(base.BaseDnsV2Test):
-    credentials = ['primary', 'alt']
+    credentials = ['primary', 'alt', 'admin']

    @classmethod
    def setup_clients(cls):
        super(ZonesTransferTest, cls).setup_clients()
        cls.zones_client = cls.os_primary.zones_client
        cls.alt_zones_client = cls.os_alt.zones_client
+        cls.admin_zones_client = cls.os_admin.zones_client
        cls.request_client = cls.os_primary.transfer_request_client
        cls.alt_request_client = cls.os_alt.transfer_request_client
        cls.accept_client = cls.os_primary.transfer_accept_client
        cls.alt_accept_client = cls.os_alt.transfer_accept_client
+        cls.admin_accept_client = cls.os_admin.transfer_accept_client

    @decorators.idempotent_id('60bd80ac-c979-4686-9a03-f2f775f272ab')
    def test_zone_transfer(self):
@ -63,3 +66,43 @@ class ZonesTransferTest(base.BaseDnsV2Test):
        LOG.info('Ensure 404 when fetching the zone as primary tenant')
        self.assertRaises(lib_exc.NotFound,
            lambda: self.zones_client.show_zone(zone['id']))
+
+        LOG.info('Accept the request as admin tenant, should fail '
+                 'with: "invalid_zone_transfer_request"')
+        with self.assertRaisesDns(
+                lib_exc.BadRequest, 'invalid_zone_transfer_request', 400):
+            self.admin_accept_client.create_transfer_accept(accept_data)
+
+    @decorators.idempotent_id('5855b772-a036-11eb-9973-74e5f9e2a801')
+    def test_zone_transfer_target_project(self):
+        LOG.info('Create a zone as "primary" tenant')
+        zone = self.zones_client.create_zone()[1]
+
+        LOG.info('Create transfer_request with target project set to '
+                 '"Admin" tenant')
+        transfer_request_data = dns_data_utils.rand_transfer_request_data(
+            target_project_id=self.os_admin.credentials.project_id)
+        transfer_request = self.request_client.create_transfer_request(
+            zone['id'], transfer_request_data)[1]
+        self.addCleanup(self.request_client.delete_transfer_request,
+                        transfer_request['id'])
+        LOG.info('Ensure we respond with ACTIVE status')
+        self.assertEqual('ACTIVE', transfer_request['status'])
+
+        LOG.info('Accept the request as "alt" tenant, Expected: should fail '
+                 'as "admin" was set as a target project.')
+        accept_data = {
+                 "key": transfer_request['key'],
+                 "zone_transfer_request_id": transfer_request['id']
+        }
+        self.assertRaises(
+            lib_exc.Forbidden, self.alt_accept_client.create_transfer_accept,
+            transfer_accept_data=accept_data)
+
+        LOG.info('Accept the request as "Admin" tenant, Expected: should work')
+        self.admin_accept_client.create_transfer_accept(accept_data)
+        LOG.info('Fetch the zone as "Admin" tenant')
+        admin_zone = self.admin_zones_client.show_zone(zone['id'])[1]
+        self.addCleanup(self.wait_zone_delete,
+                        self.admin_zones_client,
+                        admin_zone['id'])