153 lines
6.3 KiB
Python
153 lines
6.3 KiB
Python
# Copyright 2021 Red Hat.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from oslo_log import log as logging
|
|
from tempest import config
|
|
from tempest.lib import decorators
|
|
from tempest.lib import exceptions as lib_exc
|
|
|
|
from designate_tempest_plugin import data_utils as dns_data_utils
|
|
from designate_tempest_plugin.tests import base
|
|
|
|
CONF = config.CONF
|
|
LOG = logging.getLogger(__name__)
|
|
|
|
|
|
class BaseBlacklistsTest(base.BaseDnsV2Test):
|
|
excluded_keys = ['created_at', 'updated_at', 'links']
|
|
|
|
@classmethod
|
|
def setup_clients(cls):
|
|
super(BaseBlacklistsTest, cls).setup_clients()
|
|
|
|
if CONF.enforce_scope.designate:
|
|
cls.admin_tld_client = cls.os_system_admin.dns_v2.TldClient()
|
|
else:
|
|
cls.admin_tld_client = cls.os_admin.dns_v2.TldClient()
|
|
|
|
@classmethod
|
|
def resource_setup(cls):
|
|
super(BaseBlacklistsTest, cls).resource_setup()
|
|
|
|
# Make sure we have an allowed TLD available
|
|
tld_name = dns_data_utils.rand_zone_name(name="BaseBlacklistsTest")
|
|
cls.tld_name = f".{tld_name}"
|
|
cls.class_tld = cls.admin_tld_client.create_tld(tld_name=tld_name[:-1])
|
|
|
|
@classmethod
|
|
def resource_cleanup(cls):
|
|
cls.admin_tld_client.delete_tld(cls.class_tld[1]['id'])
|
|
super(BaseBlacklistsTest, cls).resource_cleanup()
|
|
|
|
|
|
class BlacklistE2E(BaseBlacklistsTest):
|
|
|
|
credentials = ["admin", 'primary', 'system_admin']
|
|
|
|
@classmethod
|
|
def setup_credentials(cls):
|
|
# Do not create network resources for these test.
|
|
cls.set_network_resources()
|
|
super(BlacklistE2E, cls).setup_credentials()
|
|
|
|
@classmethod
|
|
def setup_clients(cls):
|
|
super(BlacklistE2E, cls).setup_clients()
|
|
if CONF.enforce_scope.designate:
|
|
cls.admin_blacklist_client = (
|
|
cls.os_system_admin.dns_v2.BlacklistsClient())
|
|
cls.admin_zone_client = cls.os_system_admin.dns_v2.ZonesClient()
|
|
else:
|
|
cls.admin_blacklist_client = cls.os_admin.dns_v2.BlacklistsClient()
|
|
cls.admin_zone_client = cls.os_admin.dns_v2.ZonesClient()
|
|
cls.primary_zone_client = cls.os_primary.dns_v2.ZonesClient()
|
|
|
|
@decorators.idempotent_id('22b1ee72-d8d2-11eb-bcdc-74e5f9e2a801')
|
|
def test_primary_fails_to_create_zone_matches_blacklist_regex(self):
|
|
LOG.info('Create a blacklist using regex')
|
|
blacklist = {
|
|
'pattern': '^blacklistregextest.*',
|
|
'description': 'Zone starts with "blacklistregextest" char'}
|
|
body = self.admin_blacklist_client.create_blacklist(**blacklist)[1]
|
|
self.addCleanup(
|
|
self.admin_blacklist_client.delete_blacklist, body['id'])
|
|
|
|
LOG.info('Try to create a zone that is starts with '
|
|
'"blacklistregextest".')
|
|
self.assertRaisesDns(
|
|
lib_exc.BadRequest, 'invalid_zone_name', 400,
|
|
self.primary_zone_client.create_zone,
|
|
name='blacklistregextest' + dns_data_utils.rand_zone_name())
|
|
|
|
@decorators.idempotent_id('6956f20c-d8d5-11eb-bcdc-74e5f9e2a801')
|
|
def test_primary_fails_to_create_zone_matches_blacklist_name(self):
|
|
LOG.info('Create a blacklist using the exact name(string)')
|
|
zone_name = 'blacklistnametest' + dns_data_utils.rand_zone_name()
|
|
blacklist = {
|
|
'pattern': zone_name,
|
|
'description': 'Zone named:{} '.format(zone_name)}
|
|
body = self.admin_blacklist_client.create_blacklist(**blacklist)[1]
|
|
self.addCleanup(
|
|
self.admin_blacklist_client.delete_blacklist, body['id'])
|
|
|
|
LOG.info('Try to create a zone named:{}'.format(zone_name))
|
|
self.assertRaisesDns(
|
|
lib_exc.BadRequest, 'invalid_zone_name', 400,
|
|
self.primary_zone_client.create_zone, name=zone_name)
|
|
|
|
@decorators.idempotent_id('de030088-d97e-11eb-8ab8-74e5f9e2a801')
|
|
def test_admin_creates_zone_matches_blacklist_name_or_regex(self):
|
|
LOG.info('Create two blacklists: by regex and by exact string')
|
|
zone_name_to_deny = dns_data_utils.rand_zone_name(
|
|
name="deny_by_name", suffix=self.tld_name)
|
|
blacklists = [
|
|
{'pattern': '^a.*',
|
|
'description': 'Zone starts with "a" char'},
|
|
{'pattern': zone_name_to_deny,
|
|
'description': 'Deny if Zone named:{} '.format(
|
|
zone_name_to_deny)}]
|
|
for blacklist in blacklists:
|
|
body = self.admin_blacklist_client.create_blacklist(**blacklist)[1]
|
|
self.addCleanup(
|
|
self.admin_blacklist_client.delete_blacklist, body['id'])
|
|
|
|
LOG.info('Primary tries to create a zone that is blacklisted by name.'
|
|
' Expected: FAIL')
|
|
with self.assertRaisesDns(
|
|
lib_exc.BadRequest, 'invalid_zone_name', 400):
|
|
self.primary_zone_client.create_zone(name=zone_name_to_deny)
|
|
|
|
LOG.info('Admin tries to create a zone that is blacklisted by name '
|
|
'for a Primary user. Expected: FAIL')
|
|
zone = self.admin_zone_client.create_zone(
|
|
name=zone_name_to_deny,
|
|
project_id=self.primary_zone_client.project_id)[1]
|
|
self.addCleanup(
|
|
self.wait_zone_delete, self.primary_zone_client, zone['id'])
|
|
|
|
LOG.info('Primary tries to create a zone that is blacklisted by regex.'
|
|
' Expected: FAIL')
|
|
with self.assertRaisesDns(
|
|
lib_exc.BadRequest, 'invalid_zone_name', 400):
|
|
self.primary_zone_client.create_zone(
|
|
name='a{}'.format(zone_name_to_deny))
|
|
|
|
LOG.info('Admin tries to create a zone that is blacklisted by regex'
|
|
' for a Primary user. Expected: FAIL')
|
|
zone = self.admin_zone_client.create_zone(
|
|
name='a{}'.format(zone_name_to_deny),
|
|
project_id=self.primary_zone_client.project_id)[1]
|
|
self.addCleanup(
|
|
self.wait_zone_delete, self.primary_zone_client, zone['id'])
|