]>
Commit | Line | Data |
---|---|---|
541bb91b | 1 | from __future__ import print_function |
e2dba705 | 2 | import json |
486210b8 | 3 | import operator |
d29d5db7 | 4 | import time |
e2dba705 | 5 | import unittest |
f626cc48 | 6 | import requests.exceptions |
ccfabd0d | 7 | from copy import deepcopy |
646bcd7d | 8 | from parameterized import parameterized |
6754ef71 | 9 | from pprint import pprint |
168a76b3 | 10 | from test_helper import ApiTestCase, unique_zone_name, is_auth, is_auth_lmdb, is_recursor, get_db_records, pdnsutil_rectify, sdig |
6754ef71 CH |
11 | |
12 | ||
13 | def get_rrset(data, qname, qtype): | |
14 | for rrset in data['rrsets']: | |
15 | if rrset['name'] == qname and rrset['type'] == qtype: | |
16 | return rrset | |
17 | return None | |
18 | ||
19 | ||
20 | def get_first_rec(data, qname, qtype): | |
21 | rrset = get_rrset(data, qname, qtype) | |
22 | if rrset: | |
23 | return rrset['records'][0] | |
24 | return None | |
25 | ||
26 | ||
27 | def eq_zone_rrsets(rrsets, expected): | |
28 | data_got = {} | |
29 | data_expected = {} | |
541bb91b | 30 | for type_, expected_records in expected.items(): |
6754ef71 CH |
31 | type_ = str(type_) |
32 | data_got[type_] = set() | |
33 | data_expected[type_] = set() | |
34 | uses_name = any(['name' in expected_record for expected_record in expected_records]) | |
35 | # minify + convert received data | |
36 | for rrset in [rrset for rrset in rrsets if rrset['type'] == type_]: | |
541bb91b | 37 | print(rrset) |
6754ef71 CH |
38 | for r in rrset['records']: |
39 | data_got[type_].add((rrset['name'] if uses_name else '@', rrset['type'], r['content'])) | |
40 | # minify expected data | |
41 | for r in expected_records: | |
42 | data_expected[type_].add((r['name'] if uses_name else '@', type_, r['content'])) | |
43 | ||
541bb91b | 44 | print("eq_zone_rrsets: got:") |
6754ef71 | 45 | pprint(data_got) |
541bb91b | 46 | print("eq_zone_rrsets: expected:") |
6754ef71 CH |
47 | pprint(data_expected) |
48 | ||
49 | assert data_got == data_expected, "%r != %r" % (data_got, data_expected) | |
1a152698 CH |
50 | |
51 | ||
02945d9a | 52 | class Zones(ApiTestCase): |
1a152698 | 53 | |
80e9a517 PD |
54 | def _test_list_zones(self, dnssec=True): |
55 | path = "/api/v1/servers/localhost/zones" | |
56 | if not dnssec: | |
57 | path = path + "?dnssec=false" | |
58 | r = self.session.get(self.url(path)) | |
c1374bdb | 59 | self.assert_success_json(r) |
45de6290 | 60 | domains = r.json() |
02945d9a | 61 | example_com = [domain for domain in domains if domain['name'] in ('example.com', 'example.com.')] |
4bfebc93 | 62 | self.assertEqual(len(example_com), 1) |
1a152698 | 63 | example_com = example_com[0] |
a21e8566 | 64 | print(example_com) |
02945d9a | 65 | required_fields = ['id', 'url', 'name', 'kind'] |
c1374bdb | 66 | if is_auth(): |
80e9a517 PD |
67 | required_fields = required_fields + ['masters', 'last_check', 'notified_serial', 'serial', 'account'] |
68 | if dnssec: | |
69 | required_fields = required_fields = ['dnssec', 'edited_serial'] | |
4bfebc93 | 70 | self.assertNotEqual(example_com['serial'], 0) |
a25bc5e9 PD |
71 | if not dnssec: |
72 | self.assertNotIn('dnssec', example_com) | |
c1374bdb | 73 | elif is_recursor(): |
02945d9a CH |
74 | required_fields = required_fields + ['recursion_desired', 'servers'] |
75 | for field in required_fields: | |
76 | self.assertIn(field, example_com) | |
77 | ||
80e9a517 | 78 | def test_list_zones_with_dnssec(self): |
a25bc5e9 PD |
79 | if is_auth(): |
80 | self._test_list_zones(True) | |
80e9a517 PD |
81 | |
82 | def test_list_zones_without_dnssec(self): | |
83 | self._test_list_zones(False) | |
02945d9a | 84 | |
406497f5 | 85 | class AuthZonesHelperMixin(object): |
284fdfe9 | 86 | def create_zone(self, name=None, **kwargs): |
bee2acae CH |
87 | if name is None: |
88 | name = unique_zone_name() | |
e2dba705 | 89 | payload = { |
bee2acae | 90 | 'name': name, |
e2dba705 | 91 | 'kind': 'Native', |
1d6b70f9 | 92 | 'nameservers': ['ns1.example.com.', 'ns2.example.com.'] |
e2dba705 | 93 | } |
284fdfe9 | 94 | for k, v in kwargs.items(): |
4bdff352 CH |
95 | if v is None: |
96 | del payload[k] | |
97 | else: | |
98 | payload[k] = v | |
541bb91b | 99 | print("sending", payload) |
e2dba705 | 100 | r = self.session.post( |
46d06a12 | 101 | self.url("/api/v1/servers/localhost/zones"), |
e2dba705 CH |
102 | data=json.dumps(payload), |
103 | headers={'content-type': 'application/json'}) | |
c1374bdb | 104 | self.assert_success_json(r) |
4bfebc93 | 105 | self.assertEqual(r.status_code, 201) |
1d6b70f9 | 106 | reply = r.json() |
541bb91b | 107 | print("reply", reply) |
6754ef71 | 108 | return name, payload, reply |
bee2acae | 109 | |
406497f5 CH |
110 | |
111 | @unittest.skipIf(not is_auth(), "Not applicable") | |
112 | class AuthZones(ApiTestCase, AuthZonesHelperMixin): | |
113 | ||
c1374bdb | 114 | def test_create_zone(self): |
b0af9105 | 115 | # soa_edit_api has a default, override with empty for this test |
6754ef71 | 116 | name, payload, data = self.create_zone(serial=22, soa_edit_api='') |
1258fecd | 117 | for k in ('id', 'url', 'name', 'masters', 'kind', 'last_check', 'notified_serial', 'serial', 'edited_serial', 'soa_edit_api', 'soa_edit', 'account'): |
d29d5db7 CH |
118 | self.assertIn(k, data) |
119 | if k in payload: | |
4bfebc93 | 120 | self.assertEqual(data[k], payload[k]) |
f63168e6 | 121 | # validate generated SOA |
f527c6ff | 122 | expected_soa = "a.misconfigured.dns.server.invalid. hostmaster." + name + " " + \ |
1d6b70f9 | 123 | str(payload['serial']) + " 10800 3600 604800 3600" |
4bfebc93 | 124 | self.assertEqual( |
6754ef71 | 125 | get_first_rec(data, name, 'SOA')['content'], |
1d6b70f9 | 126 | expected_soa |
f63168e6 | 127 | ) |
d1b98434 PD |
128 | |
129 | if not is_auth_lmdb(): | |
130 | # Because we had confusion about dots, check that the DB is without dots. | |
131 | dbrecs = get_db_records(name, 'SOA') | |
132 | self.assertEqual(dbrecs[0]['content'], expected_soa.replace('. ', ' ')) | |
4bfebc93 | 133 | self.assertNotEqual(data['serial'], data['edited_serial']) |
d29d5db7 | 134 | |
c1374bdb | 135 | def test_create_zone_with_soa_edit_api(self): |
f63168e6 | 136 | # soa_edit_api wins over serial |
6754ef71 | 137 | name, payload, data = self.create_zone(soa_edit_api='EPOCH', serial=10) |
f63168e6 | 138 | for k in ('soa_edit_api', ): |
e2dba705 CH |
139 | self.assertIn(k, data) |
140 | if k in payload: | |
4bfebc93 | 141 | self.assertEqual(data[k], payload[k]) |
f63168e6 | 142 | # generated EPOCH serial surely is > fixed serial we passed in |
541bb91b | 143 | print(data) |
f63168e6 | 144 | self.assertGreater(data['serial'], payload['serial']) |
6754ef71 | 145 | soa_serial = int(get_first_rec(data, name, 'SOA')['content'].split(' ')[2]) |
f63168e6 | 146 | self.assertGreater(soa_serial, payload['serial']) |
4bfebc93 | 147 | self.assertEqual(soa_serial, data['serial']) |
6bb25159 | 148 | |
a0930e45 KM |
149 | def test_create_zone_with_catalog(self): |
150 | # soa_edit_api wins over serial | |
151 | name, payload, data = self.create_zone(catalog='catalog.invalid.', serial=10) | |
152 | print(data) | |
153 | for k in ('catalog', ): | |
154 | self.assertIn(k, data) | |
155 | if k in payload: | |
156 | self.assertEqual(data[k], payload[k]) | |
157 | ||
79532aa7 CH |
158 | def test_create_zone_with_account(self): |
159 | # soa_edit_api wins over serial | |
6754ef71 | 160 | name, payload, data = self.create_zone(account='anaccount', serial=10) |
541bb91b | 161 | print(data) |
79532aa7 CH |
162 | for k in ('account', ): |
163 | self.assertIn(k, data) | |
164 | if k in payload: | |
4bfebc93 | 165 | self.assertEqual(data[k], payload[k]) |
79532aa7 | 166 | |
9440a9f0 CH |
167 | def test_create_zone_default_soa_edit_api(self): |
168 | name, payload, data = self.create_zone() | |
541bb91b | 169 | print(data) |
4bfebc93 | 170 | self.assertEqual(data['soa_edit_api'], 'DEFAULT') |
9440a9f0 | 171 | |
331d3062 CH |
172 | def test_create_zone_exists(self): |
173 | name, payload, data = self.create_zone() | |
174 | print(data) | |
175 | payload = { | |
176 | 'name': name, | |
177 | 'kind': 'Native' | |
178 | } | |
179 | print(payload) | |
180 | r = self.session.post( | |
181 | self.url("/api/v1/servers/localhost/zones"), | |
182 | data=json.dumps(payload), | |
183 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 184 | self.assertEqual(r.status_code, 409) # Conflict - already exists |
331d3062 | 185 | |
01f7df3f CH |
186 | def test_create_zone_with_soa_edit(self): |
187 | name, payload, data = self.create_zone(soa_edit='INCEPTION-INCREMENT', soa_edit_api='SOA-EDIT-INCREASE') | |
541bb91b | 188 | print(data) |
4bfebc93 CH |
189 | self.assertEqual(data['soa_edit'], 'INCEPTION-INCREMENT') |
190 | self.assertEqual(data['soa_edit_api'], 'SOA-EDIT-INCREASE') | |
01f7df3f CH |
191 | soa_serial = get_first_rec(data, name, 'SOA')['content'].split(' ')[2] |
192 | # These particular settings lead to the first serial set to YYYYMMDD01. | |
4bfebc93 | 193 | self.assertEqual(soa_serial[-2:], '01') |
f613d242 CH |
194 | rrset = { |
195 | 'changetype': 'replace', | |
196 | 'name': name, | |
197 | 'type': 'A', | |
198 | 'ttl': 3600, | |
199 | 'records': [ | |
200 | { | |
201 | "content": "127.0.0.1", | |
202 | "disabled": False | |
203 | } | |
204 | ] | |
205 | } | |
206 | payload = {'rrsets': [rrset]} | |
207 | self.session.patch( | |
208 | self.url("/api/v1/servers/localhost/zones/" + data['id']), | |
209 | data=json.dumps(payload), | |
210 | headers={'content-type': 'application/json'}) | |
211 | r = self.session.get(self.url("/api/v1/servers/localhost/zones/" + data['id'])) | |
212 | data = r.json() | |
213 | soa_serial = get_first_rec(data, name, 'SOA')['content'].split(' ')[2] | |
4bfebc93 | 214 | self.assertEqual(soa_serial[-2:], '02') |
01f7df3f | 215 | |
c1374bdb | 216 | def test_create_zone_with_records(self): |
f63168e6 | 217 | name = unique_zone_name() |
6754ef71 CH |
218 | rrset = { |
219 | "name": name, | |
220 | "type": "A", | |
221 | "ttl": 3600, | |
222 | "records": [{ | |
f63168e6 | 223 | "content": "4.3.2.1", |
6754ef71 CH |
224 | "disabled": False, |
225 | }], | |
226 | } | |
227 | name, payload, data = self.create_zone(name=name, rrsets=[rrset]) | |
f63168e6 | 228 | # check our record has appeared |
4bfebc93 | 229 | self.assertEqual(get_rrset(data, name, 'A')['records'], rrset['records']) |
f63168e6 | 230 | |
d0953126 AT |
231 | def test_create_zone_with_wildcard_records(self): |
232 | name = unique_zone_name() | |
6754ef71 CH |
233 | rrset = { |
234 | "name": "*."+name, | |
235 | "type": "A", | |
236 | "ttl": 3600, | |
237 | "records": [{ | |
d0953126 | 238 | "content": "4.3.2.1", |
6754ef71 CH |
239 | "disabled": False, |
240 | }], | |
241 | } | |
242 | name, payload, data = self.create_zone(name=name, rrsets=[rrset]) | |
d0953126 | 243 | # check our record has appeared |
4bfebc93 | 244 | self.assertEqual(get_rrset(data, rrset['name'], 'A')['records'], rrset['records']) |
d0953126 | 245 | |
c1374bdb | 246 | def test_create_zone_with_comments(self): |
f63168e6 | 247 | name = unique_zone_name() |
f2d6dcc0 RG |
248 | rrsets = [ |
249 | { | |
250 | "name": name, | |
251 | "type": "soa", # test uppercasing of type, too. | |
252 | "comments": [{ | |
253 | "account": "test1", | |
254 | "content": "blah blah", | |
255 | "modified_at": 11112, | |
256 | }], | |
257 | }, | |
258 | { | |
259 | "name": name, | |
260 | "type": "AAAA", | |
261 | "ttl": 3600, | |
262 | "records": [{ | |
263 | "content": "2001:DB8::1", | |
264 | "disabled": False, | |
265 | }], | |
266 | "comments": [{ | |
267 | "account": "test AAAA", | |
268 | "content": "blah blah AAAA", | |
269 | "modified_at": 11112, | |
270 | }], | |
271 | }, | |
272 | { | |
273 | "name": name, | |
274 | "type": "TXT", | |
275 | "ttl": 3600, | |
276 | "records": [{ | |
277 | "content": "\"test TXT\"", | |
278 | "disabled": False, | |
279 | }], | |
280 | }, | |
281 | { | |
282 | "name": name, | |
283 | "type": "A", | |
284 | "ttl": 3600, | |
285 | "records": [{ | |
286 | "content": "192.0.2.1", | |
287 | "disabled": False, | |
288 | }], | |
289 | }, | |
290 | ] | |
f626cc48 PD |
291 | |
292 | if is_auth_lmdb(): | |
293 | with self.assertRaises(requests.exceptions.HTTPError): # No comments in LMDB | |
294 | self.create_zone(name=name, rrsets=rrsets) | |
295 | return | |
296 | ||
f2d6dcc0 RG |
297 | name, payload, data = self.create_zone(name=name, rrsets=rrsets) |
298 | # NS records have been created | |
4bfebc93 | 299 | self.assertEqual(len(data['rrsets']), len(rrsets) + 1) |
f63168e6 | 300 | # check our comment has appeared |
4bfebc93 CH |
301 | self.assertEqual(get_rrset(data, name, 'SOA')['comments'], rrsets[0]['comments']) |
302 | self.assertEqual(get_rrset(data, name, 'A')['comments'], []) | |
303 | self.assertEqual(get_rrset(data, name, 'TXT')['comments'], []) | |
304 | self.assertEqual(get_rrset(data, name, 'AAAA')['comments'], rrsets[1]['comments']) | |
f63168e6 | 305 | |
1d6b70f9 CH |
306 | def test_create_zone_uncanonical_nameservers(self): |
307 | name = unique_zone_name() | |
308 | payload = { | |
309 | 'name': name, | |
310 | 'kind': 'Native', | |
311 | 'nameservers': ['uncanon.example.com'] | |
312 | } | |
541bb91b | 313 | print(payload) |
1d6b70f9 CH |
314 | r = self.session.post( |
315 | self.url("/api/v1/servers/localhost/zones"), | |
316 | data=json.dumps(payload), | |
317 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 318 | self.assertEqual(r.status_code, 422) |
1d6b70f9 CH |
319 | self.assertIn('Nameserver is not canonical', r.json()['error']) |
320 | ||
321 | def test_create_auth_zone_no_name(self): | |
322 | name = unique_zone_name() | |
323 | payload = { | |
324 | 'name': '', | |
325 | 'kind': 'Native', | |
326 | } | |
541bb91b | 327 | print(payload) |
1d6b70f9 CH |
328 | r = self.session.post( |
329 | self.url("/api/v1/servers/localhost/zones"), | |
330 | data=json.dumps(payload), | |
331 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 332 | self.assertEqual(r.status_code, 422) |
1d6b70f9 CH |
333 | self.assertIn('is not canonical', r.json()['error']) |
334 | ||
c1374bdb | 335 | def test_create_zone_with_custom_soa(self): |
f63168e6 | 336 | name = unique_zone_name() |
6754ef71 CH |
337 | content = u"ns1.example.net. testmaster@example.net. 10 10800 3600 604800 3600" |
338 | rrset = { | |
339 | "name": name, | |
340 | "type": "soa", # test uppercasing of type, too. | |
341 | "ttl": 3600, | |
342 | "records": [{ | |
343 | "content": content, | |
344 | "disabled": False, | |
345 | }], | |
346 | } | |
347 | name, payload, data = self.create_zone(name=name, rrsets=[rrset], soa_edit_api='') | |
4bfebc93 | 348 | self.assertEqual(get_rrset(data, name, 'SOA')['records'], rrset['records']) |
d1b98434 PD |
349 | if not is_auth_lmdb(): |
350 | dbrecs = get_db_records(name, 'SOA') | |
351 | self.assertEqual(dbrecs[0]['content'], content.replace('. ', ' ')) | |
1d6b70f9 CH |
352 | |
353 | def test_create_zone_double_dot(self): | |
354 | name = 'test..' + unique_zone_name() | |
355 | payload = { | |
356 | 'name': name, | |
357 | 'kind': 'Native', | |
358 | 'nameservers': ['ns1.example.com.'] | |
359 | } | |
541bb91b | 360 | print(payload) |
1d6b70f9 CH |
361 | r = self.session.post( |
362 | self.url("/api/v1/servers/localhost/zones"), | |
363 | data=json.dumps(payload), | |
364 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 365 | self.assertEqual(r.status_code, 422) |
1d6b70f9 | 366 | self.assertIn('Unable to parse DNS Name', r.json()['error']) |
05776d2f | 367 | |
1d6b70f9 CH |
368 | def test_create_zone_restricted_chars(self): |
369 | name = 'test:' + unique_zone_name() # : isn't good as a name. | |
370 | payload = { | |
371 | 'name': name, | |
372 | 'kind': 'Native', | |
373 | 'nameservers': ['ns1.example.com'] | |
374 | } | |
541bb91b | 375 | print(payload) |
1d6b70f9 CH |
376 | r = self.session.post( |
377 | self.url("/api/v1/servers/localhost/zones"), | |
378 | data=json.dumps(payload), | |
379 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 380 | self.assertEqual(r.status_code, 422) |
1d6b70f9 | 381 | self.assertIn('contains unsupported characters', r.json()['error']) |
4ebf78b1 | 382 | |
33e6c3e9 CH |
383 | def test_create_zone_mixed_nameservers_ns_rrset_zonelevel(self): |
384 | name = unique_zone_name() | |
385 | rrset = { | |
386 | "name": name, | |
387 | "type": "NS", | |
388 | "ttl": 3600, | |
389 | "records": [{ | |
390 | "content": "ns2.example.com.", | |
391 | "disabled": False, | |
392 | }], | |
393 | } | |
394 | payload = { | |
395 | 'name': name, | |
396 | 'kind': 'Native', | |
397 | 'nameservers': ['ns1.example.com.'], | |
398 | 'rrsets': [rrset], | |
399 | } | |
541bb91b | 400 | print(payload) |
33e6c3e9 CH |
401 | r = self.session.post( |
402 | self.url("/api/v1/servers/localhost/zones"), | |
403 | data=json.dumps(payload), | |
404 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 405 | self.assertEqual(r.status_code, 422) |
33e6c3e9 CH |
406 | self.assertIn('Nameservers list MUST NOT be mixed with zone-level NS in rrsets', r.json()['error']) |
407 | ||
408 | def test_create_zone_mixed_nameservers_ns_rrset_below_zonelevel(self): | |
409 | name = unique_zone_name() | |
410 | rrset = { | |
411 | "name": 'subzone.'+name, | |
412 | "type": "NS", | |
413 | "ttl": 3600, | |
414 | "records": [{ | |
415 | "content": "ns2.example.com.", | |
416 | "disabled": False, | |
417 | }], | |
418 | } | |
419 | payload = { | |
420 | 'name': name, | |
421 | 'kind': 'Native', | |
422 | 'nameservers': ['ns1.example.com.'], | |
423 | 'rrsets': [rrset], | |
424 | } | |
541bb91b | 425 | print(payload) |
33e6c3e9 CH |
426 | r = self.session.post( |
427 | self.url("/api/v1/servers/localhost/zones"), | |
428 | data=json.dumps(payload), | |
429 | headers={'content-type': 'application/json'}) | |
430 | self.assert_success_json(r) | |
431 | ||
c1374bdb | 432 | def test_create_zone_with_symbols(self): |
6754ef71 | 433 | name, payload, data = self.create_zone(name='foo/bar.'+unique_zone_name()) |
bee2acae | 434 | name = payload['name'] |
1d6b70f9 | 435 | expected_id = name.replace('/', '=2F') |
00a9b229 CH |
436 | for k in ('id', 'url', 'name', 'masters', 'kind', 'last_check', 'notified_serial', 'serial'): |
437 | self.assertIn(k, data) | |
438 | if k in payload: | |
4bfebc93 CH |
439 | self.assertEqual(data[k], payload[k]) |
440 | self.assertEqual(data['id'], expected_id) | |
d1b98434 PD |
441 | if not is_auth_lmdb(): |
442 | dbrecs = get_db_records(name, 'SOA') | |
443 | self.assertEqual(dbrecs[0]['name'], name.rstrip('.')) | |
00a9b229 | 444 | |
c1374bdb | 445 | def test_create_zone_with_nameservers_non_string(self): |
e90b4e38 CH |
446 | # ensure we don't crash |
447 | name = unique_zone_name() | |
448 | payload = { | |
449 | 'name': name, | |
450 | 'kind': 'Native', | |
451 | 'nameservers': [{'a': 'ns1.example.com'}] # invalid | |
452 | } | |
541bb91b | 453 | print(payload) |
e90b4e38 | 454 | r = self.session.post( |
46d06a12 | 455 | self.url("/api/v1/servers/localhost/zones"), |
e90b4e38 CH |
456 | data=json.dumps(payload), |
457 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 458 | self.assertEqual(r.status_code, 422) |
e90b4e38 | 459 | |
986e4858 PL |
460 | def test_create_zone_with_dnssec(self): |
461 | """ | |
462 | Create a zone with "dnssec" set and see if a key was made. | |
463 | """ | |
464 | name = unique_zone_name() | |
465 | name, payload, data = self.create_zone(dnssec=True) | |
466 | ||
467 | r = self.session.get(self.url("/api/v1/servers/localhost/zones/" + name)) | |
468 | ||
469 | for k in ('dnssec', ): | |
470 | self.assertIn(k, data) | |
471 | if k in payload: | |
4bfebc93 | 472 | self.assertEqual(data[k], payload[k]) |
986e4858 PL |
473 | |
474 | r = self.session.get(self.url("/api/v1/servers/localhost/zones/" + name + '/cryptokeys')) | |
475 | ||
476 | keys = r.json() | |
477 | ||
541bb91b | 478 | print(keys) |
986e4858 | 479 | |
4bfebc93 CH |
480 | self.assertEqual(r.status_code, 200) |
481 | self.assertEqual(len(keys), 1) | |
482 | self.assertEqual(keys[0]['type'], 'Cryptokey') | |
483 | self.assertEqual(keys[0]['active'], True) | |
484 | self.assertEqual(keys[0]['keytype'], 'csk') | |
986e4858 | 485 | |
cbe8b186 PL |
486 | def test_create_zone_with_dnssec_disable_dnssec(self): |
487 | """ | |
488 | Create a zone with "dnssec", then set "dnssec" to false and see if the | |
489 | keys are gone | |
490 | """ | |
491 | name = unique_zone_name() | |
492 | name, payload, data = self.create_zone(dnssec=True) | |
493 | ||
494 | self.session.put(self.url("/api/v1/servers/localhost/zones/" + name), | |
495 | data=json.dumps({'dnssec': False})) | |
496 | r = self.session.get(self.url("/api/v1/servers/localhost/zones/" + name)) | |
497 | ||
498 | zoneinfo = r.json() | |
499 | ||
4bfebc93 CH |
500 | self.assertEqual(r.status_code, 200) |
501 | self.assertEqual(zoneinfo['dnssec'], False) | |
cbe8b186 PL |
502 | |
503 | r = self.session.get(self.url("/api/v1/servers/localhost/zones/" + name + '/cryptokeys')) | |
504 | ||
505 | keys = r.json() | |
506 | ||
4bfebc93 CH |
507 | self.assertEqual(r.status_code, 200) |
508 | self.assertEqual(len(keys), 0) | |
cbe8b186 | 509 | |
986e4858 PL |
510 | def test_create_zone_with_nsec3param(self): |
511 | """ | |
512 | Create a zone with "nsec3param" set and see if the metadata was added. | |
513 | """ | |
514 | name = unique_zone_name() | |
5a5d565f | 515 | nsec3param = '1 0 100 aabbccddeeff' |
986e4858 PL |
516 | name, payload, data = self.create_zone(dnssec=True, nsec3param=nsec3param) |
517 | ||
518 | r = self.session.get(self.url("/api/v1/servers/localhost/zones/" + name)) | |
519 | ||
520 | for k in ('dnssec', 'nsec3param'): | |
521 | self.assertIn(k, data) | |
522 | if k in payload: | |
4bfebc93 | 523 | self.assertEqual(data[k], payload[k]) |
986e4858 PL |
524 | |
525 | r = self.session.get(self.url("/api/v1/servers/localhost/zones/" + name + '/metadata/NSEC3PARAM')) | |
526 | ||
527 | data = r.json() | |
528 | ||
541bb91b | 529 | print(data) |
986e4858 | 530 | |
4bfebc93 CH |
531 | self.assertEqual(r.status_code, 200) |
532 | self.assertEqual(len(data['metadata']), 1) | |
533 | self.assertEqual(data['kind'], 'NSEC3PARAM') | |
534 | self.assertEqual(data['metadata'][0], nsec3param) | |
986e4858 PL |
535 | |
536 | def test_create_zone_with_nsec3narrow(self): | |
537 | """ | |
538 | Create a zone with "nsec3narrow" set and see if the metadata was added. | |
539 | """ | |
540 | name = unique_zone_name() | |
5a5d565f | 541 | nsec3param = '1 0 100 aabbccddeeff' |
986e4858 PL |
542 | name, payload, data = self.create_zone(dnssec=True, nsec3param=nsec3param, |
543 | nsec3narrow=True) | |
544 | ||
545 | r = self.session.get(self.url("/api/v1/servers/localhost/zones/" + name)) | |
546 | ||
547 | for k in ('dnssec', 'nsec3param', 'nsec3narrow'): | |
548 | self.assertIn(k, data) | |
549 | if k in payload: | |
4bfebc93 | 550 | self.assertEqual(data[k], payload[k]) |
986e4858 PL |
551 | |
552 | r = self.session.get(self.url("/api/v1/servers/localhost/zones/" + name + '/metadata/NSEC3NARROW')) | |
553 | ||
554 | data = r.json() | |
555 | ||
541bb91b | 556 | print(data) |
986e4858 | 557 | |
4bfebc93 CH |
558 | self.assertEqual(r.status_code, 200) |
559 | self.assertEqual(len(data['metadata']), 1) | |
560 | self.assertEqual(data['kind'], 'NSEC3NARROW') | |
561 | self.assertEqual(data['metadata'][0], '1') | |
986e4858 | 562 | |
df434f42 PL |
563 | def test_create_zone_with_nsec3param_switch_to_nsec(self): |
564 | """ | |
565 | Create a zone with "nsec3param", then remove the params | |
566 | """ | |
567 | name, payload, data = self.create_zone(dnssec=True, | |
568 | nsec3param='1 0 1 ab') | |
569 | self.session.put(self.url("/api/v1/servers/localhost/zones/" + name), | |
570 | data=json.dumps({'nsec3param': ''})) | |
571 | r = self.session.get( | |
572 | self.url("/api/v1/servers/localhost/zones/" + name)) | |
573 | data = r.json() | |
574 | ||
4bfebc93 CH |
575 | self.assertEqual(r.status_code, 200) |
576 | self.assertEqual(data['nsec3param'], '') | |
df434f42 | 577 | |
efc52697 KM |
578 | def test_create_zone_without_dnssec_unset_nsec3parm(self): |
579 | """ | |
580 | Create a non dnssec zone and set an empty "nsec3param" | |
581 | """ | |
582 | name, payload, data = self.create_zone(dnssec=False) | |
583 | r = self.session.put(self.url("/api/v1/servers/localhost/zones/" + name), | |
584 | data=json.dumps({'nsec3param': ''})) | |
585 | ||
586 | self.assertEqual(r.status_code, 204) | |
587 | ||
588 | def test_create_zone_without_dnssec_set_nsec3parm(self): | |
589 | """ | |
590 | Create a non dnssec zone and set "nsec3param" | |
591 | """ | |
592 | name, payload, data = self.create_zone(dnssec=False) | |
593 | r = self.session.put(self.url("/api/v1/servers/localhost/zones/" + name), | |
594 | data=json.dumps({'nsec3param': '1 0 1 ab'})) | |
595 | ||
596 | self.assertEqual(r.status_code, 422) | |
597 | ||
a843c67e KM |
598 | def test_create_zone_dnssec_serial(self): |
599 | """ | |
168a76b3 | 600 | Create a zone, then set and unset "dnssec", then check if the serial was increased |
a843c67e KM |
601 | after every step |
602 | """ | |
a843c67e KM |
603 | name, payload, data = self.create_zone() |
604 | ||
605 | soa_serial = get_first_rec(data, name, 'SOA')['content'].split(' ')[2] | |
4bfebc93 | 606 | self.assertEqual(soa_serial[-2:], '01') |
a843c67e KM |
607 | |
608 | self.session.put(self.url("/api/v1/servers/localhost/zones/" + name), | |
609 | data=json.dumps({'dnssec': True})) | |
610 | r = self.session.get(self.url("/api/v1/servers/localhost/zones/" + name)) | |
611 | ||
612 | data = r.json() | |
613 | soa_serial = get_first_rec(data, name, 'SOA')['content'].split(' ')[2] | |
614 | ||
4bfebc93 CH |
615 | self.assertEqual(r.status_code, 200) |
616 | self.assertEqual(soa_serial[-2:], '02') | |
a843c67e KM |
617 | |
618 | self.session.put(self.url("/api/v1/servers/localhost/zones/" + name), | |
619 | data=json.dumps({'dnssec': False})) | |
620 | r = self.session.get(self.url("/api/v1/servers/localhost/zones/" + name)) | |
621 | ||
622 | data = r.json() | |
623 | soa_serial = get_first_rec(data, name, 'SOA')['content'].split(' ')[2] | |
624 | ||
4bfebc93 CH |
625 | self.assertEqual(r.status_code, 200) |
626 | self.assertEqual(soa_serial[-2:], '03') | |
a843c67e | 627 | |
16e25450 CH |
628 | def test_zone_absolute_url(self): |
629 | name, payload, data = self.create_zone() | |
630 | r = self.session.get(self.url("/api/v1/servers/localhost/zones")) | |
631 | rdata = r.json() | |
632 | print(rdata[0]) | |
633 | self.assertTrue(rdata[0]['url'].startswith('/api/v')) | |
634 | ||
24e11043 CJ |
635 | def test_create_zone_metadata(self): |
636 | payload_metadata = {"type": "Metadata", "kind": "AXFR-SOURCE", "metadata": ["127.0.0.2"]} | |
637 | r = self.session.post(self.url("/api/v1/servers/localhost/zones/example.com/metadata"), | |
638 | data=json.dumps(payload_metadata)) | |
639 | rdata = r.json() | |
4bfebc93 CH |
640 | self.assertEqual(r.status_code, 201) |
641 | self.assertEqual(rdata["metadata"], payload_metadata["metadata"]) | |
24e11043 CJ |
642 | |
643 | def test_create_zone_metadata_kind(self): | |
644 | payload_metadata = {"metadata": ["127.0.0.2"]} | |
645 | r = self.session.put(self.url("/api/v1/servers/localhost/zones/example.com/metadata/AXFR-SOURCE"), | |
646 | data=json.dumps(payload_metadata)) | |
647 | rdata = r.json() | |
4bfebc93 CH |
648 | self.assertEqual(r.status_code, 200) |
649 | self.assertEqual(rdata["metadata"], payload_metadata["metadata"]) | |
24e11043 CJ |
650 | |
651 | def test_create_protected_zone_metadata(self): | |
652 | # test whether it prevents modification of certain kinds | |
653 | for k in ("NSEC3NARROW", "NSEC3PARAM", "PRESIGNED", "LUA-AXFR-SCRIPT"): | |
654 | payload = {"metadata": ["FOO", "BAR"]} | |
655 | r = self.session.put(self.url("/api/v1/servers/localhost/zones/example.com/metadata/%s" % k), | |
656 | data=json.dumps(payload)) | |
4bfebc93 | 657 | self.assertEqual(r.status_code, 422) |
24e11043 CJ |
658 | |
659 | def test_retrieve_zone_metadata(self): | |
660 | payload_metadata = {"type": "Metadata", "kind": "AXFR-SOURCE", "metadata": ["127.0.0.2"]} | |
661 | self.session.post(self.url("/api/v1/servers/localhost/zones/example.com/metadata"), | |
662 | data=json.dumps(payload_metadata)) | |
663 | r = self.session.get(self.url("/api/v1/servers/localhost/zones/example.com/metadata")) | |
664 | rdata = r.json() | |
4bfebc93 | 665 | self.assertEqual(r.status_code, 200) |
24e11043 CJ |
666 | self.assertIn(payload_metadata, rdata) |
667 | ||
668 | def test_delete_zone_metadata(self): | |
669 | r = self.session.delete(self.url("/api/v1/servers/localhost/zones/example.com/metadata/AXFR-SOURCE")) | |
4bfebc93 | 670 | self.assertEqual(r.status_code, 200) |
24e11043 CJ |
671 | r = self.session.get(self.url("/api/v1/servers/localhost/zones/example.com/metadata/AXFR-SOURCE")) |
672 | rdata = r.json() | |
4bfebc93 CH |
673 | self.assertEqual(r.status_code, 200) |
674 | self.assertEqual(rdata["metadata"], []) | |
24e11043 | 675 | |
9ac4e6d5 PL |
676 | def test_create_external_zone_metadata(self): |
677 | payload_metadata = {"metadata": ["My very important message"]} | |
678 | r = self.session.put(self.url("/api/v1/servers/localhost/zones/example.com/metadata/X-MYMETA"), | |
679 | data=json.dumps(payload_metadata)) | |
4bfebc93 | 680 | self.assertEqual(r.status_code, 200) |
9ac4e6d5 | 681 | rdata = r.json() |
4bfebc93 | 682 | self.assertEqual(rdata["metadata"], payload_metadata["metadata"]) |
9ac4e6d5 | 683 | |
d38e81e6 PL |
684 | def test_create_metadata_in_non_existent_zone(self): |
685 | payload_metadata = {"type": "Metadata", "kind": "AXFR-SOURCE", "metadata": ["127.0.0.2"]} | |
686 | r = self.session.post(self.url("/api/v1/servers/localhost/zones/idonotexist.123.456.example./metadata"), | |
687 | data=json.dumps(payload_metadata)) | |
4bfebc93 | 688 | self.assertEqual(r.status_code, 404) |
77bfe8de PL |
689 | # Note: errors should probably contain json (see #5988) |
690 | # self.assertIn('Could not find domain ', r.json()['error']) | |
d38e81e6 | 691 | |
4bdff352 CH |
692 | def test_create_slave_zone(self): |
693 | # Test that nameservers can be absent for slave zones. | |
6754ef71 | 694 | name, payload, data = self.create_zone(kind='Slave', nameservers=None, masters=['127.0.0.2']) |
4bdff352 CH |
695 | for k in ('name', 'masters', 'kind'): |
696 | self.assertIn(k, data) | |
4bfebc93 | 697 | self.assertEqual(data[k], payload[k]) |
541bb91b CH |
698 | print("payload:", payload) |
699 | print("data:", data) | |
4de11a54 | 700 | # Because slave zones don't get a SOA, we need to test that they'll show up in the zone list. |
46d06a12 | 701 | r = self.session.get(self.url("/api/v1/servers/localhost/zones")) |
4de11a54 | 702 | zonelist = r.json() |
541bb91b | 703 | print("zonelist:", zonelist) |
4de11a54 CH |
704 | self.assertIn(payload['name'], [zone['name'] for zone in zonelist]) |
705 | # Also test that fetching the zone works. | |
46d06a12 | 706 | r = self.session.get(self.url("/api/v1/servers/localhost/zones/" + data['id'])) |
4de11a54 | 707 | data = r.json() |
541bb91b | 708 | print("zone (fetched):", data) |
4de11a54 CH |
709 | for k in ('name', 'masters', 'kind'): |
710 | self.assertIn(k, data) | |
4bfebc93 | 711 | self.assertEqual(data[k], payload[k]) |
4de11a54 | 712 | self.assertEqual(data['serial'], 0) |
6754ef71 | 713 | self.assertEqual(data['rrsets'], []) |
4de11a54 | 714 | |
2f27a15f KM |
715 | def test_create_consumer_zone(self): |
716 | # Test that nameservers can be absent for consumer zones. | |
717 | name, payload, data = self.create_zone(kind='Consumer', nameservers=None, masters=['127.0.0.2']) | |
718 | for k in ('name', 'masters', 'kind'): | |
719 | self.assertIn(k, data) | |
720 | self.assertEqual(data[k], payload[k]) | |
721 | print("payload:", payload) | |
722 | print("data:", data) | |
723 | # Because consumer zones don't get a SOA, we need to test that they'll show up in the zone list. | |
724 | r = self.session.get(self.url("/api/v1/servers/localhost/zones")) | |
725 | zonelist = r.json() | |
726 | print("zonelist:", zonelist) | |
727 | self.assertIn(payload['name'], [zone['name'] for zone in zonelist]) | |
728 | # Also test that fetching the zone works. | |
729 | r = self.session.get(self.url("/api/v1/servers/localhost/zones/" + data['id'])) | |
730 | data = r.json() | |
731 | print("zone (fetched):", data) | |
732 | for k in ('name', 'masters', 'kind'): | |
733 | self.assertIn(k, data) | |
734 | self.assertEqual(data[k], payload[k]) | |
735 | self.assertEqual(data['serial'], 0) | |
736 | self.assertEqual(data['rrsets'], []) | |
737 | ||
e543cc8f CH |
738 | def test_find_zone_by_name(self): |
739 | name = 'foo/' + unique_zone_name() | |
740 | name, payload, data = self.create_zone(name=name) | |
741 | r = self.session.get(self.url("/api/v1/servers/localhost/zones?zone=" + name)) | |
742 | data = r.json() | |
743 | print(data) | |
4bfebc93 | 744 | self.assertEqual(data[0]['name'], name) |
e543cc8f | 745 | |
4de11a54 | 746 | def test_delete_slave_zone(self): |
6754ef71 | 747 | name, payload, data = self.create_zone(kind='Slave', nameservers=None, masters=['127.0.0.2']) |
46d06a12 | 748 | r = self.session.delete(self.url("/api/v1/servers/localhost/zones/" + data['id'])) |
2f27a15f KM |
749 | r.raise_for_status() |
750 | ||
751 | def test_delete_consumer_zone(self): | |
752 | name, payload, data = self.create_zone(kind='Consumer', nameservers=None, masters=['127.0.0.2']) | |
753 | r = self.session.delete(self.url("/api/v1/servers/localhost/zones/" + data['id'])) | |
4de11a54 | 754 | r.raise_for_status() |
4bdff352 | 755 | |
a426cb89 | 756 | def test_retrieve_slave_zone(self): |
6754ef71 | 757 | name, payload, data = self.create_zone(kind='Slave', nameservers=None, masters=['127.0.0.2']) |
541bb91b CH |
758 | print("payload:", payload) |
759 | print("data:", data) | |
46d06a12 | 760 | r = self.session.put(self.url("/api/v1/servers/localhost/zones/" + data['id'] + "/axfr-retrieve")) |
a426cb89 | 761 | data = r.json() |
541bb91b | 762 | print("status for axfr-retrieve:", data) |
a426cb89 CH |
763 | self.assertEqual(data['result'], u'Added retrieval request for \'' + payload['name'] + |
764 | '\' from master 127.0.0.2') | |
765 | ||
766 | def test_notify_master_zone(self): | |
6754ef71 | 767 | name, payload, data = self.create_zone(kind='Master') |
541bb91b CH |
768 | print("payload:", payload) |
769 | print("data:", data) | |
46d06a12 | 770 | r = self.session.put(self.url("/api/v1/servers/localhost/zones/" + data['id'] + "/notify")) |
a426cb89 | 771 | data = r.json() |
541bb91b | 772 | print("status for notify:", data) |
a426cb89 CH |
773 | self.assertEqual(data['result'], 'Notification queued') |
774 | ||
c1374bdb | 775 | def test_get_zone_with_symbols(self): |
6754ef71 | 776 | name, payload, data = self.create_zone(name='foo/bar.'+unique_zone_name()) |
3c3c006b | 777 | name = payload['name'] |
1d6b70f9 | 778 | zone_id = (name.replace('/', '=2F')) |
46d06a12 | 779 | r = self.session.get(self.url("/api/v1/servers/localhost/zones/" + zone_id)) |
c1374bdb | 780 | data = r.json() |
6bb25159 | 781 | for k in ('id', 'url', 'name', 'masters', 'kind', 'last_check', 'notified_serial', 'serial', 'dnssec'): |
3c3c006b CH |
782 | self.assertIn(k, data) |
783 | if k in payload: | |
4bfebc93 | 784 | self.assertEqual(data[k], payload[k]) |
3c3c006b | 785 | |
c1374bdb | 786 | def test_get_zone(self): |
46d06a12 | 787 | r = self.session.get(self.url("/api/v1/servers/localhost/zones")) |
05776d2f | 788 | domains = r.json() |
1d6b70f9 | 789 | example_com = [domain for domain in domains if domain['name'] == u'example.com.'][0] |
46d06a12 | 790 | r = self.session.get(self.url("/api/v1/servers/localhost/zones/" + example_com['id'])) |
c1374bdb | 791 | self.assert_success_json(r) |
05776d2f CH |
792 | data = r.json() |
793 | for k in ('id', 'url', 'name', 'masters', 'kind', 'last_check', 'notified_serial', 'serial'): | |
794 | self.assertIn(k, data) | |
4bfebc93 | 795 | self.assertEqual(data['name'], 'example.com.') |
7c0ba3d2 | 796 | |
486210b8 PD |
797 | def test_get_zone_rrset(self): |
798 | rz = self.session.get(self.url("/api/v1/servers/localhost/zones")) | |
799 | domains = rz.json() | |
800 | example_com = [domain for domain in domains if domain['name'] == u'example.com.'][0] | |
801 | ||
802 | # verify single record from name that has a single record | |
803 | r = self.session.get(self.url("/api/v1/servers/localhost/zones/" + example_com['id'] + "?rrset_name=host-18000.example.com.")) | |
804 | self.assert_success_json(r) | |
805 | data = r.json() | |
806 | for k in ('id', 'url', 'name', 'masters', 'kind', 'last_check', 'notified_serial', 'serial', 'rrsets'): | |
807 | self.assertIn(k, data) | |
808 | self.assertEqual(data['rrsets'], | |
809 | [ | |
810 | { | |
811 | 'comments': [], | |
812 | 'name': 'host-18000.example.com.', | |
813 | 'records': | |
814 | [ | |
815 | { | |
816 | 'content': '192.168.1.80', | |
817 | 'disabled': False | |
818 | } | |
819 | ], | |
820 | 'ttl': 120, | |
821 | 'type': 'A' | |
822 | } | |
823 | ] | |
824 | ) | |
825 | ||
826 | # verify two RRsets from a name that has two types with one record each | |
827 | powerdnssec_org = [domain for domain in domains if domain['name'] == u'powerdnssec.org.'][0] | |
828 | r = self.session.get(self.url("/api/v1/servers/localhost/zones/" + powerdnssec_org['id'] + "?rrset_name=localhost.powerdnssec.org.")) | |
829 | self.assert_success_json(r) | |
830 | data = r.json() | |
831 | for k in ('id', 'url', 'name', 'masters', 'kind', 'last_check', 'notified_serial', 'serial', 'rrsets'): | |
832 | self.assertIn(k, data) | |
833 | self.assertEqual(sorted(data['rrsets'], key=operator.itemgetter('type')), | |
834 | [ | |
835 | { | |
836 | 'comments': [], | |
837 | 'name': 'localhost.powerdnssec.org.', | |
838 | 'records': | |
839 | [ | |
840 | { | |
841 | 'content': '127.0.0.1', | |
842 | 'disabled': False | |
843 | } | |
844 | ], | |
845 | 'ttl': 3600, | |
846 | 'type': 'A' | |
847 | }, | |
848 | { | |
849 | 'comments': [], | |
850 | 'name': 'localhost.powerdnssec.org.', | |
851 | 'records': | |
852 | [ | |
853 | { | |
854 | 'content': '::1', | |
855 | 'disabled': False | |
856 | } | |
857 | ], | |
858 | 'ttl': 3600, | |
859 | 'type': 'AAAA' | |
860 | }, | |
861 | ] | |
862 | ) | |
863 | ||
864 | # verify one RRset with one record from a name that has two, then filtered by type | |
865 | r = self.session.get(self.url("/api/v1/servers/localhost/zones/" + powerdnssec_org['id'] + "?rrset_name=localhost.powerdnssec.org.&rrset_type=AAAA")) | |
866 | self.assert_success_json(r) | |
867 | data = r.json() | |
868 | for k in ('id', 'url', 'name', 'masters', 'kind', 'last_check', 'notified_serial', 'serial', 'rrsets'): | |
869 | self.assertIn(k, data) | |
870 | self.assertEqual(data['rrsets'], | |
871 | [ | |
872 | { | |
873 | 'comments': [], | |
874 | 'name': 'localhost.powerdnssec.org.', | |
875 | 'records': | |
876 | [ | |
877 | { | |
878 | 'content': '::1', | |
879 | 'disabled': False | |
880 | } | |
881 | ], | |
882 | 'ttl': 3600, | |
883 | 'type': 'AAAA' | |
884 | } | |
885 | ] | |
886 | ) | |
887 | ||
0f0e73fe | 888 | def test_import_zone_broken(self): |
646bcd7d CH |
889 | payload = { |
890 | 'name': 'powerdns-broken.com', | |
891 | 'kind': 'Master', | |
892 | 'nameservers': [], | |
893 | } | |
0f0e73fe MS |
894 | payload['zone'] = """ |
895 | ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58571 | |
896 | flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 | |
897 | ;; WARNING: recursion requested but not available | |
898 | ||
899 | ;; OPT PSEUDOSECTION: | |
900 | ; EDNS: version: 0, flags:; udp: 1680 | |
901 | ;; QUESTION SECTION: | |
902 | ;powerdns.com. IN SOA | |
903 | ||
904 | ;; ANSWER SECTION: | |
905 | powerdns-broken.com. 86400 IN SOA powerdnssec1.ds9a.nl. ahu.ds9a.nl. 1343746984 10800 3600 604800 10800 | |
906 | powerdns-broken.com. 3600 IN NS powerdnssec2.ds9a.nl. | |
907 | powerdns-broken.com. 3600 IN AAAA 2001:888:2000:1d::2 | |
908 | powerdns-broken.com. 86400 IN A 82.94.213.34 | |
909 | powerdns-broken.com. 3600 IN MX 0 xs.powerdns.com. | |
910 | powerdns-broken.com. 3600 IN NS powerdnssec1.ds9a.nl. | |
911 | powerdns-broken.com. 86400 IN SOA powerdnssec1.ds9a.nl. ahu.ds9a.nl. 1343746984 10800 3600 604800 10800 | |
912 | """ | |
0f0e73fe | 913 | r = self.session.post( |
46d06a12 | 914 | self.url("/api/v1/servers/localhost/zones"), |
0f0e73fe MS |
915 | data=json.dumps(payload), |
916 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 917 | self.assertEqual(r.status_code, 422) |
0f0e73fe | 918 | |
1d6b70f9 CH |
919 | def test_import_zone_axfr_outofzone(self): |
920 | # Ensure we don't create out-of-zone records | |
646bcd7d CH |
921 | payload = { |
922 | 'name': unique_zone_name(), | |
923 | 'kind': 'Master', | |
924 | 'nameservers': [], | |
925 | } | |
1d6b70f9 | 926 | payload['zone'] = """ |
646bcd7d CH |
927 | %NAME% 86400 IN SOA powerdnssec1.ds9a.nl. ahu.ds9a.nl. 1343746984 10800 3600 604800 10800 |
928 | %NAME% 3600 IN NS powerdnssec2.ds9a.nl. | |
1d6b70f9 | 929 | example.org. 3600 IN AAAA 2001:888:2000:1d::2 |
646bcd7d CH |
930 | %NAME% 86400 IN SOA powerdnssec1.ds9a.nl. ahu.ds9a.nl. 1343746984 10800 3600 604800 10800 |
931 | """.replace('%NAME%', payload['name']) | |
1d6b70f9 CH |
932 | r = self.session.post( |
933 | self.url("/api/v1/servers/localhost/zones"), | |
934 | data=json.dumps(payload), | |
935 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 936 | self.assertEqual(r.status_code, 422) |
1d6b70f9 CH |
937 | self.assertEqual(r.json()['error'], 'RRset example.org. IN AAAA: Name is out of zone') |
938 | ||
0f0e73fe | 939 | def test_import_zone_axfr(self): |
646bcd7d CH |
940 | payload = { |
941 | 'name': 'powerdns.com.', | |
942 | 'kind': 'Master', | |
943 | 'nameservers': [], | |
944 | 'soa_edit_api': '', # turn off so exact SOA comparison works. | |
945 | } | |
0f0e73fe MS |
946 | payload['zone'] = """ |
947 | ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58571 | |
948 | ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 | |
949 | ;; WARNING: recursion requested but not available | |
950 | ||
951 | ;; OPT PSEUDOSECTION: | |
952 | ; EDNS: version: 0, flags:; udp: 1680 | |
953 | ;; QUESTION SECTION: | |
954 | ;powerdns.com. IN SOA | |
955 | ||
956 | ;; ANSWER SECTION: | |
957 | powerdns.com. 86400 IN SOA powerdnssec1.ds9a.nl. ahu.ds9a.nl. 1343746984 10800 3600 604800 10800 | |
958 | powerdns.com. 3600 IN NS powerdnssec2.ds9a.nl. | |
959 | powerdns.com. 3600 IN AAAA 2001:888:2000:1d::2 | |
960 | powerdns.com. 86400 IN A 82.94.213.34 | |
961 | powerdns.com. 3600 IN MX 0 xs.powerdns.com. | |
962 | powerdns.com. 3600 IN NS powerdnssec1.ds9a.nl. | |
963 | powerdns.com. 86400 IN SOA powerdnssec1.ds9a.nl. ahu.ds9a.nl. 1343746984 10800 3600 604800 10800 | |
964 | """ | |
0f0e73fe | 965 | r = self.session.post( |
46d06a12 | 966 | self.url("/api/v1/servers/localhost/zones"), |
0f0e73fe MS |
967 | data=json.dumps(payload), |
968 | headers={'content-type': 'application/json'}) | |
969 | self.assert_success_json(r) | |
970 | data = r.json() | |
971 | self.assertIn('name', data) | |
0f0e73fe | 972 | |
90568eb2 MS |
973 | expected = { |
974 | 'NS': [ | |
6754ef71 CH |
975 | {'content': 'powerdnssec1.ds9a.nl.'}, |
976 | {'content': 'powerdnssec2.ds9a.nl.'}, | |
977 | ], | |
90568eb2 | 978 | 'SOA': [ |
6754ef71 CH |
979 | {'content': 'powerdnssec1.ds9a.nl. ahu.ds9a.nl. 1343746984 10800 3600 604800 10800'}, |
980 | ], | |
90568eb2 | 981 | 'MX': [ |
6754ef71 CH |
982 | {'content': '0 xs.powerdns.com.'}, |
983 | ], | |
90568eb2 | 984 | 'A': [ |
6754ef71 CH |
985 | {'content': '82.94.213.34', 'name': 'powerdns.com.'}, |
986 | ], | |
90568eb2 | 987 | 'AAAA': [ |
6754ef71 CH |
988 | {'content': '2001:888:2000:1d::2', 'name': 'powerdns.com.'}, |
989 | ], | |
90568eb2 | 990 | } |
0f0e73fe | 991 | |
6754ef71 | 992 | eq_zone_rrsets(data['rrsets'], expected) |
1d6b70f9 | 993 | |
d1b98434 PD |
994 | if not is_auth_lmdb(): |
995 | # check content in DB is stored WITHOUT trailing dot. | |
996 | dbrecs = get_db_records(payload['name'], 'NS') | |
997 | dbrec = next((dbrec for dbrec in dbrecs if dbrec['content'].startswith('powerdnssec1'))) | |
998 | self.assertEqual(dbrec['content'], 'powerdnssec1.ds9a.nl') | |
0f0e73fe MS |
999 | |
1000 | def test_import_zone_bind(self): | |
646bcd7d CH |
1001 | payload = { |
1002 | 'name': 'example.org.', | |
1003 | 'kind': 'Master', | |
1004 | 'nameservers': [], | |
1005 | 'soa_edit_api': '', # turn off so exact SOA comparison works. | |
1006 | } | |
0f0e73fe MS |
1007 | payload['zone'] = """ |
1008 | $TTL 86400 ; 24 hours could have been written as 24h or 1d | |
1009 | ; $TTL used for all RRs without explicit TTL value | |
1010 | $ORIGIN example.org. | |
1011 | @ 1D IN SOA ns1.example.org. hostmaster.example.org. ( | |
1012 | 2002022401 ; serial | |
1013 | 3H ; refresh | |
1014 | 15 ; retry | |
1015 | 1w ; expire | |
1016 | 3h ; minimum | |
1017 | ) | |
1018 | IN NS ns1.example.org. ; in the domain | |
1019 | IN NS ns2.smokeyjoe.com. ; external to domain | |
1020 | IN MX 10 mail.another.com. ; external mail provider | |
1021 | ; server host definitions | |
1d6b70f9 | 1022 | ns1 IN A 192.168.0.1 ;name server definition |
0f0e73fe MS |
1023 | www IN A 192.168.0.2 ;web server definition |
1024 | ftp IN CNAME www.example.org. ;ftp server definition | |
1025 | ; non server domain hosts | |
1026 | bill IN A 192.168.0.3 | |
1d6b70f9 | 1027 | fred IN A 192.168.0.4 |
0f0e73fe | 1028 | """ |
0f0e73fe | 1029 | r = self.session.post( |
46d06a12 | 1030 | self.url("/api/v1/servers/localhost/zones"), |
0f0e73fe MS |
1031 | data=json.dumps(payload), |
1032 | headers={'content-type': 'application/json'}) | |
1033 | self.assert_success_json(r) | |
1034 | data = r.json() | |
1035 | self.assertIn('name', data) | |
0f0e73fe | 1036 | |
90568eb2 MS |
1037 | expected = { |
1038 | 'NS': [ | |
6754ef71 CH |
1039 | {'content': 'ns1.example.org.'}, |
1040 | {'content': 'ns2.smokeyjoe.com.'}, | |
1041 | ], | |
90568eb2 | 1042 | 'SOA': [ |
6754ef71 CH |
1043 | {'content': 'ns1.example.org. hostmaster.example.org. 2002022401 10800 15 604800 10800'}, |
1044 | ], | |
90568eb2 | 1045 | 'MX': [ |
6754ef71 CH |
1046 | {'content': '10 mail.another.com.'}, |
1047 | ], | |
90568eb2 | 1048 | 'A': [ |
6754ef71 CH |
1049 | {'content': '192.168.0.1', 'name': 'ns1.example.org.'}, |
1050 | {'content': '192.168.0.2', 'name': 'www.example.org.'}, | |
1051 | {'content': '192.168.0.3', 'name': 'bill.example.org.'}, | |
1052 | {'content': '192.168.0.4', 'name': 'fred.example.org.'}, | |
1053 | ], | |
90568eb2 | 1054 | 'CNAME': [ |
6754ef71 CH |
1055 | {'content': 'www.example.org.', 'name': 'ftp.example.org.'}, |
1056 | ], | |
90568eb2 | 1057 | } |
0f0e73fe | 1058 | |
6754ef71 | 1059 | eq_zone_rrsets(data['rrsets'], expected) |
0f0e73fe | 1060 | |
646bcd7d CH |
1061 | def test_import_zone_bind_cname_apex(self): |
1062 | payload = { | |
1063 | 'name': unique_zone_name(), | |
1064 | 'kind': 'Master', | |
1065 | 'nameservers': [], | |
1066 | } | |
1067 | payload['zone'] = """ | |
1068 | $ORIGIN %NAME% | |
1069 | @ IN SOA ns1.example.org. hostmaster.example.org. (2002022401 3H 15 1W 3H) | |
1070 | @ IN NS ns1.example.org. | |
1071 | @ IN NS ns2.smokeyjoe.com. | |
1072 | @ IN CNAME www.example.org. | |
1073 | """.replace('%NAME%', payload['name']) | |
1074 | r = self.session.post( | |
1075 | self.url("/api/v1/servers/localhost/zones"), | |
1076 | data=json.dumps(payload), | |
1077 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 1078 | self.assertEqual(r.status_code, 422) |
646bcd7d CH |
1079 | self.assertIn('Conflicts with another RRset', r.json()['error']) |
1080 | ||
c1374bdb | 1081 | def test_export_zone_json(self): |
6754ef71 | 1082 | name, payload, zone = self.create_zone(nameservers=['ns1.foo.com.', 'ns2.foo.com.'], soa_edit_api='') |
a83004d3 CH |
1083 | # export it |
1084 | r = self.session.get( | |
46d06a12 | 1085 | self.url("/api/v1/servers/localhost/zones/" + name + "/export"), |
a83004d3 CH |
1086 | headers={'accept': 'application/json;q=0.9,*/*;q=0.8'} |
1087 | ) | |
c1374bdb | 1088 | self.assert_success_json(r) |
a83004d3 CH |
1089 | data = r.json() |
1090 | self.assertIn('zone', data) | |
ba2a1254 DK |
1091 | expected_data = [name + '\t3600\tIN\tNS\tns1.foo.com.', |
1092 | name + '\t3600\tIN\tNS\tns2.foo.com.', | |
f527c6ff | 1093 | name + '\t3600\tIN\tSOA\ta.misconfigured.dns.server.invalid. hostmaster.' + name + |
1d6b70f9 | 1094 | ' 0 10800 3600 604800 3600'] |
7386e38f | 1095 | self.assertCountEqual(data['zone'].strip().split('\n'), expected_data) |
a83004d3 | 1096 | |
c1374bdb | 1097 | def test_export_zone_text(self): |
6754ef71 | 1098 | name, payload, zone = self.create_zone(nameservers=['ns1.foo.com.', 'ns2.foo.com.'], soa_edit_api='') |
a83004d3 CH |
1099 | # export it |
1100 | r = self.session.get( | |
46d06a12 | 1101 | self.url("/api/v1/servers/localhost/zones/" + name + "/export"), |
a83004d3 CH |
1102 | headers={'accept': '*/*'} |
1103 | ) | |
1104 | data = r.text.strip().split("\n") | |
ba2a1254 DK |
1105 | expected_data = [name + '\t3600\tIN\tNS\tns1.foo.com.', |
1106 | name + '\t3600\tIN\tNS\tns2.foo.com.', | |
f527c6ff | 1107 | name + '\t3600\tIN\tSOA\ta.misconfigured.dns.server.invalid. hostmaster.' + name + |
1d6b70f9 | 1108 | ' 0 10800 3600 604800 3600'] |
7386e38f | 1109 | self.assertCountEqual(data, expected_data) |
a83004d3 | 1110 | |
c1374bdb | 1111 | def test_update_zone(self): |
6754ef71 | 1112 | name, payload, zone = self.create_zone() |
bee2acae | 1113 | name = payload['name'] |
d29d5db7 | 1114 | # update, set as Master and enable SOA-EDIT-API |
7c0ba3d2 CH |
1115 | payload = { |
1116 | 'kind': 'Master', | |
c1374bdb | 1117 | 'masters': ['192.0.2.1', '192.0.2.2'], |
a0930e45 | 1118 | 'catalog': 'catalog.invalid.', |
6bb25159 MS |
1119 | 'soa_edit_api': 'EPOCH', |
1120 | 'soa_edit': 'EPOCH' | |
7c0ba3d2 CH |
1121 | } |
1122 | r = self.session.put( | |
46d06a12 | 1123 | self.url("/api/v1/servers/localhost/zones/" + name), |
7c0ba3d2 CH |
1124 | data=json.dumps(payload), |
1125 | headers={'content-type': 'application/json'}) | |
f0e76cee CH |
1126 | self.assert_success(r) |
1127 | data = self.session.get(self.url("/api/v1/servers/localhost/zones/" + name)).json() | |
7c0ba3d2 CH |
1128 | for k in payload.keys(): |
1129 | self.assertIn(k, data) | |
4bfebc93 | 1130 | self.assertEqual(data[k], payload[k]) |
d29d5db7 | 1131 | # update, back to Native and empty(off) |
7c0ba3d2 | 1132 | payload = { |
d29d5db7 | 1133 | 'kind': 'Native', |
a0930e45 | 1134 | 'catalog': '', |
6bb25159 MS |
1135 | 'soa_edit_api': '', |
1136 | 'soa_edit': '' | |
7c0ba3d2 CH |
1137 | } |
1138 | r = self.session.put( | |
46d06a12 | 1139 | self.url("/api/v1/servers/localhost/zones/" + name), |
7c0ba3d2 CH |
1140 | data=json.dumps(payload), |
1141 | headers={'content-type': 'application/json'}) | |
f0e76cee CH |
1142 | self.assert_success(r) |
1143 | data = self.session.get(self.url("/api/v1/servers/localhost/zones/" + name)).json() | |
7c0ba3d2 CH |
1144 | for k in payload.keys(): |
1145 | self.assertIn(k, data) | |
4bfebc93 | 1146 | self.assertEqual(data[k], payload[k]) |
b3905a3d | 1147 | |
c1374bdb | 1148 | def test_zone_rr_update(self): |
6754ef71 | 1149 | name, payload, zone = self.create_zone() |
b3905a3d | 1150 | # do a replace (= update) |
d708640f | 1151 | rrset = { |
b3905a3d CH |
1152 | 'changetype': 'replace', |
1153 | 'name': name, | |
8ce0dc75 | 1154 | 'type': 'ns', |
6754ef71 | 1155 | 'ttl': 3600, |
b3905a3d CH |
1156 | 'records': [ |
1157 | { | |
1d6b70f9 | 1158 | "content": "ns1.bar.com.", |
cea26350 CH |
1159 | "disabled": False |
1160 | }, | |
1161 | { | |
1d6b70f9 | 1162 | "content": "ns2-disabled.bar.com.", |
cea26350 | 1163 | "disabled": True |
b3905a3d CH |
1164 | } |
1165 | ] | |
1166 | } | |
d708640f | 1167 | payload = {'rrsets': [rrset]} |
b3905a3d | 1168 | r = self.session.patch( |
46d06a12 | 1169 | self.url("/api/v1/servers/localhost/zones/" + name), |
b3905a3d CH |
1170 | data=json.dumps(payload), |
1171 | headers={'content-type': 'application/json'}) | |
f0e76cee | 1172 | self.assert_success(r) |
b3905a3d | 1173 | # verify that (only) the new record is there |
f0e76cee | 1174 | data = self.session.get(self.url("/api/v1/servers/localhost/zones/" + name)).json() |
7386e38f | 1175 | self.assertCountEqual(get_rrset(data, name, 'NS')['records'], rrset['records']) |
b3905a3d | 1176 | |
c1374bdb | 1177 | def test_zone_rr_update_mx(self): |
05cf6a71 | 1178 | # Important to test with MX records, as they have a priority field, which must end up in the content field. |
6754ef71 | 1179 | name, payload, zone = self.create_zone() |
41e3b10e | 1180 | # do a replace (= update) |
d708640f | 1181 | rrset = { |
41e3b10e CH |
1182 | 'changetype': 'replace', |
1183 | 'name': name, | |
1184 | 'type': 'MX', | |
6754ef71 | 1185 | 'ttl': 3600, |
41e3b10e CH |
1186 | 'records': [ |
1187 | { | |
1d6b70f9 | 1188 | "content": "10 mail.example.org.", |
41e3b10e CH |
1189 | "disabled": False |
1190 | } | |
1191 | ] | |
1192 | } | |
d708640f | 1193 | payload = {'rrsets': [rrset]} |
41e3b10e | 1194 | r = self.session.patch( |
46d06a12 | 1195 | self.url("/api/v1/servers/localhost/zones/" + name), |
41e3b10e CH |
1196 | data=json.dumps(payload), |
1197 | headers={'content-type': 'application/json'}) | |
f0e76cee | 1198 | self.assert_success(r) |
41e3b10e | 1199 | # verify that (only) the new record is there |
f0e76cee | 1200 | data = self.session.get(self.url("/api/v1/servers/localhost/zones/" + name)).json() |
4bfebc93 | 1201 | self.assertEqual(get_rrset(data, name, 'MX')['records'], rrset['records']) |
d708640f | 1202 | |
81950930 CHB |
1203 | def test_zone_rr_update_invalid_mx(self): |
1204 | name, payload, zone = self.create_zone() | |
1205 | # do a replace (= update) | |
1206 | rrset = { | |
1207 | 'changetype': 'replace', | |
1208 | 'name': name, | |
1209 | 'type': 'MX', | |
1210 | 'ttl': 3600, | |
1211 | 'records': [ | |
1212 | { | |
1213 | "content": "10 mail@mx.example.org.", | |
1214 | "disabled": False | |
1215 | } | |
1216 | ] | |
1217 | } | |
1218 | payload = {'rrsets': [rrset]} | |
1219 | r = self.session.patch( | |
1220 | self.url("/api/v1/servers/localhost/zones/" + name), | |
1221 | data=json.dumps(payload), | |
1222 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 1223 | self.assertEqual(r.status_code, 422) |
97c8ea81 | 1224 | self.assertIn('non-hostname content', r.json()['error']) |
81950930 CHB |
1225 | data = self.session.get(self.url("/api/v1/servers/localhost/zones/" + name)).json() |
1226 | self.assertIsNone(get_rrset(data, name, 'MX')) | |
1227 | ||
a53b24d0 CHB |
1228 | def test_zone_rr_update_opt(self): |
1229 | name, payload, zone = self.create_zone() | |
1230 | # do a replace (= update) | |
1231 | rrset = { | |
1232 | 'changetype': 'replace', | |
1233 | 'name': name, | |
1234 | 'type': 'OPT', | |
1235 | 'ttl': 3600, | |
1236 | 'records': [ | |
1237 | { | |
1238 | "content": "9", | |
1239 | "disabled": False | |
1240 | } | |
1241 | ] | |
1242 | } | |
1243 | payload = {'rrsets': [rrset]} | |
1244 | r = self.session.patch( | |
1245 | self.url("/api/v1/servers/localhost/zones/" + name), | |
1246 | data=json.dumps(payload), | |
1247 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 1248 | self.assertEqual(r.status_code, 422) |
a53b24d0 CHB |
1249 | self.assertIn('OPT: invalid type given', r.json()['error']) |
1250 | ||
c1374bdb | 1251 | def test_zone_rr_update_multiple_rrsets(self): |
6754ef71 | 1252 | name, payload, zone = self.create_zone() |
d708640f CH |
1253 | rrset1 = { |
1254 | 'changetype': 'replace', | |
1255 | 'name': name, | |
1256 | 'type': 'NS', | |
6754ef71 | 1257 | 'ttl': 3600, |
d708640f CH |
1258 | 'records': [ |
1259 | { | |
6754ef71 | 1260 | |
1d6b70f9 | 1261 | "content": "ns9999.example.com.", |
d708640f CH |
1262 | "disabled": False |
1263 | } | |
1264 | ] | |
1265 | } | |
1266 | rrset2 = { | |
1267 | 'changetype': 'replace', | |
1268 | 'name': name, | |
1269 | 'type': 'MX', | |
6754ef71 | 1270 | 'ttl': 3600, |
d708640f CH |
1271 | 'records': [ |
1272 | { | |
1d6b70f9 | 1273 | "content": "10 mx444.example.com.", |
d708640f CH |
1274 | "disabled": False |
1275 | } | |
1276 | ] | |
1277 | } | |
1278 | payload = {'rrsets': [rrset1, rrset2]} | |
1279 | r = self.session.patch( | |
46d06a12 | 1280 | self.url("/api/v1/servers/localhost/zones/" + name), |
d708640f CH |
1281 | data=json.dumps(payload), |
1282 | headers={'content-type': 'application/json'}) | |
f0e76cee | 1283 | self.assert_success(r) |
d708640f | 1284 | # verify that all rrsets have been updated |
f0e76cee | 1285 | data = self.session.get(self.url("/api/v1/servers/localhost/zones/" + name)).json() |
4bfebc93 CH |
1286 | self.assertEqual(get_rrset(data, name, 'NS')['records'], rrset1['records']) |
1287 | self.assertEqual(get_rrset(data, name, 'MX')['records'], rrset2['records']) | |
41e3b10e | 1288 | |
e3675a8a CH |
1289 | def test_zone_rr_update_duplicate_record(self): |
1290 | name, payload, zone = self.create_zone() | |
1291 | rrset = { | |
1292 | 'changetype': 'replace', | |
1293 | 'name': name, | |
1294 | 'type': 'NS', | |
1295 | 'ttl': 3600, | |
1296 | 'records': [ | |
1297 | {"content": "ns9999.example.com.", "disabled": False}, | |
1298 | {"content": "ns9996.example.com.", "disabled": False}, | |
1299 | {"content": "ns9987.example.com.", "disabled": False}, | |
1300 | {"content": "ns9988.example.com.", "disabled": False}, | |
1301 | {"content": "ns9999.example.com.", "disabled": False}, | |
1302 | ] | |
1303 | } | |
1304 | payload = {'rrsets': [rrset]} | |
1305 | r = self.session.patch( | |
1306 | self.url("/api/v1/servers/localhost/zones/" + name), | |
1307 | data=json.dumps(payload), | |
1308 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 1309 | self.assertEqual(r.status_code, 422) |
e3675a8a CH |
1310 | self.assertIn('Duplicate record in RRset', r.json()['error']) |
1311 | ||
90904988 PD |
1312 | def test_zone_rr_update_duplicate_rrset(self): |
1313 | name, payload, zone = self.create_zone() | |
1314 | rrset1 = { | |
1315 | 'changetype': 'replace', | |
1316 | 'name': name, | |
1317 | 'type': 'NS', | |
1318 | 'ttl': 3600, | |
1319 | 'records': [ | |
1320 | { | |
1321 | "content": "ns9999.example.com.", | |
1322 | "disabled": False | |
1323 | } | |
1324 | ] | |
1325 | } | |
1326 | rrset2 = { | |
1327 | 'changetype': 'replace', | |
1328 | 'name': name, | |
1329 | 'type': 'NS', | |
1330 | 'ttl': 3600, | |
1331 | 'records': [ | |
1332 | { | |
1333 | "content": "ns9998.example.com.", | |
1334 | "disabled": False | |
1335 | } | |
1336 | ] | |
1337 | } | |
1338 | payload = {'rrsets': [rrset1, rrset2]} | |
1339 | r = self.session.patch( | |
1340 | self.url("/api/v1/servers/localhost/zones/" + name), | |
1341 | data=json.dumps(payload), | |
1342 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 1343 | self.assertEqual(r.status_code, 422) |
90904988 PD |
1344 | self.assertIn('Duplicate RRset', r.json()['error']) |
1345 | ||
c1374bdb | 1346 | def test_zone_rr_delete(self): |
6754ef71 | 1347 | name, payload, zone = self.create_zone() |
b3905a3d | 1348 | # do a delete of all NS records (these are created with the zone) |
d708640f | 1349 | rrset = { |
b3905a3d CH |
1350 | 'changetype': 'delete', |
1351 | 'name': name, | |
1352 | 'type': 'NS' | |
1353 | } | |
d708640f | 1354 | payload = {'rrsets': [rrset]} |
b3905a3d | 1355 | r = self.session.patch( |
46d06a12 | 1356 | self.url("/api/v1/servers/localhost/zones/" + name), |
b3905a3d CH |
1357 | data=json.dumps(payload), |
1358 | headers={'content-type': 'application/json'}) | |
f0e76cee | 1359 | self.assert_success(r) |
b3905a3d | 1360 | # verify that the records are gone |
f0e76cee | 1361 | data = self.session.get(self.url("/api/v1/servers/localhost/zones/" + name)).json() |
6754ef71 | 1362 | self.assertIsNone(get_rrset(data, name, 'NS')) |
cea26350 | 1363 | |
e732e9cc JE |
1364 | def test_zone_rr_update_rrset_combine_replace_and_delete(self): |
1365 | name, payload, zone = self.create_zone() | |
1366 | rrset1 = { | |
1367 | 'changetype': 'delete', | |
1368 | 'name': 'sub.' + name, | |
1369 | 'type': 'CNAME', | |
1370 | } | |
1371 | rrset2 = { | |
1372 | 'changetype': 'replace', | |
1373 | 'name': 'sub.' + name, | |
1374 | 'type': 'CNAME', | |
1375 | 'ttl': 500, | |
1376 | 'records': [ | |
1377 | { | |
1378 | "content": "www.example.org.", | |
1379 | "disabled": False | |
1380 | } | |
1381 | ] | |
1382 | } | |
1383 | payload = {'rrsets': [rrset1, rrset2]} | |
1384 | r = self.session.patch( | |
1385 | self.url("/api/v1/servers/localhost/zones/" + name), | |
1386 | data=json.dumps(payload), | |
1387 | headers={'content-type': 'application/json'}) | |
1388 | self.assert_success(r) | |
1389 | # verify that (only) the new record is there | |
1390 | data = self.session.get(self.url("/api/v1/servers/localhost/zones/" + name)).json() | |
4bfebc93 | 1391 | self.assertEqual(get_rrset(data, 'sub.' + name, 'CNAME')['records'], rrset2['records']) |
e732e9cc | 1392 | |
c1374bdb | 1393 | def test_zone_disable_reenable(self): |
d29d5db7 | 1394 | # This also tests that SOA-EDIT-API works. |
6754ef71 | 1395 | name, payload, zone = self.create_zone(soa_edit_api='EPOCH') |
cea26350 | 1396 | # disable zone by disabling SOA |
d708640f | 1397 | rrset = { |
cea26350 CH |
1398 | 'changetype': 'replace', |
1399 | 'name': name, | |
1400 | 'type': 'SOA', | |
6754ef71 | 1401 | 'ttl': 3600, |
cea26350 CH |
1402 | 'records': [ |
1403 | { | |
1d6b70f9 | 1404 | "content": "ns1.bar.com. hostmaster.foo.org. 1 1 1 1 1", |
cea26350 CH |
1405 | "disabled": True |
1406 | } | |
1407 | ] | |
1408 | } | |
d708640f | 1409 | payload = {'rrsets': [rrset]} |
cea26350 | 1410 | r = self.session.patch( |
46d06a12 | 1411 | self.url("/api/v1/servers/localhost/zones/" + name), |
cea26350 CH |
1412 | data=json.dumps(payload), |
1413 | headers={'content-type': 'application/json'}) | |
f0e76cee | 1414 | self.assert_success(r) |
d29d5db7 | 1415 | # check SOA serial has been edited |
f0e76cee CH |
1416 | data = self.session.get(self.url("/api/v1/servers/localhost/zones/" + name)).json() |
1417 | soa_serial1 = get_first_rec(data, name, 'SOA')['content'].split()[2] | |
4bfebc93 | 1418 | self.assertNotEqual(soa_serial1, '1') |
d29d5db7 | 1419 | # make sure domain is still in zone list (disabled SOA!) |
46d06a12 | 1420 | r = self.session.get(self.url("/api/v1/servers/localhost/zones")) |
cea26350 | 1421 | domains = r.json() |
4bfebc93 | 1422 | self.assertEqual(len([domain for domain in domains if domain['name'] == name]), 1) |
d29d5db7 CH |
1423 | # sleep 1sec to ensure the EPOCH value changes for the next request |
1424 | time.sleep(1) | |
cea26350 | 1425 | # verify that modifying it still works |
d708640f CH |
1426 | rrset['records'][0]['disabled'] = False |
1427 | payload = {'rrsets': [rrset]} | |
cea26350 | 1428 | r = self.session.patch( |
46d06a12 | 1429 | self.url("/api/v1/servers/localhost/zones/" + name), |
cea26350 CH |
1430 | data=json.dumps(payload), |
1431 | headers={'content-type': 'application/json'}) | |
f0e76cee | 1432 | self.assert_success(r) |
d29d5db7 | 1433 | # check SOA serial has been edited again |
f0e76cee CH |
1434 | data = self.session.get(self.url("/api/v1/servers/localhost/zones/" + name)).json() |
1435 | soa_serial2 = get_first_rec(data, name, 'SOA')['content'].split()[2] | |
4bfebc93 CH |
1436 | self.assertNotEqual(soa_serial2, '1') |
1437 | self.assertNotEqual(soa_serial2, soa_serial1) | |
02945d9a | 1438 | |
c1374bdb | 1439 | def test_zone_rr_update_out_of_zone(self): |
6754ef71 | 1440 | name, payload, zone = self.create_zone() |
35f26cc5 | 1441 | # replace with qname mismatch |
d708640f | 1442 | rrset = { |
35f26cc5 | 1443 | 'changetype': 'replace', |
1d6b70f9 | 1444 | 'name': 'not-in-zone.', |
35f26cc5 | 1445 | 'type': 'NS', |
6754ef71 | 1446 | 'ttl': 3600, |
35f26cc5 CH |
1447 | 'records': [ |
1448 | { | |
1d6b70f9 | 1449 | "content": "ns1.bar.com.", |
35f26cc5 CH |
1450 | "disabled": False |
1451 | } | |
1452 | ] | |
1453 | } | |
d708640f | 1454 | payload = {'rrsets': [rrset]} |
35f26cc5 | 1455 | r = self.session.patch( |
46d06a12 | 1456 | self.url("/api/v1/servers/localhost/zones/" + name), |
35f26cc5 CH |
1457 | data=json.dumps(payload), |
1458 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 1459 | self.assertEqual(r.status_code, 422) |
35f26cc5 CH |
1460 | self.assertIn('out of zone', r.json()['error']) |
1461 | ||
1d6b70f9 | 1462 | def test_zone_rr_update_restricted_chars(self): |
6754ef71 | 1463 | name, payload, zone = self.create_zone() |
1d6b70f9 CH |
1464 | # replace with qname mismatch |
1465 | rrset = { | |
1466 | 'changetype': 'replace', | |
1467 | 'name': 'test:' + name, | |
1468 | 'type': 'NS', | |
6754ef71 | 1469 | 'ttl': 3600, |
1d6b70f9 CH |
1470 | 'records': [ |
1471 | { | |
1d6b70f9 CH |
1472 | "content": "ns1.bar.com.", |
1473 | "disabled": False | |
1474 | } | |
1475 | ] | |
1476 | } | |
1477 | payload = {'rrsets': [rrset]} | |
1478 | r = self.session.patch( | |
1479 | self.url("/api/v1/servers/localhost/zones/" + name), | |
1480 | data=json.dumps(payload), | |
1481 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 1482 | self.assertEqual(r.status_code, 422) |
1d6b70f9 CH |
1483 | self.assertIn('contains unsupported characters', r.json()['error']) |
1484 | ||
24cd86ca | 1485 | def test_rrset_unknown_type(self): |
6754ef71 | 1486 | name, payload, zone = self.create_zone() |
24cd86ca CH |
1487 | rrset = { |
1488 | 'changetype': 'replace', | |
1489 | 'name': name, | |
1490 | 'type': 'FAFAFA', | |
6754ef71 | 1491 | 'ttl': 3600, |
24cd86ca CH |
1492 | 'records': [ |
1493 | { | |
24cd86ca CH |
1494 | "content": "4.3.2.1", |
1495 | "disabled": False | |
1496 | } | |
1497 | ] | |
1498 | } | |
1499 | payload = {'rrsets': [rrset]} | |
46d06a12 | 1500 | r = self.session.patch(self.url("/api/v1/servers/localhost/zones/" + name), data=json.dumps(payload), |
24cd86ca | 1501 | headers={'content-type': 'application/json'}) |
4bfebc93 | 1502 | self.assertEqual(r.status_code, 422) |
24cd86ca CH |
1503 | self.assertIn('unknown type', r.json()['error']) |
1504 | ||
646bcd7d CH |
1505 | @parameterized.expand([ |
1506 | ('CNAME', ), | |
646bcd7d CH |
1507 | ]) |
1508 | def test_rrset_exclusive_and_other(self, qtype): | |
8560f36a CH |
1509 | name, payload, zone = self.create_zone() |
1510 | rrset = { | |
1511 | 'changetype': 'replace', | |
1512 | 'name': name, | |
646bcd7d | 1513 | 'type': qtype, |
8560f36a CH |
1514 | 'ttl': 3600, |
1515 | 'records': [ | |
1516 | { | |
1517 | "content": "example.org.", | |
1518 | "disabled": False | |
1519 | } | |
1520 | ] | |
1521 | } | |
1522 | payload = {'rrsets': [rrset]} | |
1523 | r = self.session.patch(self.url("/api/v1/servers/localhost/zones/" + name), data=json.dumps(payload), | |
1524 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 1525 | self.assertEqual(r.status_code, 422) |
646bcd7d | 1526 | self.assertIn('Conflicts with pre-existing RRset', r.json()['error']) |
8560f36a | 1527 | |
646bcd7d CH |
1528 | @parameterized.expand([ |
1529 | ('CNAME', ), | |
646bcd7d CH |
1530 | ]) |
1531 | def test_rrset_other_and_exclusive(self, qtype): | |
8560f36a CH |
1532 | name, payload, zone = self.create_zone() |
1533 | rrset = { | |
1534 | 'changetype': 'replace', | |
1535 | 'name': 'sub.'+name, | |
646bcd7d | 1536 | 'type': qtype, |
8560f36a CH |
1537 | 'ttl': 3600, |
1538 | 'records': [ | |
1539 | { | |
1540 | "content": "example.org.", | |
1541 | "disabled": False | |
1542 | } | |
1543 | ] | |
1544 | } | |
1545 | payload = {'rrsets': [rrset]} | |
1546 | r = self.session.patch(self.url("/api/v1/servers/localhost/zones/" + name), data=json.dumps(payload), | |
1547 | headers={'content-type': 'application/json'}) | |
1548 | self.assert_success(r) | |
1549 | rrset = { | |
1550 | 'changetype': 'replace', | |
1551 | 'name': 'sub.'+name, | |
1552 | 'type': 'A', | |
1553 | 'ttl': 3600, | |
1554 | 'records': [ | |
1555 | { | |
1556 | "content": "1.2.3.4", | |
1557 | "disabled": False | |
1558 | } | |
1559 | ] | |
1560 | } | |
1561 | payload = {'rrsets': [rrset]} | |
1562 | r = self.session.patch(self.url("/api/v1/servers/localhost/zones/" + name), data=json.dumps(payload), | |
1563 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 1564 | self.assertEqual(r.status_code, 422) |
646bcd7d CH |
1565 | self.assertIn('Conflicts with pre-existing RRset', r.json()['error']) |
1566 | ||
1567 | @parameterized.expand([ | |
2eb206ec KM |
1568 | ('', 'SOA', ['ns1.example.org. test@example.org. 10 10800 3600 604800 3600', 'ns2.example.org. test@example.org. 10 10800 3600 604800 3600']), |
1569 | ('sub.', 'CNAME', ['01.example.org.', '02.example.org.']), | |
646bcd7d | 1570 | ]) |
2eb206ec | 1571 | def test_rrset_single_qtypes(self, label, qtype, contents): |
8b1fa85d RG |
1572 | name, payload, zone = self.create_zone() |
1573 | rrset = { | |
1574 | 'changetype': 'replace', | |
2eb206ec | 1575 | 'name': label + name, |
646bcd7d | 1576 | 'type': qtype, |
8b1fa85d RG |
1577 | 'ttl': 3600, |
1578 | 'records': [ | |
1579 | { | |
646bcd7d | 1580 | "content": contents[0], |
8b1fa85d RG |
1581 | "disabled": False |
1582 | }, | |
1583 | { | |
646bcd7d | 1584 | "content": contents[1], |
8b1fa85d RG |
1585 | "disabled": False |
1586 | } | |
1587 | ] | |
1588 | } | |
1589 | payload = {'rrsets': [rrset]} | |
1590 | r = self.session.patch(self.url("/api/v1/servers/localhost/zones/" + name), data=json.dumps(payload), | |
1591 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 1592 | self.assertEqual(r.status_code, 422) |
646bcd7d | 1593 | self.assertIn('IN ' + qtype + ' has more than one record', r.json()['error']) |
8b1fa85d | 1594 | |
d2b117ec AT |
1595 | def test_rrset_zone_apex(self): |
1596 | name, payload, zone = self.create_zone() | |
1597 | rrset1 = { | |
1598 | 'changetype': 'replace', | |
1599 | 'name': name, | |
1600 | 'type': 'SOA', | |
1601 | 'ttl': 3600, | |
1602 | 'records': [ | |
1603 | { | |
1604 | "content": 'ns1.example.org. test@example.org. 10 10800 3600 604800 3600', | |
1605 | "disabled": False | |
1606 | }, | |
1607 | ] | |
1608 | } | |
1609 | rrset2 = { | |
1610 | 'changetype': 'replace', | |
1611 | 'name': name, | |
1612 | 'type': 'DNAME', | |
1613 | 'ttl': 3600, | |
1614 | 'records': [ | |
1615 | { | |
1616 | "content": 'example.com.', | |
1617 | "disabled": False | |
1618 | }, | |
1619 | ] | |
1620 | } | |
1621 | ||
1622 | payload = {'rrsets': [rrset1, rrset2]} | |
1623 | r = self.session.patch(self.url("/api/v1/servers/localhost/zones/" + name), data=json.dumps(payload), | |
1624 | headers={'content-type': 'application/json'}) | |
1625 | self.assert_success(r) # user should be able to create DNAME at APEX as per RFC 6672 section 2.3 | |
1626 | ||
2eb206ec KM |
1627 | @parameterized.expand([ |
1628 | ('SOA', 'ns1.example.org. test@example.org. 10 10800 3600 604800 1800'), | |
1629 | ('DNSKEY', '257 3 8 AwEAAb/+pXOZWYQ8mv9WM5dFva8WU9jcIUdDuEjldbyfnkQ/xlrJC5zAEfhYhrea3SmIPmMTDimLqbh3/4SMTNPTUF+9+U1vpNfIRTFadqsmuU9Fddz3JqCcYwEpWbReg6DJOeyu+9oBoIQkPxFyLtIXEPGlQzrynKubn04Cx83I6NfzDTraJT3jLHKeW5PVc1ifqKzHz5TXdHHTA7NkJAa0sPcZCoNE1LpnJI/wcUpRUiuQhoLFeT1E432GuPuZ7y+agElGj0NnBxEgnHrhrnZWUbULpRa/il+Cr5Taj988HqX9Xdm6FjcP4Lbuds/44U7U8du224Q8jTrZ57Yvj4VDQKc='), | |
2eb206ec KM |
1630 | ]) |
1631 | def test_only_at_apex(self, qtype, content): | |
1632 | name, payload, zone = self.create_zone(soa_edit_api='') | |
1633 | rrset = { | |
1634 | 'changetype': 'replace', | |
1635 | 'name': name, | |
1636 | 'type': qtype, | |
1637 | 'ttl': 3600, | |
1638 | 'records': [ | |
1639 | { | |
1640 | "content": content, | |
1641 | "disabled": False | |
1642 | }, | |
1643 | ] | |
1644 | } | |
1645 | payload = {'rrsets': [rrset]} | |
1646 | r = self.session.patch( | |
1647 | self.url("/api/v1/servers/localhost/zones/" + name), | |
1648 | data=json.dumps(payload), | |
1649 | headers={'content-type': 'application/json'}) | |
1650 | self.assert_success(r) | |
1651 | # verify that the new record is there | |
1652 | data = self.session.get(self.url("/api/v1/servers/localhost/zones/" + name)).json() | |
1653 | self.assertEqual(get_rrset(data, name, qtype)['records'], rrset['records']) | |
1654 | ||
1655 | rrset = { | |
1656 | 'changetype': 'replace', | |
1657 | 'name': 'sub.' + name, | |
1658 | 'type': qtype, | |
1659 | 'ttl': 3600, | |
1660 | 'records': [ | |
1661 | { | |
1662 | "content": content, | |
1663 | "disabled": False | |
1664 | }, | |
1665 | ] | |
1666 | } | |
1667 | payload = {'rrsets': [rrset]} | |
1668 | r = self.session.patch(self.url("/api/v1/servers/localhost/zones/" + name), data=json.dumps(payload), | |
1669 | headers={'content-type': 'application/json'}) | |
1670 | self.assertEqual(r.status_code, 422) | |
1671 | self.assertIn('only allowed at apex', r.json()['error']) | |
1672 | data = self.session.get(self.url("/api/v1/servers/localhost/zones/" + name)).json() | |
1673 | self.assertIsNone(get_rrset(data, 'sub.' + name, qtype)) | |
1674 | ||
1675 | @parameterized.expand([ | |
1676 | ('DS', '44030 8 2 d4c3d5552b8679faeebc317e5f048b614b2e5f607dc57f1553182d49ab2179f7'), | |
1677 | ]) | |
1678 | def test_not_allowed_at_apex(self, qtype, content): | |
1679 | name, payload, zone = self.create_zone() | |
1680 | rrset = { | |
1681 | 'changetype': 'replace', | |
1682 | 'name': name, | |
1683 | 'type': qtype, | |
1684 | 'ttl': 3600, | |
1685 | 'records': [ | |
1686 | { | |
1687 | "content": content, | |
1688 | "disabled": False | |
1689 | }, | |
1690 | ] | |
1691 | } | |
1692 | payload = {'rrsets': [rrset]} | |
1693 | r = self.session.patch(self.url("/api/v1/servers/localhost/zones/" + name), data=json.dumps(payload), | |
1694 | headers={'content-type': 'application/json'}) | |
1695 | self.assertEqual(r.status_code, 422) | |
1696 | self.assertIn('not allowed at apex', r.json()['error']) | |
1697 | data = self.session.get(self.url("/api/v1/servers/localhost/zones/" + name)).json() | |
1698 | self.assertIsNone(get_rrset(data, 'sub.' + name, qtype)) | |
1699 | ||
1700 | rrset = { | |
1701 | 'changetype': 'replace', | |
1702 | 'name': 'sub.' + name, | |
1703 | 'type': qtype, | |
1704 | 'ttl': 3600, | |
1705 | 'records': [ | |
1706 | { | |
1707 | "content": content, | |
1708 | "disabled": False | |
1709 | }, | |
1710 | ] | |
1711 | } | |
1712 | payload = {'rrsets': [rrset]} | |
1713 | r = self.session.patch( | |
1714 | self.url("/api/v1/servers/localhost/zones/" + name), | |
1715 | data=json.dumps(payload), | |
1716 | headers={'content-type': 'application/json'}) | |
1717 | self.assert_success(r) | |
1718 | # verify that the new record is there | |
1719 | data = self.session.get(self.url("/api/v1/servers/localhost/zones/" + name)).json() | |
1720 | self.assertEqual(get_rrset(data, 'sub.' + name, qtype)['records'], rrset['records']) | |
1721 | ||
0ab5d78e PL |
1722 | def test_rr_svcb(self): |
1723 | name, payload, zone = self.create_zone() | |
1724 | rrset = { | |
1725 | 'changetype': 'replace', | |
1726 | 'name': 'svcb.' + name, | |
1727 | 'type': 'SVCB', | |
1728 | 'ttl': 3600, | |
1729 | 'records': [ | |
1730 | { | |
4f254e34 | 1731 | "content": '40 . mandatory=alpn alpn=h2,h3 ipv4hint=192.0.2.1,192.0.2.2 ech="dG90YWxseSBib2d1cyBlY2hjb25maWcgdmFsdWU="', |
0ab5d78e PL |
1732 | "disabled": False |
1733 | }, | |
1734 | ] | |
1735 | } | |
1736 | payload = {'rrsets': [rrset]} | |
1737 | r = self.session.patch(self.url("/api/v1/servers/localhost/zones/" + name), data=json.dumps(payload), | |
1738 | headers={'content-type': 'application/json'}) | |
1739 | self.assert_success(r) | |
1740 | ||
d2b117ec AT |
1741 | def test_rrset_ns_dname_exclude(self): |
1742 | name, payload, zone = self.create_zone() | |
1743 | rrset = { | |
1744 | 'changetype': 'replace', | |
1745 | 'name': 'delegation.'+name, | |
1746 | 'type': 'NS', | |
1747 | 'ttl': 3600, | |
1748 | 'records': [ | |
1749 | { | |
1750 | "content": "ns.example.org.", | |
1751 | "disabled": False | |
1752 | } | |
1753 | ] | |
1754 | } | |
1755 | payload = {'rrsets': [rrset]} | |
1756 | r = self.session.patch(self.url("/api/v1/servers/localhost/zones/" + name), data=json.dumps(payload), | |
1757 | headers={'content-type': 'application/json'}) | |
1758 | self.assert_success(r) | |
1759 | rrset = { | |
1760 | 'changetype': 'replace', | |
1761 | 'name': 'delegation.'+name, | |
1762 | 'type': 'DNAME', | |
1763 | 'ttl': 3600, | |
1764 | 'records': [ | |
1765 | { | |
7bc54205 | 1766 | "content": "example.com.", |
d2b117ec AT |
1767 | "disabled": False |
1768 | } | |
1769 | ] | |
1770 | } | |
1771 | payload = {'rrsets': [rrset]} | |
1772 | r = self.session.patch(self.url("/api/v1/servers/localhost/zones/" + name), data=json.dumps(payload), | |
1773 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 1774 | self.assertEqual(r.status_code, 422) |
d2b117ec AT |
1775 | self.assertIn('Cannot have both NS and DNAME except in zone apex', r.json()['error']) |
1776 | ||
7bc54205 AT |
1777 | ## FIXME: Enable this when it's time for it |
1778 | # def test_rrset_dname_nothing_under(self): | |
1779 | # name, payload, zone = self.create_zone() | |
1780 | # rrset = { | |
1781 | # 'changetype': 'replace', | |
1782 | # 'name': 'delegation.'+name, | |
1783 | # 'type': 'DNAME', | |
1784 | # 'ttl': 3600, | |
1785 | # 'records': [ | |
1786 | # { | |
1787 | # "content": "example.com.", | |
1788 | # "disabled": False | |
1789 | # } | |
1790 | # ] | |
1791 | # } | |
1792 | # payload = {'rrsets': [rrset]} | |
1793 | # r = self.session.patch(self.url("/api/v1/servers/localhost/zones/" + name), data=json.dumps(payload), | |
1794 | # headers={'content-type': 'application/json'}) | |
1795 | # self.assert_success(r) | |
1796 | # rrset = { | |
1797 | # 'changetype': 'replace', | |
1798 | # 'name': 'sub.delegation.'+name, | |
1799 | # 'type': 'A', | |
1800 | # 'ttl': 3600, | |
1801 | # 'records': [ | |
1802 | # { | |
1803 | # "content": "1.2.3.4", | |
1804 | # "disabled": False | |
1805 | # } | |
1806 | # ] | |
1807 | # } | |
1808 | # payload = {'rrsets': [rrset]} | |
1809 | # r = self.session.patch(self.url("/api/v1/servers/localhost/zones/" + name), data=json.dumps(payload), | |
1810 | # headers={'content-type': 'application/json'}) | |
4bfebc93 | 1811 | # self.assertEqual(r.status_code, 422) |
7bc54205 AT |
1812 | # self.assertIn('You cannot have record(s) under CNAME/DNAME', r.json()['error']) |
1813 | ||
1e5b9ab9 CH |
1814 | def test_create_zone_with_leading_space(self): |
1815 | # Actual regression. | |
6754ef71 | 1816 | name, payload, zone = self.create_zone() |
1e5b9ab9 CH |
1817 | rrset = { |
1818 | 'changetype': 'replace', | |
1819 | 'name': name, | |
1820 | 'type': 'A', | |
6754ef71 | 1821 | 'ttl': 3600, |
1e5b9ab9 CH |
1822 | 'records': [ |
1823 | { | |
1e5b9ab9 CH |
1824 | "content": " 4.3.2.1", |
1825 | "disabled": False | |
1826 | } | |
1827 | ] | |
1828 | } | |
1829 | payload = {'rrsets': [rrset]} | |
46d06a12 | 1830 | r = self.session.patch(self.url("/api/v1/servers/localhost/zones/" + name), data=json.dumps(payload), |
1e5b9ab9 | 1831 | headers={'content-type': 'application/json'}) |
4bfebc93 | 1832 | self.assertEqual(r.status_code, 422) |
1e5b9ab9 CH |
1833 | self.assertIn('Not in expected format', r.json()['error']) |
1834 | ||
d1b98434 | 1835 | @unittest.skipIf(is_auth_lmdb(), "No out-of-zone storage in LMDB") |
c1374bdb | 1836 | def test_zone_rr_delete_out_of_zone(self): |
6754ef71 | 1837 | name, payload, zone = self.create_zone() |
d708640f | 1838 | rrset = { |
35f26cc5 | 1839 | 'changetype': 'delete', |
1d6b70f9 | 1840 | 'name': 'not-in-zone.', |
35f26cc5 CH |
1841 | 'type': 'NS' |
1842 | } | |
d708640f | 1843 | payload = {'rrsets': [rrset]} |
35f26cc5 | 1844 | r = self.session.patch( |
46d06a12 | 1845 | self.url("/api/v1/servers/localhost/zones/" + name), |
35f26cc5 CH |
1846 | data=json.dumps(payload), |
1847 | headers={'content-type': 'application/json'}) | |
541bb91b | 1848 | print(r.content) |
f0e76cee | 1849 | self.assert_success(r) # succeed so users can fix their wrong, old data |
35f26cc5 | 1850 | |
37663c3b | 1851 | def test_zone_delete(self): |
6754ef71 | 1852 | name, payload, zone = self.create_zone() |
46d06a12 | 1853 | r = self.session.delete(self.url("/api/v1/servers/localhost/zones/" + name)) |
4bfebc93 | 1854 | self.assertEqual(r.status_code, 204) |
37663c3b CH |
1855 | self.assertNotIn('Content-Type', r.headers) |
1856 | ||
c1374bdb | 1857 | def test_zone_comment_create(self): |
6754ef71 | 1858 | name, payload, zone = self.create_zone() |
d708640f | 1859 | rrset = { |
6cc98ddf CH |
1860 | 'changetype': 'replace', |
1861 | 'name': name, | |
1862 | 'type': 'NS', | |
6754ef71 | 1863 | 'ttl': 3600, |
6cc98ddf CH |
1864 | 'comments': [ |
1865 | { | |
1866 | 'account': 'test1', | |
1867 | 'content': 'blah blah', | |
1868 | }, | |
1869 | { | |
1870 | 'account': 'test2', | |
1871 | 'content': 'blah blah bleh', | |
1872 | } | |
1873 | ] | |
1874 | } | |
d708640f | 1875 | payload = {'rrsets': [rrset]} |
6cc98ddf | 1876 | r = self.session.patch( |
46d06a12 | 1877 | self.url("/api/v1/servers/localhost/zones/" + name), |
6cc98ddf CH |
1878 | data=json.dumps(payload), |
1879 | headers={'content-type': 'application/json'}) | |
f626cc48 PD |
1880 | if is_auth_lmdb(): |
1881 | self.assert_error_json(r) # No comments in LMDB | |
1882 | return | |
1883 | else: | |
1884 | self.assert_success(r) | |
6cc98ddf CH |
1885 | # make sure the comments have been set, and that the NS |
1886 | # records are still present | |
f0e76cee CH |
1887 | data = self.session.get(self.url("/api/v1/servers/localhost/zones/" + name)).json() |
1888 | serverset = get_rrset(data, name, 'NS') | |
541bb91b | 1889 | print(serverset) |
4bfebc93 CH |
1890 | self.assertNotEqual(serverset['records'], []) |
1891 | self.assertNotEqual(serverset['comments'], []) | |
6cc98ddf | 1892 | # verify that modified_at has been set by pdns |
4bfebc93 | 1893 | self.assertNotEqual([c for c in serverset['comments']][0]['modified_at'], 0) |
0d7f3c75 | 1894 | # verify that TTL is correct (regression test) |
4bfebc93 | 1895 | self.assertEqual(serverset['ttl'], 3600) |
6cc98ddf | 1896 | |
c1374bdb | 1897 | def test_zone_comment_delete(self): |
6cc98ddf | 1898 | # Test: Delete ONLY comments. |
6754ef71 | 1899 | name, payload, zone = self.create_zone() |
d708640f | 1900 | rrset = { |
6cc98ddf CH |
1901 | 'changetype': 'replace', |
1902 | 'name': name, | |
1903 | 'type': 'NS', | |
1904 | 'comments': [] | |
1905 | } | |
d708640f | 1906 | payload = {'rrsets': [rrset]} |
6cc98ddf | 1907 | r = self.session.patch( |
46d06a12 | 1908 | self.url("/api/v1/servers/localhost/zones/" + name), |
6cc98ddf CH |
1909 | data=json.dumps(payload), |
1910 | headers={'content-type': 'application/json'}) | |
f0e76cee | 1911 | self.assert_success(r) |
6cc98ddf | 1912 | # make sure the NS records are still present |
f0e76cee CH |
1913 | data = self.session.get(self.url("/api/v1/servers/localhost/zones/" + name)).json() |
1914 | serverset = get_rrset(data, name, 'NS') | |
541bb91b | 1915 | print(serverset) |
4bfebc93 CH |
1916 | self.assertNotEqual(serverset['records'], []) |
1917 | self.assertEqual(serverset['comments'], []) | |
6cc98ddf | 1918 | |
d1b98434 | 1919 | @unittest.skipIf(is_auth_lmdb(), "No comments in LMDB") |
1148587f CH |
1920 | def test_zone_comment_out_of_range_modified_at(self): |
1921 | # Test if comments on an rrset stay intact if the rrset is replaced | |
1922 | name, payload, zone = self.create_zone() | |
1923 | rrset = { | |
1924 | 'changetype': 'replace', | |
1925 | 'name': name, | |
1926 | 'type': 'NS', | |
1927 | 'comments': [ | |
1928 | { | |
1929 | 'account': 'test1', | |
1930 | 'content': 'oh hi there', | |
1931 | 'modified_at': '4294967297' | |
1932 | } | |
1933 | ] | |
1934 | } | |
1935 | payload = {'rrsets': [rrset]} | |
1936 | r = self.session.patch( | |
1937 | self.url("/api/v1/servers/localhost/zones/" + name), | |
1938 | data=json.dumps(payload), | |
1939 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 1940 | self.assertEqual(r.status_code, 422) |
1148587f CH |
1941 | self.assertIn("Value for key 'modified_at' is out of range", r.json()['error']) |
1942 | ||
d1b98434 | 1943 | @unittest.skipIf(is_auth_lmdb(), "No comments in LMDB") |
c1374bdb | 1944 | def test_zone_comment_stay_intact(self): |
6cc98ddf | 1945 | # Test if comments on an rrset stay intact if the rrset is replaced |
6754ef71 | 1946 | name, payload, zone = self.create_zone() |
6cc98ddf | 1947 | # create a comment |
d708640f | 1948 | rrset = { |
6cc98ddf CH |
1949 | 'changetype': 'replace', |
1950 | 'name': name, | |
1951 | 'type': 'NS', | |
1952 | 'comments': [ | |
1953 | { | |
1954 | 'account': 'test1', | |
1955 | 'content': 'oh hi there', | |
2696eea0 | 1956 | 'modified_at': 1111 |
6cc98ddf CH |
1957 | } |
1958 | ] | |
1959 | } | |
d708640f | 1960 | payload = {'rrsets': [rrset]} |
6cc98ddf | 1961 | r = self.session.patch( |
46d06a12 | 1962 | self.url("/api/v1/servers/localhost/zones/" + name), |
6cc98ddf CH |
1963 | data=json.dumps(payload), |
1964 | headers={'content-type': 'application/json'}) | |
f0e76cee | 1965 | self.assert_success(r) |
6cc98ddf | 1966 | # replace rrset records |
d708640f | 1967 | rrset2 = { |
6cc98ddf CH |
1968 | 'changetype': 'replace', |
1969 | 'name': name, | |
1970 | 'type': 'NS', | |
6754ef71 | 1971 | 'ttl': 3600, |
6cc98ddf CH |
1972 | 'records': [ |
1973 | { | |
1d6b70f9 | 1974 | "content": "ns1.bar.com.", |
6cc98ddf CH |
1975 | "disabled": False |
1976 | } | |
1977 | ] | |
1978 | } | |
d708640f | 1979 | payload2 = {'rrsets': [rrset2]} |
6cc98ddf | 1980 | r = self.session.patch( |
46d06a12 | 1981 | self.url("/api/v1/servers/localhost/zones/" + name), |
6cc98ddf CH |
1982 | data=json.dumps(payload2), |
1983 | headers={'content-type': 'application/json'}) | |
f0e76cee | 1984 | self.assert_success(r) |
6cc98ddf | 1985 | # make sure the comments still exist |
f0e76cee CH |
1986 | data = self.session.get(self.url("/api/v1/servers/localhost/zones/" + name)).json() |
1987 | serverset = get_rrset(data, name, 'NS') | |
541bb91b | 1988 | print(serverset) |
4bfebc93 CH |
1989 | self.assertEqual(serverset['records'], rrset2['records']) |
1990 | self.assertEqual(serverset['comments'], rrset['comments']) | |
6cc98ddf | 1991 | |
d1b98434 | 1992 | @unittest.skipIf(is_auth_lmdb(), "No search in LMDB") |
c1374bdb | 1993 | def test_search_rr_exact_zone(self): |
b1902fab | 1994 | name = unique_zone_name() |
1d6b70f9 CH |
1995 | self.create_zone(name=name, serial=22, soa_edit_api='') |
1996 | r = self.session.get(self.url("/api/v1/servers/localhost/search-data?q=" + name.rstrip('.'))) | |
c1374bdb | 1997 | self.assert_success_json(r) |
541bb91b | 1998 | print(r.json()) |
7386e38f | 1999 | self.assertCountEqual(r.json(), [ |
1d6b70f9 | 2000 | {u'object_type': u'zone', u'name': name, u'zone_id': name}, |
1d6b70f9 CH |
2001 | {u'content': u'ns1.example.com.', |
2002 | u'zone_id': name, u'zone': name, u'object_type': u'record', u'disabled': False, | |
2003 | u'ttl': 3600, u'type': u'NS', u'name': name}, | |
2004 | {u'content': u'ns2.example.com.', | |
2005 | u'zone_id': name, u'zone': name, u'object_type': u'record', u'disabled': False, | |
2006 | u'ttl': 3600, u'type': u'NS', u'name': name}, | |
f527c6ff | 2007 | {u'content': u'a.misconfigured.dns.server.invalid. hostmaster.'+name+' 22 10800 3600 604800 3600', |
45250285 JE |
2008 | u'zone_id': name, u'zone': name, u'object_type': u'record', u'disabled': False, |
2009 | u'ttl': 3600, u'type': u'SOA', u'name': name}, | |
2010 | ]) | |
2011 | ||
d1b98434 | 2012 | @unittest.skipIf(is_auth_lmdb(), "No search in LMDB") |
45250285 JE |
2013 | def test_search_rr_exact_zone_filter_type_zone(self): |
2014 | name = unique_zone_name() | |
2015 | data_type = "zone" | |
2016 | self.create_zone(name=name, serial=22, soa_edit_api='') | |
0bd91de6 | 2017 | r = self.session.get(self.url("/api/v1/servers/localhost/search-data?q=" + name.rstrip('.') + "&object_type=" + data_type)) |
45250285 JE |
2018 | self.assert_success_json(r) |
2019 | print(r.json()) | |
4bfebc93 | 2020 | self.assertEqual(r.json(), [ |
45250285 JE |
2021 | {u'object_type': u'zone', u'name': name, u'zone_id': name}, |
2022 | ]) | |
2023 | ||
d1b98434 | 2024 | @unittest.skipIf(is_auth_lmdb(), "No search in LMDB") |
45250285 JE |
2025 | def test_search_rr_exact_zone_filter_type_record(self): |
2026 | name = unique_zone_name() | |
2027 | data_type = "record" | |
2028 | self.create_zone(name=name, serial=22, soa_edit_api='') | |
0bd91de6 | 2029 | r = self.session.get(self.url("/api/v1/servers/localhost/search-data?q=" + name.rstrip('.') + "&object_type=" + data_type)) |
45250285 JE |
2030 | self.assert_success_json(r) |
2031 | print(r.json()) | |
7386e38f | 2032 | self.assertCountEqual(r.json(), [ |
45250285 JE |
2033 | {u'content': u'ns1.example.com.', |
2034 | u'zone_id': name, u'zone': name, u'object_type': u'record', u'disabled': False, | |
2035 | u'ttl': 3600, u'type': u'NS', u'name': name}, | |
2036 | {u'content': u'ns2.example.com.', | |
2037 | u'zone_id': name, u'zone': name, u'object_type': u'record', u'disabled': False, | |
2038 | u'ttl': 3600, u'type': u'NS', u'name': name}, | |
f527c6ff | 2039 | {u'content': u'a.misconfigured.dns.server.invalid. hostmaster.'+name+' 22 10800 3600 604800 3600', |
f2d6dcc0 RG |
2040 | u'zone_id': name, u'zone': name, u'object_type': u'record', u'disabled': False, |
2041 | u'ttl': 3600, u'type': u'SOA', u'name': name}, | |
1d6b70f9 | 2042 | ]) |
b1902fab | 2043 | |
d1b98434 | 2044 | @unittest.skipIf(is_auth_lmdb(), "No search in LMDB") |
c1374bdb | 2045 | def test_search_rr_substring(self): |
541bb91b CH |
2046 | name = unique_zone_name() |
2047 | search = name[5:-5] | |
b1902fab | 2048 | self.create_zone(name=name) |
541bb91b | 2049 | r = self.session.get(self.url("/api/v1/servers/localhost/search-data?q=*%s*" % search)) |
c1374bdb | 2050 | self.assert_success_json(r) |
541bb91b | 2051 | print(r.json()) |
b1902fab | 2052 | # should return zone, SOA, ns1, ns2 |
4bfebc93 | 2053 | self.assertEqual(len(r.json()), 4) |
b1902fab | 2054 | |
d1b98434 | 2055 | @unittest.skipIf(is_auth_lmdb(), "No search in LMDB") |
c1374bdb | 2056 | def test_search_rr_case_insensitive(self): |
541bb91b | 2057 | name = unique_zone_name()+'testsuffix.' |
57cb86d8 | 2058 | self.create_zone(name=name) |
541bb91b | 2059 | r = self.session.get(self.url("/api/v1/servers/localhost/search-data?q=*testSUFFIX*")) |
c1374bdb | 2060 | self.assert_success_json(r) |
541bb91b | 2061 | print(r.json()) |
57cb86d8 | 2062 | # should return zone, SOA, ns1, ns2 |
4bfebc93 | 2063 | self.assertEqual(len(r.json()), 4) |
57cb86d8 | 2064 | |
478a7402 PL |
2065 | @unittest.skipIf(is_auth_lmdb(), "No search or comments in LMDB") |
2066 | def test_search_rr_comment(self): | |
2067 | name = unique_zone_name() | |
2068 | rrsets = [{ | |
2069 | "name": name, | |
2070 | "type": "AAAA", | |
2071 | "ttl": 3600, | |
2072 | "records": [{ | |
2073 | "content": "2001:DB8::1", | |
2074 | "disabled": False, | |
2075 | }], | |
2076 | "comments": [{ | |
2077 | "account": "test AAAA", | |
2078 | "content": "blah", | |
2079 | "modified_at": 11112, | |
2080 | }], | |
2081 | }] | |
2082 | name, payload, data = self.create_zone(name=name, rrsets=rrsets) | |
2083 | r = self.session.get(self.url("/api/v1/servers/localhost/search-data?q=blah")) | |
2084 | self.assert_success_json(r) | |
2085 | data = r.json() | |
2086 | # should return the AAAA record | |
4bfebc93 | 2087 | self.assertEqual(len(data), 1) |
478a7402 PL |
2088 | self.assertEqual(data[0]['object_type'], 'comment') |
2089 | self.assertEqual(data[0]['type'], 'AAAA') | |
2090 | self.assertEqual(data[0]['name'], name) | |
2091 | self.assertEqual(data[0]['content'], rrsets[0]['comments'][0]['content']) | |
2092 | ||
d1b98434 | 2093 | @unittest.skipIf(is_auth_lmdb(), "No search in LMDB") |
7cbc5255 | 2094 | def test_search_after_rectify_with_ent(self): |
541bb91b CH |
2095 | name = unique_zone_name() |
2096 | search = name.split('.')[0] | |
7cbc5255 CH |
2097 | rrset = { |
2098 | "name": 'sub.sub.' + name, | |
2099 | "type": "A", | |
2100 | "ttl": 3600, | |
2101 | "records": [{ | |
2102 | "content": "4.3.2.1", | |
2103 | "disabled": False, | |
2104 | }], | |
2105 | } | |
2106 | self.create_zone(name=name, rrsets=[rrset]) | |
2107 | pdnsutil_rectify(name) | |
541bb91b | 2108 | r = self.session.get(self.url("/api/v1/servers/localhost/search-data?q=*%s*" % search)) |
7cbc5255 | 2109 | self.assert_success_json(r) |
541bb91b | 2110 | print(r.json()) |
7cbc5255 | 2111 | # should return zone, SOA, ns1, ns2, sub.sub A (but not the ENT) |
4bfebc93 | 2112 | self.assertEqual(len(r.json()), 5) |
7cbc5255 | 2113 | |
d1b98434 | 2114 | @unittest.skipIf(is_auth_lmdb(), "No get_db_records for LMDB") |
168a76b3 | 2115 | def test_default_api_rectify_dnssec(self): |
b8cd24cc | 2116 | name = unique_zone_name() |
b8cd24cc SH |
2117 | rrsets = [ |
2118 | { | |
2119 | "name": 'a.' + name, | |
2120 | "type": "AAAA", | |
2121 | "ttl": 3600, | |
2122 | "records": [{ | |
2123 | "content": "2001:DB8::1", | |
2124 | "disabled": False, | |
2125 | }], | |
2126 | }, | |
2127 | { | |
2128 | "name": 'b.' + name, | |
2129 | "type": "AAAA", | |
2130 | "ttl": 3600, | |
2131 | "records": [{ | |
2132 | "content": "2001:DB8::2", | |
2133 | "disabled": False, | |
2134 | }], | |
2135 | }, | |
2136 | ] | |
2137 | self.create_zone(name=name, rrsets=rrsets, dnssec=True, nsec3param='1 0 1 ab') | |
2138 | dbrecs = get_db_records(name, 'AAAA') | |
2139 | self.assertIsNotNone(dbrecs[0]['ordername']) | |
2140 | ||
168a76b3 CH |
2141 | def test_default_api_rectify_nodnssec(self): |
2142 | """Without any DNSSEC settings, rectify should still add ENTs. Setup the zone | |
2143 | so ENTs are necessary, and check for their existence using sdig. | |
2144 | """ | |
2145 | name = unique_zone_name() | |
2146 | rrsets = [ | |
2147 | { | |
2148 | "name": 'a.sub.' + name, | |
2149 | "type": "AAAA", | |
2150 | "ttl": 3600, | |
2151 | "records": [{ | |
2152 | "content": "2001:DB8::1", | |
2153 | "disabled": False, | |
2154 | }], | |
2155 | }, | |
2156 | { | |
2157 | "name": 'b.sub.' + name, | |
2158 | "type": "AAAA", | |
2159 | "ttl": 3600, | |
2160 | "records": [{ | |
2161 | "content": "2001:DB8::2", | |
2162 | "disabled": False, | |
2163 | }], | |
2164 | }, | |
2165 | ] | |
2166 | self.create_zone(name=name, rrsets=rrsets) | |
2167 | # default-api-rectify is yes (by default). expect rectify to have happened. | |
2168 | assert 'Rcode: 0 ' in sdig('sub.' + name, 'TXT') | |
2169 | ||
d1b98434 | 2170 | @unittest.skipIf(is_auth_lmdb(), "No get_db_records for LMDB") |
b8cd24cc SH |
2171 | def test_override_api_rectify(self): |
2172 | name = unique_zone_name() | |
2173 | search = name.split('.')[0] | |
2174 | rrsets = [ | |
2175 | { | |
2176 | "name": 'a.' + name, | |
2177 | "type": "AAAA", | |
2178 | "ttl": 3600, | |
2179 | "records": [{ | |
2180 | "content": "2001:DB8::1", | |
2181 | "disabled": False, | |
2182 | }], | |
2183 | }, | |
2184 | { | |
2185 | "name": 'b.' + name, | |
2186 | "type": "AAAA", | |
2187 | "ttl": 3600, | |
2188 | "records": [{ | |
2189 | "content": "2001:DB8::2", | |
2190 | "disabled": False, | |
2191 | }], | |
2192 | }, | |
2193 | ] | |
2194 | self.create_zone(name=name, rrsets=rrsets, api_rectify=False, dnssec=True, nsec3param='1 0 1 ab') | |
2195 | dbrecs = get_db_records(name, 'AAAA') | |
2196 | self.assertIsNone(dbrecs[0]['ordername']) | |
2197 | ||
d1b98434 | 2198 | @unittest.skipIf(is_auth_lmdb(), "No get_db_records for LMDB") |
a6185e05 CH |
2199 | def test_explicit_rectify_success(self): |
2200 | name, _, data = self.create_zone = self.create_zone(api_rectify=False, dnssec=True, nsec3param='1 0 1 ab') | |
2201 | dbrecs = get_db_records(name, 'SOA') | |
2202 | self.assertIsNone(dbrecs[0]['ordername']) | |
2203 | r = self.session.put(self.url("/api/v1/servers/localhost/zones/" + data['id'] + "/rectify")) | |
4bfebc93 | 2204 | self.assertEqual(r.status_code, 200) |
a6185e05 CH |
2205 | dbrecs = get_db_records(name, 'SOA') |
2206 | self.assertIsNotNone(dbrecs[0]['ordername']) | |
2207 | ||
a6185e05 CH |
2208 | def test_explicit_rectify_slave(self): |
2209 | # Some users want to move a zone to kind=Slave and then rectify, without a re-transfer. | |
2210 | name, _, data = self.create_zone = self.create_zone(api_rectify=False, dnssec=True, nsec3param='1 0 1 ab') | |
2211 | r = self.session.put(self.url("/api/v1/servers/localhost/zones/" + data['id']), | |
2212 | data=json.dumps({'kind': 'Slave'}), | |
2213 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 2214 | self.assertEqual(r.status_code, 204) |
a6185e05 | 2215 | r = self.session.put(self.url("/api/v1/servers/localhost/zones/" + data['id'] + "/rectify")) |
4bfebc93 | 2216 | self.assertEqual(r.status_code, 200) |
d1b98434 PD |
2217 | if not is_auth_lmdb(): |
2218 | dbrecs = get_db_records(name, 'SOA') | |
2219 | self.assertIsNotNone(dbrecs[0]['ordername']) | |
a6185e05 | 2220 | |
03b1cc25 | 2221 | def test_cname_at_ent_place(self): |
f04b32e4 | 2222 | name, payload, zone = self.create_zone(dnssec=True, api_rectify=True) |
03b1cc25 CH |
2223 | rrset = { |
2224 | 'changetype': 'replace', | |
2225 | 'name': 'sub2.sub1.' + name, | |
2226 | 'type': "A", | |
2227 | 'ttl': 3600, | |
2228 | 'records': [{ | |
2229 | 'content': "4.3.2.1", | |
2230 | 'disabled': False, | |
2231 | }], | |
2232 | } | |
2233 | payload = {'rrsets': [rrset]} | |
2234 | r = self.session.patch( | |
2235 | self.url("/api/v1/servers/localhost/zones/" + zone['id']), | |
2236 | data=json.dumps(payload), | |
2237 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 2238 | self.assertEqual(r.status_code, 204) |
03b1cc25 CH |
2239 | rrset = { |
2240 | 'changetype': 'replace', | |
2241 | 'name': 'sub1.' + name, | |
2242 | 'type': "CNAME", | |
2243 | 'ttl': 3600, | |
2244 | 'records': [{ | |
2245 | 'content': "www.example.org.", | |
2246 | 'disabled': False, | |
2247 | }], | |
2248 | } | |
2249 | payload = {'rrsets': [rrset]} | |
2250 | r = self.session.patch( | |
2251 | self.url("/api/v1/servers/localhost/zones/" + zone['id']), | |
2252 | data=json.dumps(payload), | |
2253 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 2254 | self.assertEqual(r.status_code, 204) |
03b1cc25 | 2255 | |
986e4858 PL |
2256 | def test_rrset_parameter_post_false(self): |
2257 | name = unique_zone_name() | |
2258 | payload = { | |
2259 | 'name': name, | |
2260 | 'kind': 'Native', | |
2261 | 'nameservers': ['ns1.example.com.', 'ns2.example.com.'] | |
2262 | } | |
2263 | r = self.session.post( | |
2264 | self.url("/api/v1/servers/localhost/zones?rrsets=false"), | |
2265 | data=json.dumps(payload), | |
2266 | headers={'content-type': 'application/json'}) | |
541bb91b | 2267 | print(r.json()) |
986e4858 | 2268 | self.assert_success_json(r) |
4bfebc93 CH |
2269 | self.assertEqual(r.status_code, 201) |
2270 | self.assertEqual(r.json().get('rrsets'), None) | |
986e4858 PL |
2271 | |
2272 | def test_rrset_false_parameter(self): | |
2273 | name = unique_zone_name() | |
2274 | self.create_zone(name=name, kind='Native') | |
2275 | r = self.session.get(self.url("/api/v1/servers/localhost/zones/"+name+"?rrsets=false")) | |
2276 | self.assert_success_json(r) | |
541bb91b | 2277 | print(r.json()) |
4bfebc93 | 2278 | self.assertEqual(r.json().get('rrsets'), None) |
986e4858 PL |
2279 | |
2280 | def test_rrset_true_parameter(self): | |
2281 | name = unique_zone_name() | |
2282 | self.create_zone(name=name, kind='Native') | |
2283 | r = self.session.get(self.url("/api/v1/servers/localhost/zones/"+name+"?rrsets=true")) | |
2284 | self.assert_success_json(r) | |
541bb91b | 2285 | print(r.json()) |
4bfebc93 | 2286 | self.assertEqual(len(r.json().get('rrsets')), 2) |
986e4858 PL |
2287 | |
2288 | def test_wrong_rrset_parameter(self): | |
2289 | name = unique_zone_name() | |
2290 | self.create_zone(name=name, kind='Native') | |
2291 | r = self.session.get(self.url("/api/v1/servers/localhost/zones/"+name+"?rrsets=foobar")) | |
4bfebc93 | 2292 | self.assertEqual(r.status_code, 422) |
986e4858 PL |
2293 | self.assertIn("'rrsets' request parameter value 'foobar' is not supported", r.json()['error']) |
2294 | ||
dc30b8fd PL |
2295 | def test_put_master_tsig_key_ids_non_existent(self): |
2296 | name = unique_zone_name() | |
2297 | keyname = unique_zone_name().split('.')[0] | |
2298 | self.create_zone(name=name, kind='Native') | |
2299 | payload = { | |
2300 | 'master_tsig_key_ids': [keyname] | |
2301 | } | |
2302 | r = self.session.put(self.url('/api/v1/servers/localhost/zones/' + name), | |
2303 | data=json.dumps(payload), | |
2304 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 2305 | self.assertEqual(r.status_code, 422) |
dc30b8fd PL |
2306 | self.assertIn('A TSIG key with the name', r.json()['error']) |
2307 | ||
2308 | def test_put_slave_tsig_key_ids_non_existent(self): | |
2309 | name = unique_zone_name() | |
2310 | keyname = unique_zone_name().split('.')[0] | |
2311 | self.create_zone(name=name, kind='Native') | |
2312 | payload = { | |
2313 | 'slave_tsig_key_ids': [keyname] | |
2314 | } | |
2315 | r = self.session.put(self.url('/api/v1/servers/localhost/zones/' + name), | |
2316 | data=json.dumps(payload), | |
2317 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 2318 | self.assertEqual(r.status_code, 422) |
dc30b8fd PL |
2319 | self.assertIn('A TSIG key with the name', r.json()['error']) |
2320 | ||
02945d9a | 2321 | |
406497f5 CH |
2322 | @unittest.skipIf(not is_auth(), "Not applicable") |
2323 | class AuthRootZone(ApiTestCase, AuthZonesHelperMixin): | |
2324 | ||
2325 | def setUp(self): | |
2326 | super(AuthRootZone, self).setUp() | |
2327 | # zone name is not unique, so delete the zone before each individual test. | |
46d06a12 | 2328 | self.session.delete(self.url("/api/v1/servers/localhost/zones/=2E")) |
406497f5 CH |
2329 | |
2330 | def test_create_zone(self): | |
6754ef71 | 2331 | name, payload, data = self.create_zone(name='.', serial=22, soa_edit_api='') |
406497f5 CH |
2332 | for k in ('id', 'url', 'name', 'masters', 'kind', 'last_check', 'notified_serial', 'serial', 'soa_edit_api', 'soa_edit', 'account'): |
2333 | self.assertIn(k, data) | |
2334 | if k in payload: | |
4bfebc93 | 2335 | self.assertEqual(data[k], payload[k]) |
406497f5 | 2336 | # validate generated SOA |
6754ef71 | 2337 | rec = get_first_rec(data, '.', 'SOA') |
4bfebc93 | 2338 | self.assertEqual( |
6754ef71 | 2339 | rec['content'], |
f527c6ff | 2340 | "a.misconfigured.dns.server.invalid. hostmaster. " + str(payload['serial']) + |
406497f5 CH |
2341 | " 10800 3600 604800 3600" |
2342 | ) | |
2343 | # Regression test: verify zone list works | |
46d06a12 | 2344 | zonelist = self.session.get(self.url("/api/v1/servers/localhost/zones")).json() |
541bb91b | 2345 | print("zonelist:", zonelist) |
406497f5 CH |
2346 | self.assertIn(payload['name'], [zone['name'] for zone in zonelist]) |
2347 | # Also test that fetching the zone works. | |
541bb91b | 2348 | print("id:", data['id']) |
4bfebc93 | 2349 | self.assertEqual(data['id'], '=2E') |
46d06a12 | 2350 | data = self.session.get(self.url("/api/v1/servers/localhost/zones/" + data['id'])).json() |
541bb91b | 2351 | print("zone (fetched):", data) |
406497f5 CH |
2352 | for k in ('name', 'kind'): |
2353 | self.assertIn(k, data) | |
4bfebc93 | 2354 | self.assertEqual(data[k], payload[k]) |
6754ef71 | 2355 | self.assertEqual(data['rrsets'][0]['name'], '.') |
406497f5 CH |
2356 | |
2357 | def test_update_zone(self): | |
6754ef71 | 2358 | name, payload, zone = self.create_zone(name='.') |
406497f5 CH |
2359 | zone_id = '=2E' |
2360 | # update, set as Master and enable SOA-EDIT-API | |
2361 | payload = { | |
2362 | 'kind': 'Master', | |
2363 | 'masters': ['192.0.2.1', '192.0.2.2'], | |
2364 | 'soa_edit_api': 'EPOCH', | |
2365 | 'soa_edit': 'EPOCH' | |
2366 | } | |
2367 | r = self.session.put( | |
46d06a12 | 2368 | self.url("/api/v1/servers/localhost/zones/" + zone_id), |
406497f5 CH |
2369 | data=json.dumps(payload), |
2370 | headers={'content-type': 'application/json'}) | |
f0e76cee CH |
2371 | self.assert_success(r) |
2372 | data = self.session.get(self.url("/api/v1/servers/localhost/zones/" + zone_id)).json() | |
406497f5 CH |
2373 | for k in payload.keys(): |
2374 | self.assertIn(k, data) | |
4bfebc93 | 2375 | self.assertEqual(data[k], payload[k]) |
406497f5 CH |
2376 | # update, back to Native and empty(off) |
2377 | payload = { | |
2378 | 'kind': 'Native', | |
2379 | 'soa_edit_api': '', | |
2380 | 'soa_edit': '' | |
2381 | } | |
2382 | r = self.session.put( | |
46d06a12 | 2383 | self.url("/api/v1/servers/localhost/zones/" + zone_id), |
406497f5 CH |
2384 | data=json.dumps(payload), |
2385 | headers={'content-type': 'application/json'}) | |
f0e76cee CH |
2386 | self.assert_success(r) |
2387 | data = self.session.get(self.url("/api/v1/servers/localhost/zones/" + zone_id)).json() | |
406497f5 CH |
2388 | for k in payload.keys(): |
2389 | self.assertIn(k, data) | |
4bfebc93 | 2390 | self.assertEqual(data[k], payload[k]) |
406497f5 CH |
2391 | |
2392 | ||
c1374bdb | 2393 | @unittest.skipIf(not is_recursor(), "Not applicable") |
02945d9a CH |
2394 | class RecursorZones(ApiTestCase): |
2395 | ||
37bc3d01 CH |
2396 | def create_zone(self, name=None, kind=None, rd=False, servers=None): |
2397 | if name is None: | |
2398 | name = unique_zone_name() | |
2399 | if servers is None: | |
2400 | servers = [] | |
02945d9a | 2401 | payload = { |
37bc3d01 CH |
2402 | 'name': name, |
2403 | 'kind': kind, | |
2404 | 'servers': servers, | |
2405 | 'recursion_desired': rd | |
02945d9a CH |
2406 | } |
2407 | r = self.session.post( | |
46d06a12 | 2408 | self.url("/api/v1/servers/localhost/zones"), |
02945d9a CH |
2409 | data=json.dumps(payload), |
2410 | headers={'content-type': 'application/json'}) | |
c1374bdb CH |
2411 | self.assert_success_json(r) |
2412 | return payload, r.json() | |
37bc3d01 | 2413 | |
c1374bdb | 2414 | def test_create_auth_zone(self): |
37bc3d01 | 2415 | payload, data = self.create_zone(kind='Native') |
02945d9a | 2416 | for k in payload.keys(): |
4bfebc93 | 2417 | self.assertEqual(data[k], payload[k]) |
02945d9a | 2418 | |
1d6b70f9 | 2419 | def test_create_zone_no_name(self): |
1d6b70f9 CH |
2420 | payload = { |
2421 | 'name': '', | |
2422 | 'kind': 'Native', | |
2423 | 'servers': ['8.8.8.8'], | |
2424 | 'recursion_desired': False, | |
2425 | } | |
541bb91b | 2426 | print(payload) |
1d6b70f9 CH |
2427 | r = self.session.post( |
2428 | self.url("/api/v1/servers/localhost/zones"), | |
2429 | data=json.dumps(payload), | |
2430 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 2431 | self.assertEqual(r.status_code, 422) |
1d6b70f9 CH |
2432 | self.assertIn('is not canonical', r.json()['error']) |
2433 | ||
c1374bdb | 2434 | def test_create_forwarded_zone(self): |
37bc3d01 | 2435 | payload, data = self.create_zone(kind='Forwarded', rd=False, servers=['8.8.8.8']) |
02945d9a CH |
2436 | # return values are normalized |
2437 | payload['servers'][0] += ':53' | |
02945d9a | 2438 | for k in payload.keys(): |
4bfebc93 | 2439 | self.assertEqual(data[k], payload[k]) |
02945d9a | 2440 | |
c1374bdb | 2441 | def test_create_forwarded_rd_zone(self): |
1d6b70f9 | 2442 | payload, data = self.create_zone(name='google.com.', kind='Forwarded', rd=True, servers=['8.8.8.8']) |
02945d9a CH |
2443 | # return values are normalized |
2444 | payload['servers'][0] += ':53' | |
02945d9a | 2445 | for k in payload.keys(): |
4bfebc93 | 2446 | self.assertEqual(data[k], payload[k]) |
02945d9a | 2447 | |
c1374bdb | 2448 | def test_create_auth_zone_with_symbols(self): |
37bc3d01 | 2449 | payload, data = self.create_zone(name='foo/bar.'+unique_zone_name(), kind='Native') |
1dbe38ba | 2450 | expected_id = (payload['name'].replace('/', '=2F')) |
02945d9a | 2451 | for k in payload.keys(): |
4bfebc93 CH |
2452 | self.assertEqual(data[k], payload[k]) |
2453 | self.assertEqual(data['id'], expected_id) | |
e2367534 | 2454 | |
c1374bdb | 2455 | def test_rename_auth_zone(self): |
37bc3d01 | 2456 | payload, data = self.create_zone(kind='Native') |
1d6b70f9 | 2457 | name = payload['name'] |
e2367534 CH |
2458 | # now rename it |
2459 | payload = { | |
2460 | 'name': 'renamed-'+name, | |
2461 | 'kind': 'Native', | |
2462 | 'recursion_desired': False | |
2463 | } | |
2464 | r = self.session.put( | |
46d06a12 | 2465 | self.url("/api/v1/servers/localhost/zones/" + name), |
e2367534 CH |
2466 | data=json.dumps(payload), |
2467 | headers={'content-type': 'application/json'}) | |
f0e76cee CH |
2468 | self.assert_success(r) |
2469 | data = self.session.get(self.url("/api/v1/servers/localhost/zones/" + payload['name'])).json() | |
e2367534 | 2470 | for k in payload.keys(): |
4bfebc93 | 2471 | self.assertEqual(data[k], payload[k]) |
37bc3d01 | 2472 | |
37663c3b CH |
2473 | def test_zone_delete(self): |
2474 | payload, zone = self.create_zone(kind='Native') | |
2475 | name = payload['name'] | |
46d06a12 | 2476 | r = self.session.delete(self.url("/api/v1/servers/localhost/zones/" + name)) |
4bfebc93 | 2477 | self.assertEqual(r.status_code, 204) |
37663c3b CH |
2478 | self.assertNotIn('Content-Type', r.headers) |
2479 | ||
c1374bdb | 2480 | def test_search_rr_exact_zone(self): |
1d6b70f9 | 2481 | name = unique_zone_name() |
37bc3d01 | 2482 | self.create_zone(name=name, kind='Native') |
46d06a12 | 2483 | r = self.session.get(self.url("/api/v1/servers/localhost/search-data?q=" + name)) |
c1374bdb | 2484 | self.assert_success_json(r) |
541bb91b | 2485 | print(r.json()) |
4bfebc93 | 2486 | self.assertEqual(r.json(), [{u'type': u'zone', u'name': name, u'zone_id': name}]) |
37bc3d01 | 2487 | |
c1374bdb | 2488 | def test_search_rr_substring(self): |
1d6b70f9 | 2489 | name = 'search-rr-zone.name.' |
37bc3d01 | 2490 | self.create_zone(name=name, kind='Native') |
46d06a12 | 2491 | r = self.session.get(self.url("/api/v1/servers/localhost/search-data?q=rr-zone")) |
c1374bdb | 2492 | self.assert_success_json(r) |
541bb91b | 2493 | print(r.json()) |
37bc3d01 | 2494 | # should return zone, SOA |
4bfebc93 | 2495 | self.assertEqual(len(r.json()), 2) |
ccfabd0d | 2496 | |
ccfabd0d CH |
2497 | @unittest.skipIf(not is_auth(), "Not applicable") |
2498 | class AuthZoneKeys(ApiTestCase, AuthZonesHelperMixin): | |
2499 | ||
2500 | def test_get_keys(self): | |
2501 | r = self.session.get( | |
2502 | self.url("/api/v1/servers/localhost/zones/powerdnssec.org./cryptokeys")) | |
2503 | self.assert_success_json(r) | |
2504 | keys = r.json() | |
2505 | self.assertGreater(len(keys), 0) | |
2506 | ||
2507 | key0 = deepcopy(keys[0]) | |
2508 | del key0['dnskey'] | |
b6bd795c | 2509 | del key0['ds'] |
ccfabd0d | 2510 | expected = { |
5d9c6182 PL |
2511 | u'algorithm': u'ECDSAP256SHA256', |
2512 | u'bits': 256, | |
ccfabd0d CH |
2513 | u'active': True, |
2514 | u'type': u'Cryptokey', | |
b6bd795c PL |
2515 | u'keytype': u'csk', |
2516 | u'flags': 257, | |
33918299 | 2517 | u'published': True, |
ccfabd0d | 2518 | u'id': 1} |
4bfebc93 | 2519 | self.assertEqual(key0, expected) |
ccfabd0d CH |
2520 | |
2521 | keydata = keys[0]['dnskey'].split() | |
2522 | self.assertEqual(len(keydata), 4) | |
17d96af7 PD |
2523 | |
2524 | def test_get_keys_with_cds(self): | |
2525 | payload_metadata = {"type": "Metadata", "kind": "PUBLISH-CDS", "metadata": ["4"]} | |
2526 | r = self.session.post(self.url("/api/v1/servers/localhost/zones/powerdnssec.org./metadata"), | |
2527 | data=json.dumps(payload_metadata)) | |
2528 | rdata = r.json() | |
4bfebc93 CH |
2529 | self.assertEqual(r.status_code, 201) |
2530 | self.assertEqual(rdata["metadata"], payload_metadata["metadata"]) | |
17d96af7 PD |
2531 | |
2532 | r = self.session.get( | |
2533 | self.url("/api/v1/servers/localhost/zones/powerdnssec.org./cryptokeys")) | |
2534 | self.assert_success_json(r) | |
2535 | keys = r.json() | |
2536 | self.assertGreater(len(keys), 0) | |
2537 | ||
2538 | key0 = deepcopy(keys[0]) | |
4bfebc93 | 2539 | self.assertEqual(len(key0['cds']), 1) |
17d96af7 | 2540 | self.assertIn(key0['cds'][0], key0['ds']) |
4bfebc93 | 2541 | self.assertEqual(key0['cds'][0].split()[2], '4') |
17d96af7 PD |
2542 | del key0['dnskey'] |
2543 | del key0['ds'] | |
2544 | del key0['cds'] | |
2545 | expected = { | |
2546 | u'algorithm': u'ECDSAP256SHA256', | |
2547 | u'bits': 256, | |
2548 | u'active': True, | |
2549 | u'type': u'Cryptokey', | |
2550 | u'keytype': u'csk', | |
2551 | u'flags': 257, | |
2552 | u'published': True, | |
2553 | u'id': 1} | |
4bfebc93 | 2554 | self.assertEqual(key0, expected) |
17d96af7 PD |
2555 | |
2556 | keydata = keys[0]['dnskey'].split() | |
2557 | self.assertEqual(len(keydata), 4) | |
2558 | ||
2559 | r = self.session.delete(self.url("/api/v1/servers/localhost/zones/powerdnssec.org./metadata/PUBLISH-CDS")) | |
4bfebc93 | 2560 | self.assertEqual(r.status_code, 200) |