]>
Commit | Line | Data |
---|---|---|
541bb91b | 1 | from __future__ import print_function |
e2dba705 | 2 | import json |
486210b8 | 3 | import operator |
d29d5db7 | 4 | import time |
e2dba705 | 5 | import unittest |
f626cc48 | 6 | import requests.exceptions |
ccfabd0d | 7 | from copy import deepcopy |
646bcd7d | 8 | from parameterized import parameterized |
6754ef71 | 9 | from pprint import pprint |
168a76b3 | 10 | from test_helper import ApiTestCase, unique_zone_name, is_auth, is_auth_lmdb, is_recursor, get_db_records, pdnsutil_rectify, sdig |
6754ef71 CH |
11 | |
12 | ||
13 | def get_rrset(data, qname, qtype): | |
14 | for rrset in data['rrsets']: | |
15 | if rrset['name'] == qname and rrset['type'] == qtype: | |
16 | return rrset | |
17 | return None | |
18 | ||
19 | ||
20 | def get_first_rec(data, qname, qtype): | |
21 | rrset = get_rrset(data, qname, qtype) | |
22 | if rrset: | |
23 | return rrset['records'][0] | |
24 | return None | |
25 | ||
26 | ||
27 | def eq_zone_rrsets(rrsets, expected): | |
28 | data_got = {} | |
29 | data_expected = {} | |
541bb91b | 30 | for type_, expected_records in expected.items(): |
6754ef71 CH |
31 | type_ = str(type_) |
32 | data_got[type_] = set() | |
33 | data_expected[type_] = set() | |
34 | uses_name = any(['name' in expected_record for expected_record in expected_records]) | |
35 | # minify + convert received data | |
36 | for rrset in [rrset for rrset in rrsets if rrset['type'] == type_]: | |
541bb91b | 37 | print(rrset) |
6754ef71 CH |
38 | for r in rrset['records']: |
39 | data_got[type_].add((rrset['name'] if uses_name else '@', rrset['type'], r['content'])) | |
40 | # minify expected data | |
41 | for r in expected_records: | |
42 | data_expected[type_].add((r['name'] if uses_name else '@', type_, r['content'])) | |
43 | ||
541bb91b | 44 | print("eq_zone_rrsets: got:") |
6754ef71 | 45 | pprint(data_got) |
541bb91b | 46 | print("eq_zone_rrsets: expected:") |
6754ef71 CH |
47 | pprint(data_expected) |
48 | ||
49 | assert data_got == data_expected, "%r != %r" % (data_got, data_expected) | |
1a152698 CH |
50 | |
51 | ||
70f1db7c CH |
52 | def assert_eq_rrsets(rrsets, expected): |
53 | """Assert rrsets sets are equal, ignoring sort order.""" | |
54 | key = lambda rrset: (rrset['name'], rrset['type']) | |
55 | assert sorted(rrsets, key=key) == sorted(expected, key=key) | |
56 | ||
57 | ||
26636b05 CH |
58 | def templated_rrsets(rrsets: list, zonename: str): |
59 | """ | |
60 | Replace $NAME$ in `name` and `content` of given rrsets with `zonename`. | |
61 | Will return a copy. Original rrsets should stay unmodified. | |
62 | """ | |
63 | new_rrsets = [] | |
64 | for rrset in rrsets: | |
65 | new_rrset = rrset | {"name": rrset["name"].replace('$NAME$', zonename)} | |
66 | ||
67 | if "records" in rrset: | |
68 | records = [] | |
69 | for record in rrset["records"]: | |
70 | records.append(record | {"content": record["content"].replace('$NAME$', zonename)}) | |
71 | new_rrset["records"] = records | |
72 | ||
73 | new_rrsets.append(new_rrset) | |
74 | ||
75 | return new_rrsets | |
76 | ||
77 | ||
02945d9a | 78 | class Zones(ApiTestCase): |
1a152698 | 79 | |
80e9a517 PD |
80 | def _test_list_zones(self, dnssec=True): |
81 | path = "/api/v1/servers/localhost/zones" | |
82 | if not dnssec: | |
83 | path = path + "?dnssec=false" | |
84 | r = self.session.get(self.url(path)) | |
c1374bdb | 85 | self.assert_success_json(r) |
45de6290 | 86 | domains = r.json() |
02945d9a | 87 | example_com = [domain for domain in domains if domain['name'] in ('example.com', 'example.com.')] |
4bfebc93 | 88 | self.assertEqual(len(example_com), 1) |
1a152698 | 89 | example_com = example_com[0] |
a21e8566 | 90 | print(example_com) |
02945d9a | 91 | required_fields = ['id', 'url', 'name', 'kind'] |
c1374bdb | 92 | if is_auth(): |
f0a3c1f0 | 93 | required_fields = required_fields + ['masters', 'last_check', 'notified_serial', 'serial', 'account', 'catalog'] |
80e9a517 PD |
94 | if dnssec: |
95 | required_fields = required_fields = ['dnssec', 'edited_serial'] | |
4bfebc93 | 96 | self.assertNotEqual(example_com['serial'], 0) |
a25bc5e9 PD |
97 | if not dnssec: |
98 | self.assertNotIn('dnssec', example_com) | |
c1374bdb | 99 | elif is_recursor(): |
02945d9a CH |
100 | required_fields = required_fields + ['recursion_desired', 'servers'] |
101 | for field in required_fields: | |
102 | self.assertIn(field, example_com) | |
103 | ||
80e9a517 | 104 | def test_list_zones_with_dnssec(self): |
a25bc5e9 PD |
105 | if is_auth(): |
106 | self._test_list_zones(True) | |
80e9a517 PD |
107 | |
108 | def test_list_zones_without_dnssec(self): | |
109 | self._test_list_zones(False) | |
02945d9a | 110 | |
2f3f66e4 | 111 | |
406497f5 | 112 | class AuthZonesHelperMixin(object): |
8db3d7a6 | 113 | def create_zone(self, name=None, expect_error=None, **kwargs): |
bee2acae CH |
114 | if name is None: |
115 | name = unique_zone_name() | |
e2dba705 | 116 | payload = { |
8db3d7a6 CH |
117 | "name": name, |
118 | "kind": "Native", | |
119 | "nameservers": ["ns1.example.com.", "ns2.example.com."] | |
e2dba705 | 120 | } |
284fdfe9 | 121 | for k, v in kwargs.items(): |
4bdff352 CH |
122 | if v is None: |
123 | del payload[k] | |
124 | else: | |
125 | payload[k] = v | |
8db3d7a6 CH |
126 | if "zone" in payload: |
127 | payload["zone"] = payload["zone"].replace("$NAME$", payload["name"]) | |
128 | if "rrsets" in payload: | |
129 | payload["rrsets"] = templated_rrsets(payload["rrsets"], payload["name"]) | |
130 | ||
2f3f66e4 | 131 | print("Create zone", name, "with:", payload) |
e2dba705 | 132 | r = self.session.post( |
46d06a12 | 133 | self.url("/api/v1/servers/localhost/zones"), |
e2dba705 | 134 | data=json.dumps(payload), |
8db3d7a6 CH |
135 | headers={"content-type": "application/json"}) |
136 | ||
137 | if expect_error: | |
138 | self.assertEqual(r.status_code, 422, r.content) | |
139 | reply = r.json() | |
140 | if expect_error is True: | |
141 | pass | |
142 | else: | |
143 | self.assertIn(expect_error, reply["error"]) | |
144 | else: | |
145 | # expect success | |
146 | self.assertEqual(r.status_code, 201, r.content) | |
147 | reply = r.json() | |
148 | ||
6754ef71 | 149 | return name, payload, reply |
bee2acae | 150 | |
c43b2d23 CH |
151 | def get_zone(self, api_zone_id, expect_error=None, **kwargs): |
152 | print("GET zone", api_zone_id, "args:", kwargs) | |
153 | r = self.session.get( | |
154 | self.url("/api/v1/servers/localhost/zones/" + api_zone_id), | |
155 | params=kwargs | |
156 | ) | |
157 | ||
1d6b70f9 | 158 | reply = r.json() |
541bb91b | 159 | print("reply", reply) |
bee2acae | 160 | |
c43b2d23 CH |
161 | if expect_error: |
162 | self.assertEqual(r.status_code, 422) | |
163 | if expect_error is True: | |
164 | pass | |
165 | else: | |
166 | self.assertIn(expect_error, r.json()['error']) | |
167 | else: | |
168 | # expect success | |
169 | self.assert_success_json(r) | |
170 | self.assertEqual(r.status_code, 200) | |
171 | ||
172 | return reply | |
173 | ||
2f3f66e4 CH |
174 | def put_zone(self, api_zone_id, payload, expect_error=None): |
175 | print("PUT zone", api_zone_id, "with:", payload) | |
176 | r = self.session.put( | |
177 | self.url("/api/v1/servers/localhost/zones/" + api_zone_id), | |
178 | data=json.dumps(payload), | |
179 | headers={'content-type': 'application/json'}) | |
180 | ||
181 | print("reply status code:", r.status_code) | |
182 | if expect_error: | |
26636b05 | 183 | self.assertEqual(r.status_code, 422, r.content) |
2f3f66e4 CH |
184 | reply = r.json() |
185 | if expect_error is True: | |
186 | pass | |
187 | else: | |
188 | self.assertIn(expect_error, reply['error']) | |
189 | else: | |
190 | # expect success (no content) | |
26636b05 | 191 | self.assertEqual(r.status_code, 204, r.content) |
406497f5 CH |
192 | |
193 | @unittest.skipIf(not is_auth(), "Not applicable") | |
194 | class AuthZones(ApiTestCase, AuthZonesHelperMixin): | |
195 | ||
c1374bdb | 196 | def test_create_zone(self): |
b0af9105 | 197 | # soa_edit_api has a default, override with empty for this test |
6754ef71 | 198 | name, payload, data = self.create_zone(serial=22, soa_edit_api='') |
1258fecd | 199 | for k in ('id', 'url', 'name', 'masters', 'kind', 'last_check', 'notified_serial', 'serial', 'edited_serial', 'soa_edit_api', 'soa_edit', 'account'): |
d29d5db7 CH |
200 | self.assertIn(k, data) |
201 | if k in payload: | |
4bfebc93 | 202 | self.assertEqual(data[k], payload[k]) |
f63168e6 | 203 | # validate generated SOA |
f527c6ff | 204 | expected_soa = "a.misconfigured.dns.server.invalid. hostmaster." + name + " " + \ |
1d6b70f9 | 205 | str(payload['serial']) + " 10800 3600 604800 3600" |
4bfebc93 | 206 | self.assertEqual( |
6754ef71 | 207 | get_first_rec(data, name, 'SOA')['content'], |
1d6b70f9 | 208 | expected_soa |
f63168e6 | 209 | ) |
d1b98434 PD |
210 | |
211 | if not is_auth_lmdb(): | |
212 | # Because we had confusion about dots, check that the DB is without dots. | |
213 | dbrecs = get_db_records(name, 'SOA') | |
214 | self.assertEqual(dbrecs[0]['content'], expected_soa.replace('. ', ' ')) | |
4bfebc93 | 215 | self.assertNotEqual(data['serial'], data['edited_serial']) |
d29d5db7 | 216 | |
c1374bdb | 217 | def test_create_zone_with_soa_edit_api(self): |
f63168e6 | 218 | # soa_edit_api wins over serial |
6754ef71 | 219 | name, payload, data = self.create_zone(soa_edit_api='EPOCH', serial=10) |
f63168e6 | 220 | for k in ('soa_edit_api', ): |
e2dba705 CH |
221 | self.assertIn(k, data) |
222 | if k in payload: | |
4bfebc93 | 223 | self.assertEqual(data[k], payload[k]) |
f63168e6 | 224 | # generated EPOCH serial surely is > fixed serial we passed in |
541bb91b | 225 | print(data) |
f63168e6 | 226 | self.assertGreater(data['serial'], payload['serial']) |
6754ef71 | 227 | soa_serial = int(get_first_rec(data, name, 'SOA')['content'].split(' ')[2]) |
f63168e6 | 228 | self.assertGreater(soa_serial, payload['serial']) |
4bfebc93 | 229 | self.assertEqual(soa_serial, data['serial']) |
6bb25159 | 230 | |
a0930e45 KM |
231 | def test_create_zone_with_catalog(self): |
232 | # soa_edit_api wins over serial | |
233 | name, payload, data = self.create_zone(catalog='catalog.invalid.', serial=10) | |
234 | print(data) | |
235 | for k in ('catalog', ): | |
236 | self.assertIn(k, data) | |
237 | if k in payload: | |
238 | self.assertEqual(data[k], payload[k]) | |
239 | ||
f0a3c1f0 PD |
240 | # check that the catalog is reflected in the /zones output (#13633) |
241 | r = self.session.get(self.url("/api/v1/servers/localhost/zones")) | |
242 | self.assert_success_json(r) | |
243 | domains = r.json() | |
244 | domain = [domain for domain in domains if domain['name'] == name] | |
245 | self.assertEqual(len(domain), 1) | |
246 | domain = domain[0] | |
247 | self.assertEqual(domain["catalog"], "catalog.invalid.") | |
248 | ||
79532aa7 CH |
249 | def test_create_zone_with_account(self): |
250 | # soa_edit_api wins over serial | |
c8734ecd | 251 | name, payload, data = self.create_zone(account='anaccount', serial=10, kind='Master') |
541bb91b | 252 | print(data) |
79532aa7 CH |
253 | for k in ('account', ): |
254 | self.assertIn(k, data) | |
255 | if k in payload: | |
4bfebc93 | 256 | self.assertEqual(data[k], payload[k]) |
79532aa7 | 257 | |
c8734ecd PD |
258 | # as we did not set a catalog in our request, check that the default catalog was applied |
259 | self.assertEqual(data['catalog'], "default-catalog.example.com.") | |
260 | ||
9440a9f0 CH |
261 | def test_create_zone_default_soa_edit_api(self): |
262 | name, payload, data = self.create_zone() | |
541bb91b | 263 | print(data) |
4bfebc93 | 264 | self.assertEqual(data['soa_edit_api'], 'DEFAULT') |
9440a9f0 | 265 | |
331d3062 CH |
266 | def test_create_zone_exists(self): |
267 | name, payload, data = self.create_zone() | |
268 | print(data) | |
269 | payload = { | |
270 | 'name': name, | |
271 | 'kind': 'Native' | |
272 | } | |
273 | print(payload) | |
274 | r = self.session.post( | |
275 | self.url("/api/v1/servers/localhost/zones"), | |
276 | data=json.dumps(payload), | |
277 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 278 | self.assertEqual(r.status_code, 409) # Conflict - already exists |
331d3062 | 279 | |
01f7df3f CH |
280 | def test_create_zone_with_soa_edit(self): |
281 | name, payload, data = self.create_zone(soa_edit='INCEPTION-INCREMENT', soa_edit_api='SOA-EDIT-INCREASE') | |
541bb91b | 282 | print(data) |
4bfebc93 CH |
283 | self.assertEqual(data['soa_edit'], 'INCEPTION-INCREMENT') |
284 | self.assertEqual(data['soa_edit_api'], 'SOA-EDIT-INCREASE') | |
01f7df3f CH |
285 | soa_serial = get_first_rec(data, name, 'SOA')['content'].split(' ')[2] |
286 | # These particular settings lead to the first serial set to YYYYMMDD01. | |
4bfebc93 | 287 | self.assertEqual(soa_serial[-2:], '01') |
f613d242 CH |
288 | rrset = { |
289 | 'changetype': 'replace', | |
290 | 'name': name, | |
291 | 'type': 'A', | |
292 | 'ttl': 3600, | |
293 | 'records': [ | |
294 | { | |
295 | "content": "127.0.0.1", | |
296 | "disabled": False | |
297 | } | |
298 | ] | |
299 | } | |
300 | payload = {'rrsets': [rrset]} | |
301 | self.session.patch( | |
302 | self.url("/api/v1/servers/localhost/zones/" + data['id']), | |
303 | data=json.dumps(payload), | |
304 | headers={'content-type': 'application/json'}) | |
c43b2d23 | 305 | data = self.get_zone(data['id']) |
f613d242 | 306 | soa_serial = get_first_rec(data, name, 'SOA')['content'].split(' ')[2] |
4bfebc93 | 307 | self.assertEqual(soa_serial[-2:], '02') |
01f7df3f | 308 | |
c1374bdb | 309 | def test_create_zone_with_records(self): |
f63168e6 | 310 | name = unique_zone_name() |
6754ef71 CH |
311 | rrset = { |
312 | "name": name, | |
313 | "type": "A", | |
314 | "ttl": 3600, | |
315 | "records": [{ | |
f63168e6 | 316 | "content": "4.3.2.1", |
6754ef71 CH |
317 | "disabled": False, |
318 | }], | |
319 | } | |
320 | name, payload, data = self.create_zone(name=name, rrsets=[rrset]) | |
f63168e6 | 321 | # check our record has appeared |
4bfebc93 | 322 | self.assertEqual(get_rrset(data, name, 'A')['records'], rrset['records']) |
f63168e6 | 323 | |
d0953126 AT |
324 | def test_create_zone_with_wildcard_records(self): |
325 | name = unique_zone_name() | |
6754ef71 CH |
326 | rrset = { |
327 | "name": "*."+name, | |
328 | "type": "A", | |
329 | "ttl": 3600, | |
330 | "records": [{ | |
d0953126 | 331 | "content": "4.3.2.1", |
6754ef71 CH |
332 | "disabled": False, |
333 | }], | |
334 | } | |
335 | name, payload, data = self.create_zone(name=name, rrsets=[rrset]) | |
d0953126 | 336 | # check our record has appeared |
4bfebc93 | 337 | self.assertEqual(get_rrset(data, rrset['name'], 'A')['records'], rrset['records']) |
d0953126 | 338 | |
c1374bdb | 339 | def test_create_zone_with_comments(self): |
f63168e6 | 340 | name = unique_zone_name() |
f2d6dcc0 RG |
341 | rrsets = [ |
342 | { | |
343 | "name": name, | |
344 | "type": "soa", # test uppercasing of type, too. | |
345 | "comments": [{ | |
346 | "account": "test1", | |
93ad866b | 347 | "content": "blah blah and test a few non-ASCII chars: ö, €", |
f2d6dcc0 RG |
348 | "modified_at": 11112, |
349 | }], | |
350 | }, | |
351 | { | |
352 | "name": name, | |
353 | "type": "AAAA", | |
354 | "ttl": 3600, | |
355 | "records": [{ | |
356 | "content": "2001:DB8::1", | |
357 | "disabled": False, | |
358 | }], | |
359 | "comments": [{ | |
360 | "account": "test AAAA", | |
361 | "content": "blah blah AAAA", | |
362 | "modified_at": 11112, | |
363 | }], | |
364 | }, | |
365 | { | |
366 | "name": name, | |
367 | "type": "TXT", | |
368 | "ttl": 3600, | |
369 | "records": [{ | |
370 | "content": "\"test TXT\"", | |
371 | "disabled": False, | |
372 | }], | |
373 | }, | |
374 | { | |
375 | "name": name, | |
376 | "type": "A", | |
377 | "ttl": 3600, | |
378 | "records": [{ | |
379 | "content": "192.0.2.1", | |
380 | "disabled": False, | |
381 | }], | |
382 | }, | |
383 | ] | |
f626cc48 PD |
384 | |
385 | if is_auth_lmdb(): | |
8db3d7a6 CH |
386 | # No comments in LMDB |
387 | self.create_zone(name=name, rrsets=rrsets, expect_error="Hosting backend does not support editing comments.") | |
f626cc48 PD |
388 | return |
389 | ||
8db3d7a6 | 390 | name, _, data = self.create_zone(name=name, rrsets=rrsets) |
f2d6dcc0 | 391 | # NS records have been created |
4bfebc93 | 392 | self.assertEqual(len(data['rrsets']), len(rrsets) + 1) |
f63168e6 | 393 | # check our comment has appeared |
4bfebc93 CH |
394 | self.assertEqual(get_rrset(data, name, 'SOA')['comments'], rrsets[0]['comments']) |
395 | self.assertEqual(get_rrset(data, name, 'A')['comments'], []) | |
396 | self.assertEqual(get_rrset(data, name, 'TXT')['comments'], []) | |
397 | self.assertEqual(get_rrset(data, name, 'AAAA')['comments'], rrsets[1]['comments']) | |
f63168e6 | 398 | |
1d6b70f9 CH |
399 | def test_create_zone_uncanonical_nameservers(self): |
400 | name = unique_zone_name() | |
401 | payload = { | |
402 | 'name': name, | |
403 | 'kind': 'Native', | |
404 | 'nameservers': ['uncanon.example.com'] | |
405 | } | |
541bb91b | 406 | print(payload) |
1d6b70f9 CH |
407 | r = self.session.post( |
408 | self.url("/api/v1/servers/localhost/zones"), | |
409 | data=json.dumps(payload), | |
410 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 411 | self.assertEqual(r.status_code, 422) |
1d6b70f9 CH |
412 | self.assertIn('Nameserver is not canonical', r.json()['error']) |
413 | ||
414 | def test_create_auth_zone_no_name(self): | |
415 | name = unique_zone_name() | |
416 | payload = { | |
417 | 'name': '', | |
418 | 'kind': 'Native', | |
419 | } | |
541bb91b | 420 | print(payload) |
1d6b70f9 CH |
421 | r = self.session.post( |
422 | self.url("/api/v1/servers/localhost/zones"), | |
423 | data=json.dumps(payload), | |
424 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 425 | self.assertEqual(r.status_code, 422) |
1d6b70f9 CH |
426 | self.assertIn('is not canonical', r.json()['error']) |
427 | ||
c1374bdb | 428 | def test_create_zone_with_custom_soa(self): |
f63168e6 | 429 | name = unique_zone_name() |
6754ef71 CH |
430 | content = u"ns1.example.net. testmaster@example.net. 10 10800 3600 604800 3600" |
431 | rrset = { | |
432 | "name": name, | |
433 | "type": "soa", # test uppercasing of type, too. | |
434 | "ttl": 3600, | |
435 | "records": [{ | |
436 | "content": content, | |
437 | "disabled": False, | |
438 | }], | |
439 | } | |
440 | name, payload, data = self.create_zone(name=name, rrsets=[rrset], soa_edit_api='') | |
4bfebc93 | 441 | self.assertEqual(get_rrset(data, name, 'SOA')['records'], rrset['records']) |
d1b98434 PD |
442 | if not is_auth_lmdb(): |
443 | dbrecs = get_db_records(name, 'SOA') | |
444 | self.assertEqual(dbrecs[0]['content'], content.replace('. ', ' ')) | |
1d6b70f9 CH |
445 | |
446 | def test_create_zone_double_dot(self): | |
447 | name = 'test..' + unique_zone_name() | |
448 | payload = { | |
449 | 'name': name, | |
450 | 'kind': 'Native', | |
451 | 'nameservers': ['ns1.example.com.'] | |
452 | } | |
541bb91b | 453 | print(payload) |
1d6b70f9 CH |
454 | r = self.session.post( |
455 | self.url("/api/v1/servers/localhost/zones"), | |
456 | data=json.dumps(payload), | |
457 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 458 | self.assertEqual(r.status_code, 422) |
1d6b70f9 | 459 | self.assertIn('Unable to parse DNS Name', r.json()['error']) |
05776d2f | 460 | |
1d6b70f9 CH |
461 | def test_create_zone_restricted_chars(self): |
462 | name = 'test:' + unique_zone_name() # : isn't good as a name. | |
463 | payload = { | |
464 | 'name': name, | |
465 | 'kind': 'Native', | |
466 | 'nameservers': ['ns1.example.com'] | |
467 | } | |
541bb91b | 468 | print(payload) |
1d6b70f9 CH |
469 | r = self.session.post( |
470 | self.url("/api/v1/servers/localhost/zones"), | |
471 | data=json.dumps(payload), | |
472 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 473 | self.assertEqual(r.status_code, 422) |
1d6b70f9 | 474 | self.assertIn('contains unsupported characters', r.json()['error']) |
4ebf78b1 | 475 | |
33e6c3e9 CH |
476 | def test_create_zone_mixed_nameservers_ns_rrset_zonelevel(self): |
477 | name = unique_zone_name() | |
478 | rrset = { | |
479 | "name": name, | |
480 | "type": "NS", | |
481 | "ttl": 3600, | |
482 | "records": [{ | |
483 | "content": "ns2.example.com.", | |
484 | "disabled": False, | |
485 | }], | |
486 | } | |
487 | payload = { | |
488 | 'name': name, | |
489 | 'kind': 'Native', | |
490 | 'nameservers': ['ns1.example.com.'], | |
491 | 'rrsets': [rrset], | |
492 | } | |
541bb91b | 493 | print(payload) |
33e6c3e9 CH |
494 | r = self.session.post( |
495 | self.url("/api/v1/servers/localhost/zones"), | |
496 | data=json.dumps(payload), | |
497 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 498 | self.assertEqual(r.status_code, 422) |
33e6c3e9 CH |
499 | self.assertIn('Nameservers list MUST NOT be mixed with zone-level NS in rrsets', r.json()['error']) |
500 | ||
501 | def test_create_zone_mixed_nameservers_ns_rrset_below_zonelevel(self): | |
502 | name = unique_zone_name() | |
503 | rrset = { | |
504 | "name": 'subzone.'+name, | |
505 | "type": "NS", | |
506 | "ttl": 3600, | |
507 | "records": [{ | |
508 | "content": "ns2.example.com.", | |
509 | "disabled": False, | |
510 | }], | |
511 | } | |
512 | payload = { | |
513 | 'name': name, | |
514 | 'kind': 'Native', | |
515 | 'nameservers': ['ns1.example.com.'], | |
516 | 'rrsets': [rrset], | |
517 | } | |
541bb91b | 518 | print(payload) |
33e6c3e9 CH |
519 | r = self.session.post( |
520 | self.url("/api/v1/servers/localhost/zones"), | |
521 | data=json.dumps(payload), | |
522 | headers={'content-type': 'application/json'}) | |
523 | self.assert_success_json(r) | |
524 | ||
c1374bdb | 525 | def test_create_zone_with_symbols(self): |
6754ef71 | 526 | name, payload, data = self.create_zone(name='foo/bar.'+unique_zone_name()) |
bee2acae | 527 | name = payload['name'] |
1d6b70f9 | 528 | expected_id = name.replace('/', '=2F') |
00a9b229 CH |
529 | for k in ('id', 'url', 'name', 'masters', 'kind', 'last_check', 'notified_serial', 'serial'): |
530 | self.assertIn(k, data) | |
531 | if k in payload: | |
4bfebc93 CH |
532 | self.assertEqual(data[k], payload[k]) |
533 | self.assertEqual(data['id'], expected_id) | |
d1b98434 PD |
534 | if not is_auth_lmdb(): |
535 | dbrecs = get_db_records(name, 'SOA') | |
536 | self.assertEqual(dbrecs[0]['name'], name.rstrip('.')) | |
00a9b229 | 537 | |
c1374bdb | 538 | def test_create_zone_with_nameservers_non_string(self): |
e90b4e38 CH |
539 | # ensure we don't crash |
540 | name = unique_zone_name() | |
541 | payload = { | |
542 | 'name': name, | |
543 | 'kind': 'Native', | |
544 | 'nameservers': [{'a': 'ns1.example.com'}] # invalid | |
545 | } | |
541bb91b | 546 | print(payload) |
e90b4e38 | 547 | r = self.session.post( |
46d06a12 | 548 | self.url("/api/v1/servers/localhost/zones"), |
e90b4e38 CH |
549 | data=json.dumps(payload), |
550 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 551 | self.assertEqual(r.status_code, 422) |
e90b4e38 | 552 | |
986e4858 PL |
553 | def test_create_zone_with_dnssec(self): |
554 | """ | |
555 | Create a zone with "dnssec" set and see if a key was made. | |
556 | """ | |
557 | name = unique_zone_name() | |
558 | name, payload, data = self.create_zone(dnssec=True) | |
559 | ||
c43b2d23 | 560 | self.get_zone(name) |
986e4858 PL |
561 | |
562 | for k in ('dnssec', ): | |
563 | self.assertIn(k, data) | |
564 | if k in payload: | |
4bfebc93 | 565 | self.assertEqual(data[k], payload[k]) |
986e4858 PL |
566 | |
567 | r = self.session.get(self.url("/api/v1/servers/localhost/zones/" + name + '/cryptokeys')) | |
568 | ||
569 | keys = r.json() | |
570 | ||
541bb91b | 571 | print(keys) |
986e4858 | 572 | |
4bfebc93 CH |
573 | self.assertEqual(r.status_code, 200) |
574 | self.assertEqual(len(keys), 1) | |
575 | self.assertEqual(keys[0]['type'], 'Cryptokey') | |
576 | self.assertEqual(keys[0]['active'], True) | |
577 | self.assertEqual(keys[0]['keytype'], 'csk') | |
986e4858 | 578 | |
cbe8b186 PL |
579 | def test_create_zone_with_dnssec_disable_dnssec(self): |
580 | """ | |
581 | Create a zone with "dnssec", then set "dnssec" to false and see if the | |
582 | keys are gone | |
583 | """ | |
584 | name = unique_zone_name() | |
585 | name, payload, data = self.create_zone(dnssec=True) | |
586 | ||
2f3f66e4 | 587 | self.put_zone(name, {'dnssec': False}) |
cbe8b186 | 588 | |
c43b2d23 | 589 | zoneinfo = self.get_zone(name) |
4bfebc93 | 590 | self.assertEqual(zoneinfo['dnssec'], False) |
cbe8b186 PL |
591 | |
592 | r = self.session.get(self.url("/api/v1/servers/localhost/zones/" + name + '/cryptokeys')) | |
593 | ||
594 | keys = r.json() | |
595 | ||
4bfebc93 CH |
596 | self.assertEqual(r.status_code, 200) |
597 | self.assertEqual(len(keys), 0) | |
cbe8b186 | 598 | |
986e4858 PL |
599 | def test_create_zone_with_nsec3param(self): |
600 | """ | |
601 | Create a zone with "nsec3param" set and see if the metadata was added. | |
602 | """ | |
603 | name = unique_zone_name() | |
5a5d565f | 604 | nsec3param = '1 0 100 aabbccddeeff' |
986e4858 PL |
605 | name, payload, data = self.create_zone(dnssec=True, nsec3param=nsec3param) |
606 | ||
c43b2d23 | 607 | self.get_zone(name) |
986e4858 PL |
608 | |
609 | for k in ('dnssec', 'nsec3param'): | |
610 | self.assertIn(k, data) | |
611 | if k in payload: | |
4bfebc93 | 612 | self.assertEqual(data[k], payload[k]) |
986e4858 PL |
613 | |
614 | r = self.session.get(self.url("/api/v1/servers/localhost/zones/" + name + '/metadata/NSEC3PARAM')) | |
615 | ||
616 | data = r.json() | |
617 | ||
541bb91b | 618 | print(data) |
986e4858 | 619 | |
4bfebc93 CH |
620 | self.assertEqual(r.status_code, 200) |
621 | self.assertEqual(len(data['metadata']), 1) | |
622 | self.assertEqual(data['kind'], 'NSEC3PARAM') | |
623 | self.assertEqual(data['metadata'][0], nsec3param) | |
986e4858 PL |
624 | |
625 | def test_create_zone_with_nsec3narrow(self): | |
626 | """ | |
627 | Create a zone with "nsec3narrow" set and see if the metadata was added. | |
628 | """ | |
629 | name = unique_zone_name() | |
5a5d565f | 630 | nsec3param = '1 0 100 aabbccddeeff' |
986e4858 PL |
631 | name, payload, data = self.create_zone(dnssec=True, nsec3param=nsec3param, |
632 | nsec3narrow=True) | |
633 | ||
c43b2d23 | 634 | self.get_zone(name) |
986e4858 PL |
635 | |
636 | for k in ('dnssec', 'nsec3param', 'nsec3narrow'): | |
637 | self.assertIn(k, data) | |
638 | if k in payload: | |
4bfebc93 | 639 | self.assertEqual(data[k], payload[k]) |
986e4858 PL |
640 | |
641 | r = self.session.get(self.url("/api/v1/servers/localhost/zones/" + name + '/metadata/NSEC3NARROW')) | |
642 | ||
643 | data = r.json() | |
644 | ||
541bb91b | 645 | print(data) |
986e4858 | 646 | |
4bfebc93 CH |
647 | self.assertEqual(r.status_code, 200) |
648 | self.assertEqual(len(data['metadata']), 1) | |
649 | self.assertEqual(data['kind'], 'NSEC3NARROW') | |
650 | self.assertEqual(data['metadata'][0], '1') | |
986e4858 | 651 | |
df434f42 PL |
652 | def test_create_zone_with_nsec3param_switch_to_nsec(self): |
653 | """ | |
654 | Create a zone with "nsec3param", then remove the params | |
655 | """ | |
656 | name, payload, data = self.create_zone(dnssec=True, | |
657 | nsec3param='1 0 1 ab') | |
2f3f66e4 | 658 | self.put_zone(name, {'nsec3param': ''}) |
df434f42 | 659 | |
c43b2d23 | 660 | data = self.get_zone(name) |
4bfebc93 | 661 | self.assertEqual(data['nsec3param'], '') |
df434f42 | 662 | |
efc52697 KM |
663 | def test_create_zone_without_dnssec_unset_nsec3parm(self): |
664 | """ | |
665 | Create a non dnssec zone and set an empty "nsec3param" | |
666 | """ | |
667 | name, payload, data = self.create_zone(dnssec=False) | |
2f3f66e4 | 668 | self.put_zone(name, {'nsec3param': ''}) |
efc52697 KM |
669 | |
670 | def test_create_zone_without_dnssec_set_nsec3parm(self): | |
671 | """ | |
672 | Create a non dnssec zone and set "nsec3param" | |
673 | """ | |
674 | name, payload, data = self.create_zone(dnssec=False) | |
2f3f66e4 | 675 | self.put_zone(name, {'nsec3param': '1 0 1 ab'}, expect_error=True) |
efc52697 | 676 | |
a843c67e KM |
677 | def test_create_zone_dnssec_serial(self): |
678 | """ | |
168a76b3 | 679 | Create a zone, then set and unset "dnssec", then check if the serial was increased |
a843c67e KM |
680 | after every step |
681 | """ | |
a843c67e KM |
682 | name, payload, data = self.create_zone() |
683 | ||
684 | soa_serial = get_first_rec(data, name, 'SOA')['content'].split(' ')[2] | |
4bfebc93 | 685 | self.assertEqual(soa_serial[-2:], '01') |
a843c67e | 686 | |
2f3f66e4 | 687 | self.put_zone(name, {'dnssec': True}) |
a843c67e | 688 | |
c43b2d23 | 689 | data = self.get_zone(name) |
a843c67e | 690 | soa_serial = get_first_rec(data, name, 'SOA')['content'].split(' ')[2] |
4bfebc93 | 691 | self.assertEqual(soa_serial[-2:], '02') |
a843c67e | 692 | |
2f3f66e4 | 693 | self.put_zone(name, {'dnssec': False}) |
a843c67e | 694 | |
c43b2d23 | 695 | data = self.get_zone(name) |
a843c67e | 696 | soa_serial = get_first_rec(data, name, 'SOA')['content'].split(' ')[2] |
4bfebc93 | 697 | self.assertEqual(soa_serial[-2:], '03') |
a843c67e | 698 | |
16e25450 | 699 | def test_zone_absolute_url(self): |
c43b2d23 | 700 | self.create_zone() |
16e25450 CH |
701 | r = self.session.get(self.url("/api/v1/servers/localhost/zones")) |
702 | rdata = r.json() | |
703 | print(rdata[0]) | |
704 | self.assertTrue(rdata[0]['url'].startswith('/api/v')) | |
705 | ||
24e11043 CJ |
706 | def test_create_zone_metadata(self): |
707 | payload_metadata = {"type": "Metadata", "kind": "AXFR-SOURCE", "metadata": ["127.0.0.2"]} | |
708 | r = self.session.post(self.url("/api/v1/servers/localhost/zones/example.com/metadata"), | |
709 | data=json.dumps(payload_metadata)) | |
710 | rdata = r.json() | |
4bfebc93 CH |
711 | self.assertEqual(r.status_code, 201) |
712 | self.assertEqual(rdata["metadata"], payload_metadata["metadata"]) | |
24e11043 CJ |
713 | |
714 | def test_create_zone_metadata_kind(self): | |
715 | payload_metadata = {"metadata": ["127.0.0.2"]} | |
716 | r = self.session.put(self.url("/api/v1/servers/localhost/zones/example.com/metadata/AXFR-SOURCE"), | |
717 | data=json.dumps(payload_metadata)) | |
718 | rdata = r.json() | |
4bfebc93 CH |
719 | self.assertEqual(r.status_code, 200) |
720 | self.assertEqual(rdata["metadata"], payload_metadata["metadata"]) | |
24e11043 CJ |
721 | |
722 | def test_create_protected_zone_metadata(self): | |
723 | # test whether it prevents modification of certain kinds | |
724 | for k in ("NSEC3NARROW", "NSEC3PARAM", "PRESIGNED", "LUA-AXFR-SCRIPT"): | |
725 | payload = {"metadata": ["FOO", "BAR"]} | |
726 | r = self.session.put(self.url("/api/v1/servers/localhost/zones/example.com/metadata/%s" % k), | |
727 | data=json.dumps(payload)) | |
4bfebc93 | 728 | self.assertEqual(r.status_code, 422) |
24e11043 CJ |
729 | |
730 | def test_retrieve_zone_metadata(self): | |
731 | payload_metadata = {"type": "Metadata", "kind": "AXFR-SOURCE", "metadata": ["127.0.0.2"]} | |
732 | self.session.post(self.url("/api/v1/servers/localhost/zones/example.com/metadata"), | |
733 | data=json.dumps(payload_metadata)) | |
734 | r = self.session.get(self.url("/api/v1/servers/localhost/zones/example.com/metadata")) | |
735 | rdata = r.json() | |
4bfebc93 | 736 | self.assertEqual(r.status_code, 200) |
24e11043 CJ |
737 | self.assertIn(payload_metadata, rdata) |
738 | ||
739 | def test_delete_zone_metadata(self): | |
740 | r = self.session.delete(self.url("/api/v1/servers/localhost/zones/example.com/metadata/AXFR-SOURCE")) | |
a406b334 | 741 | self.assertEqual(r.status_code, 204) |
24e11043 CJ |
742 | r = self.session.get(self.url("/api/v1/servers/localhost/zones/example.com/metadata/AXFR-SOURCE")) |
743 | rdata = r.json() | |
4bfebc93 CH |
744 | self.assertEqual(r.status_code, 200) |
745 | self.assertEqual(rdata["metadata"], []) | |
24e11043 | 746 | |
9ac4e6d5 PL |
747 | def test_create_external_zone_metadata(self): |
748 | payload_metadata = {"metadata": ["My very important message"]} | |
749 | r = self.session.put(self.url("/api/v1/servers/localhost/zones/example.com/metadata/X-MYMETA"), | |
750 | data=json.dumps(payload_metadata)) | |
4bfebc93 | 751 | self.assertEqual(r.status_code, 200) |
9ac4e6d5 | 752 | rdata = r.json() |
4bfebc93 | 753 | self.assertEqual(rdata["metadata"], payload_metadata["metadata"]) |
9ac4e6d5 | 754 | |
d38e81e6 PL |
755 | def test_create_metadata_in_non_existent_zone(self): |
756 | payload_metadata = {"type": "Metadata", "kind": "AXFR-SOURCE", "metadata": ["127.0.0.2"]} | |
757 | r = self.session.post(self.url("/api/v1/servers/localhost/zones/idonotexist.123.456.example./metadata"), | |
758 | data=json.dumps(payload_metadata)) | |
4bfebc93 | 759 | self.assertEqual(r.status_code, 404) |
77bfe8de PL |
760 | # Note: errors should probably contain json (see #5988) |
761 | # self.assertIn('Could not find domain ', r.json()['error']) | |
d38e81e6 | 762 | |
4bdff352 CH |
763 | def test_create_slave_zone(self): |
764 | # Test that nameservers can be absent for slave zones. | |
6754ef71 | 765 | name, payload, data = self.create_zone(kind='Slave', nameservers=None, masters=['127.0.0.2']) |
4bdff352 CH |
766 | for k in ('name', 'masters', 'kind'): |
767 | self.assertIn(k, data) | |
4bfebc93 | 768 | self.assertEqual(data[k], payload[k]) |
541bb91b CH |
769 | print("payload:", payload) |
770 | print("data:", data) | |
4de11a54 | 771 | # Because slave zones don't get a SOA, we need to test that they'll show up in the zone list. |
46d06a12 | 772 | r = self.session.get(self.url("/api/v1/servers/localhost/zones")) |
4de11a54 | 773 | zonelist = r.json() |
541bb91b | 774 | print("zonelist:", zonelist) |
4de11a54 CH |
775 | self.assertIn(payload['name'], [zone['name'] for zone in zonelist]) |
776 | # Also test that fetching the zone works. | |
c43b2d23 | 777 | data = self.get_zone(data['id']) |
541bb91b | 778 | print("zone (fetched):", data) |
4de11a54 CH |
779 | for k in ('name', 'masters', 'kind'): |
780 | self.assertIn(k, data) | |
4bfebc93 | 781 | self.assertEqual(data[k], payload[k]) |
4de11a54 | 782 | self.assertEqual(data['serial'], 0) |
6754ef71 | 783 | self.assertEqual(data['rrsets'], []) |
4de11a54 | 784 | |
2f27a15f KM |
785 | def test_create_consumer_zone(self): |
786 | # Test that nameservers can be absent for consumer zones. | |
8db3d7a6 | 787 | _, payload, data = self.create_zone(kind='Consumer', nameservers=None, masters=['127.0.0.2']) |
2f27a15f KM |
788 | print("payload:", payload) |
789 | print("data:", data) | |
790 | # Because consumer zones don't get a SOA, we need to test that they'll show up in the zone list. | |
791 | r = self.session.get(self.url("/api/v1/servers/localhost/zones")) | |
792 | zonelist = r.json() | |
793 | print("zonelist:", zonelist) | |
794 | self.assertIn(payload['name'], [zone['name'] for zone in zonelist]) | |
795 | # Also test that fetching the zone works. | |
796 | r = self.session.get(self.url("/api/v1/servers/localhost/zones/" + data['id'])) | |
797 | data = r.json() | |
798 | print("zone (fetched):", data) | |
799 | for k in ('name', 'masters', 'kind'): | |
800 | self.assertIn(k, data) | |
801 | self.assertEqual(data[k], payload[k]) | |
802 | self.assertEqual(data['serial'], 0) | |
803 | self.assertEqual(data['rrsets'], []) | |
804 | ||
8db3d7a6 CH |
805 | def test_create_consumer_zone_no_nameservers(self): |
806 | """nameservers must be absent for Consumer zones""" | |
807 | self.create_zone(kind="Consumer", nameservers=["127.0.0.1"], expect_error="Nameservers MUST NOT be given for Consumer zones") | |
808 | ||
809 | def test_create_consumer_zone_no_rrsets(self): | |
810 | """rrsets must be absent for Consumer zones""" | |
811 | rrsets = [{ | |
812 | "name": "$NAME$", | |
813 | "type": "SOA", | |
814 | "ttl": 3600, | |
815 | "records": [{ | |
816 | "content": "ns1.example.net. testmaster@example.net. 10 10800 3600 604800 3600", | |
817 | "disabled": False, | |
818 | }], | |
819 | }] | |
820 | self.create_zone(kind="Consumer", nameservers=None, rrsets=rrsets, expect_error="Zone data MUST NOT be given for Consumer zones") | |
821 | ||
e543cc8f CH |
822 | def test_find_zone_by_name(self): |
823 | name = 'foo/' + unique_zone_name() | |
824 | name, payload, data = self.create_zone(name=name) | |
825 | r = self.session.get(self.url("/api/v1/servers/localhost/zones?zone=" + name)) | |
826 | data = r.json() | |
827 | print(data) | |
4bfebc93 | 828 | self.assertEqual(data[0]['name'], name) |
e543cc8f | 829 | |
4de11a54 | 830 | def test_delete_slave_zone(self): |
6754ef71 | 831 | name, payload, data = self.create_zone(kind='Slave', nameservers=None, masters=['127.0.0.2']) |
46d06a12 | 832 | r = self.session.delete(self.url("/api/v1/servers/localhost/zones/" + data['id'])) |
2f27a15f KM |
833 | r.raise_for_status() |
834 | ||
835 | def test_delete_consumer_zone(self): | |
836 | name, payload, data = self.create_zone(kind='Consumer', nameservers=None, masters=['127.0.0.2']) | |
837 | r = self.session.delete(self.url("/api/v1/servers/localhost/zones/" + data['id'])) | |
4de11a54 | 838 | r.raise_for_status() |
4bdff352 | 839 | |
a426cb89 | 840 | def test_retrieve_slave_zone(self): |
6754ef71 | 841 | name, payload, data = self.create_zone(kind='Slave', nameservers=None, masters=['127.0.0.2']) |
541bb91b CH |
842 | print("payload:", payload) |
843 | print("data:", data) | |
46d06a12 | 844 | r = self.session.put(self.url("/api/v1/servers/localhost/zones/" + data['id'] + "/axfr-retrieve")) |
a426cb89 | 845 | data = r.json() |
541bb91b | 846 | print("status for axfr-retrieve:", data) |
a426cb89 | 847 | self.assertEqual(data['result'], u'Added retrieval request for \'' + payload['name'] + |
75241263 | 848 | '\' from primary 127.0.0.2') |
a426cb89 CH |
849 | |
850 | def test_notify_master_zone(self): | |
6754ef71 | 851 | name, payload, data = self.create_zone(kind='Master') |
541bb91b CH |
852 | print("payload:", payload) |
853 | print("data:", data) | |
46d06a12 | 854 | r = self.session.put(self.url("/api/v1/servers/localhost/zones/" + data['id'] + "/notify")) |
a426cb89 | 855 | data = r.json() |
541bb91b | 856 | print("status for notify:", data) |
a426cb89 CH |
857 | self.assertEqual(data['result'], 'Notification queued') |
858 | ||
c1374bdb | 859 | def test_get_zone_with_symbols(self): |
6754ef71 | 860 | name, payload, data = self.create_zone(name='foo/bar.'+unique_zone_name()) |
3c3c006b | 861 | name = payload['name'] |
1d6b70f9 | 862 | zone_id = (name.replace('/', '=2F')) |
c43b2d23 | 863 | data = self.get_zone(zone_id) |
6bb25159 | 864 | for k in ('id', 'url', 'name', 'masters', 'kind', 'last_check', 'notified_serial', 'serial', 'dnssec'): |
3c3c006b CH |
865 | self.assertIn(k, data) |
866 | if k in payload: | |
4bfebc93 | 867 | self.assertEqual(data[k], payload[k]) |
3c3c006b | 868 | |
c1374bdb | 869 | def test_get_zone(self): |
46d06a12 | 870 | r = self.session.get(self.url("/api/v1/servers/localhost/zones")) |
05776d2f | 871 | domains = r.json() |
1d6b70f9 | 872 | example_com = [domain for domain in domains if domain['name'] == u'example.com.'][0] |
c43b2d23 | 873 | data = self.get_zone(example_com['id']) |
05776d2f CH |
874 | for k in ('id', 'url', 'name', 'masters', 'kind', 'last_check', 'notified_serial', 'serial'): |
875 | self.assertIn(k, data) | |
4bfebc93 | 876 | self.assertEqual(data['name'], 'example.com.') |
7c0ba3d2 | 877 | |
486210b8 PD |
878 | def test_get_zone_rrset(self): |
879 | rz = self.session.get(self.url("/api/v1/servers/localhost/zones")) | |
880 | domains = rz.json() | |
881 | example_com = [domain for domain in domains if domain['name'] == u'example.com.'][0] | |
882 | ||
883 | # verify single record from name that has a single record | |
c43b2d23 | 884 | data = self.get_zone(example_com['id'], rrset_name="host-18000.example.com.") |
486210b8 PD |
885 | for k in ('id', 'url', 'name', 'masters', 'kind', 'last_check', 'notified_serial', 'serial', 'rrsets'): |
886 | self.assertIn(k, data) | |
887 | self.assertEqual(data['rrsets'], | |
888 | [ | |
889 | { | |
890 | 'comments': [], | |
891 | 'name': 'host-18000.example.com.', | |
892 | 'records': | |
893 | [ | |
894 | { | |
895 | 'content': '192.168.1.80', | |
896 | 'disabled': False | |
897 | } | |
898 | ], | |
899 | 'ttl': 120, | |
900 | 'type': 'A' | |
901 | } | |
902 | ] | |
903 | ) | |
904 | ||
905 | # verify two RRsets from a name that has two types with one record each | |
906 | powerdnssec_org = [domain for domain in domains if domain['name'] == u'powerdnssec.org.'][0] | |
c43b2d23 | 907 | data = self.get_zone(powerdnssec_org['id'], rrset_name="localhost.powerdnssec.org.") |
486210b8 PD |
908 | for k in ('id', 'url', 'name', 'masters', 'kind', 'last_check', 'notified_serial', 'serial', 'rrsets'): |
909 | self.assertIn(k, data) | |
910 | self.assertEqual(sorted(data['rrsets'], key=operator.itemgetter('type')), | |
911 | [ | |
912 | { | |
913 | 'comments': [], | |
914 | 'name': 'localhost.powerdnssec.org.', | |
915 | 'records': | |
916 | [ | |
917 | { | |
918 | 'content': '127.0.0.1', | |
919 | 'disabled': False | |
920 | } | |
921 | ], | |
922 | 'ttl': 3600, | |
923 | 'type': 'A' | |
924 | }, | |
925 | { | |
926 | 'comments': [], | |
927 | 'name': 'localhost.powerdnssec.org.', | |
928 | 'records': | |
929 | [ | |
930 | { | |
931 | 'content': '::1', | |
932 | 'disabled': False | |
933 | } | |
934 | ], | |
935 | 'ttl': 3600, | |
936 | 'type': 'AAAA' | |
937 | }, | |
938 | ] | |
939 | ) | |
940 | ||
941 | # verify one RRset with one record from a name that has two, then filtered by type | |
c43b2d23 | 942 | data = self.get_zone(powerdnssec_org['id'], rrset_name="localhost.powerdnssec.org.", rrset_type="AAAA") |
486210b8 PD |
943 | for k in ('id', 'url', 'name', 'masters', 'kind', 'last_check', 'notified_serial', 'serial', 'rrsets'): |
944 | self.assertIn(k, data) | |
945 | self.assertEqual(data['rrsets'], | |
946 | [ | |
947 | { | |
948 | 'comments': [], | |
949 | 'name': 'localhost.powerdnssec.org.', | |
950 | 'records': | |
951 | [ | |
952 | { | |
953 | 'content': '::1', | |
954 | 'disabled': False | |
955 | } | |
956 | ], | |
957 | 'ttl': 3600, | |
958 | 'type': 'AAAA' | |
959 | } | |
960 | ] | |
961 | ) | |
962 | ||
0f0e73fe | 963 | def test_import_zone_broken(self): |
646bcd7d CH |
964 | payload = { |
965 | 'name': 'powerdns-broken.com', | |
966 | 'kind': 'Master', | |
967 | 'nameservers': [], | |
968 | } | |
0f0e73fe MS |
969 | payload['zone'] = """ |
970 | ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58571 | |
971 | flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 | |
972 | ;; WARNING: recursion requested but not available | |
973 | ||
974 | ;; OPT PSEUDOSECTION: | |
975 | ; EDNS: version: 0, flags:; udp: 1680 | |
976 | ;; QUESTION SECTION: | |
977 | ;powerdns.com. IN SOA | |
978 | ||
979 | ;; ANSWER SECTION: | |
980 | powerdns-broken.com. 86400 IN SOA powerdnssec1.ds9a.nl. ahu.ds9a.nl. 1343746984 10800 3600 604800 10800 | |
981 | powerdns-broken.com. 3600 IN NS powerdnssec2.ds9a.nl. | |
982 | powerdns-broken.com. 3600 IN AAAA 2001:888:2000:1d::2 | |
983 | powerdns-broken.com. 86400 IN A 82.94.213.34 | |
984 | powerdns-broken.com. 3600 IN MX 0 xs.powerdns.com. | |
985 | powerdns-broken.com. 3600 IN NS powerdnssec1.ds9a.nl. | |
986 | powerdns-broken.com. 86400 IN SOA powerdnssec1.ds9a.nl. ahu.ds9a.nl. 1343746984 10800 3600 604800 10800 | |
987 | """ | |
0f0e73fe | 988 | r = self.session.post( |
46d06a12 | 989 | self.url("/api/v1/servers/localhost/zones"), |
0f0e73fe MS |
990 | data=json.dumps(payload), |
991 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 992 | self.assertEqual(r.status_code, 422) |
0f0e73fe | 993 | |
1d6b70f9 CH |
994 | def test_import_zone_axfr_outofzone(self): |
995 | # Ensure we don't create out-of-zone records | |
646bcd7d CH |
996 | payload = { |
997 | 'name': unique_zone_name(), | |
998 | 'kind': 'Master', | |
999 | 'nameservers': [], | |
1000 | } | |
1d6b70f9 | 1001 | payload['zone'] = """ |
646bcd7d CH |
1002 | %NAME% 86400 IN SOA powerdnssec1.ds9a.nl. ahu.ds9a.nl. 1343746984 10800 3600 604800 10800 |
1003 | %NAME% 3600 IN NS powerdnssec2.ds9a.nl. | |
1d6b70f9 | 1004 | example.org. 3600 IN AAAA 2001:888:2000:1d::2 |
646bcd7d CH |
1005 | %NAME% 86400 IN SOA powerdnssec1.ds9a.nl. ahu.ds9a.nl. 1343746984 10800 3600 604800 10800 |
1006 | """.replace('%NAME%', payload['name']) | |
1d6b70f9 CH |
1007 | r = self.session.post( |
1008 | self.url("/api/v1/servers/localhost/zones"), | |
1009 | data=json.dumps(payload), | |
1010 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 1011 | self.assertEqual(r.status_code, 422) |
1d6b70f9 CH |
1012 | self.assertEqual(r.json()['error'], 'RRset example.org. IN AAAA: Name is out of zone') |
1013 | ||
0f0e73fe | 1014 | def test_import_zone_axfr(self): |
646bcd7d CH |
1015 | payload = { |
1016 | 'name': 'powerdns.com.', | |
1017 | 'kind': 'Master', | |
1018 | 'nameservers': [], | |
1019 | 'soa_edit_api': '', # turn off so exact SOA comparison works. | |
1020 | } | |
0f0e73fe MS |
1021 | payload['zone'] = """ |
1022 | ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58571 | |
1023 | ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 | |
1024 | ;; WARNING: recursion requested but not available | |
1025 | ||
1026 | ;; OPT PSEUDOSECTION: | |
1027 | ; EDNS: version: 0, flags:; udp: 1680 | |
1028 | ;; QUESTION SECTION: | |
1029 | ;powerdns.com. IN SOA | |
1030 | ||
1031 | ;; ANSWER SECTION: | |
1032 | powerdns.com. 86400 IN SOA powerdnssec1.ds9a.nl. ahu.ds9a.nl. 1343746984 10800 3600 604800 10800 | |
1033 | powerdns.com. 3600 IN NS powerdnssec2.ds9a.nl. | |
1034 | powerdns.com. 3600 IN AAAA 2001:888:2000:1d::2 | |
1035 | powerdns.com. 86400 IN A 82.94.213.34 | |
1036 | powerdns.com. 3600 IN MX 0 xs.powerdns.com. | |
1037 | powerdns.com. 3600 IN NS powerdnssec1.ds9a.nl. | |
1038 | powerdns.com. 86400 IN SOA powerdnssec1.ds9a.nl. ahu.ds9a.nl. 1343746984 10800 3600 604800 10800 | |
1039 | """ | |
0f0e73fe | 1040 | r = self.session.post( |
46d06a12 | 1041 | self.url("/api/v1/servers/localhost/zones"), |
0f0e73fe MS |
1042 | data=json.dumps(payload), |
1043 | headers={'content-type': 'application/json'}) | |
1044 | self.assert_success_json(r) | |
1045 | data = r.json() | |
1046 | self.assertIn('name', data) | |
0f0e73fe | 1047 | |
90568eb2 MS |
1048 | expected = { |
1049 | 'NS': [ | |
6754ef71 CH |
1050 | {'content': 'powerdnssec1.ds9a.nl.'}, |
1051 | {'content': 'powerdnssec2.ds9a.nl.'}, | |
1052 | ], | |
90568eb2 | 1053 | 'SOA': [ |
6754ef71 CH |
1054 | {'content': 'powerdnssec1.ds9a.nl. ahu.ds9a.nl. 1343746984 10800 3600 604800 10800'}, |
1055 | ], | |
90568eb2 | 1056 | 'MX': [ |
6754ef71 CH |
1057 | {'content': '0 xs.powerdns.com.'}, |
1058 | ], | |
90568eb2 | 1059 | 'A': [ |
6754ef71 CH |
1060 | {'content': '82.94.213.34', 'name': 'powerdns.com.'}, |
1061 | ], | |
90568eb2 | 1062 | 'AAAA': [ |
6754ef71 CH |
1063 | {'content': '2001:888:2000:1d::2', 'name': 'powerdns.com.'}, |
1064 | ], | |
90568eb2 | 1065 | } |
0f0e73fe | 1066 | |
6754ef71 | 1067 | eq_zone_rrsets(data['rrsets'], expected) |
1d6b70f9 | 1068 | |
d1b98434 PD |
1069 | if not is_auth_lmdb(): |
1070 | # check content in DB is stored WITHOUT trailing dot. | |
1071 | dbrecs = get_db_records(payload['name'], 'NS') | |
1072 | dbrec = next((dbrec for dbrec in dbrecs if dbrec['content'].startswith('powerdnssec1'))) | |
1073 | self.assertEqual(dbrec['content'], 'powerdnssec1.ds9a.nl') | |
0f0e73fe MS |
1074 | |
1075 | def test_import_zone_bind(self): | |
646bcd7d CH |
1076 | payload = { |
1077 | 'name': 'example.org.', | |
1078 | 'kind': 'Master', | |
1079 | 'nameservers': [], | |
1080 | 'soa_edit_api': '', # turn off so exact SOA comparison works. | |
1081 | } | |
0f0e73fe MS |
1082 | payload['zone'] = """ |
1083 | $TTL 86400 ; 24 hours could have been written as 24h or 1d | |
1084 | ; $TTL used for all RRs without explicit TTL value | |
1085 | $ORIGIN example.org. | |
1086 | @ 1D IN SOA ns1.example.org. hostmaster.example.org. ( | |
1087 | 2002022401 ; serial | |
1088 | 3H ; refresh | |
1089 | 15 ; retry | |
1090 | 1w ; expire | |
1091 | 3h ; minimum | |
1092 | ) | |
1093 | IN NS ns1.example.org. ; in the domain | |
1094 | IN NS ns2.smokeyjoe.com. ; external to domain | |
1095 | IN MX 10 mail.another.com. ; external mail provider | |
1096 | ; server host definitions | |
1d6b70f9 | 1097 | ns1 IN A 192.168.0.1 ;name server definition |
0f0e73fe MS |
1098 | www IN A 192.168.0.2 ;web server definition |
1099 | ftp IN CNAME www.example.org. ;ftp server definition | |
1100 | ; non server domain hosts | |
1101 | bill IN A 192.168.0.3 | |
1d6b70f9 | 1102 | fred IN A 192.168.0.4 |
0f0e73fe | 1103 | """ |
0f0e73fe | 1104 | r = self.session.post( |
46d06a12 | 1105 | self.url("/api/v1/servers/localhost/zones"), |
0f0e73fe MS |
1106 | data=json.dumps(payload), |
1107 | headers={'content-type': 'application/json'}) | |
1108 | self.assert_success_json(r) | |
1109 | data = r.json() | |
1110 | self.assertIn('name', data) | |
0f0e73fe | 1111 | |
90568eb2 MS |
1112 | expected = { |
1113 | 'NS': [ | |
6754ef71 CH |
1114 | {'content': 'ns1.example.org.'}, |
1115 | {'content': 'ns2.smokeyjoe.com.'}, | |
1116 | ], | |
90568eb2 | 1117 | 'SOA': [ |
6754ef71 CH |
1118 | {'content': 'ns1.example.org. hostmaster.example.org. 2002022401 10800 15 604800 10800'}, |
1119 | ], | |
90568eb2 | 1120 | 'MX': [ |
6754ef71 CH |
1121 | {'content': '10 mail.another.com.'}, |
1122 | ], | |
90568eb2 | 1123 | 'A': [ |
6754ef71 CH |
1124 | {'content': '192.168.0.1', 'name': 'ns1.example.org.'}, |
1125 | {'content': '192.168.0.2', 'name': 'www.example.org.'}, | |
1126 | {'content': '192.168.0.3', 'name': 'bill.example.org.'}, | |
1127 | {'content': '192.168.0.4', 'name': 'fred.example.org.'}, | |
1128 | ], | |
90568eb2 | 1129 | 'CNAME': [ |
6754ef71 CH |
1130 | {'content': 'www.example.org.', 'name': 'ftp.example.org.'}, |
1131 | ], | |
90568eb2 | 1132 | } |
0f0e73fe | 1133 | |
6754ef71 | 1134 | eq_zone_rrsets(data['rrsets'], expected) |
0f0e73fe | 1135 | |
646bcd7d CH |
1136 | def test_import_zone_bind_cname_apex(self): |
1137 | payload = { | |
1138 | 'name': unique_zone_name(), | |
1139 | 'kind': 'Master', | |
1140 | 'nameservers': [], | |
1141 | } | |
1142 | payload['zone'] = """ | |
1143 | $ORIGIN %NAME% | |
1144 | @ IN SOA ns1.example.org. hostmaster.example.org. (2002022401 3H 15 1W 3H) | |
1145 | @ IN NS ns1.example.org. | |
1146 | @ IN NS ns2.smokeyjoe.com. | |
1147 | @ IN CNAME www.example.org. | |
1148 | """.replace('%NAME%', payload['name']) | |
1149 | r = self.session.post( | |
1150 | self.url("/api/v1/servers/localhost/zones"), | |
1151 | data=json.dumps(payload), | |
1152 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 1153 | self.assertEqual(r.status_code, 422) |
646bcd7d CH |
1154 | self.assertIn('Conflicts with another RRset', r.json()['error']) |
1155 | ||
c1374bdb | 1156 | def test_export_zone_json(self): |
6754ef71 | 1157 | name, payload, zone = self.create_zone(nameservers=['ns1.foo.com.', 'ns2.foo.com.'], soa_edit_api='') |
a83004d3 CH |
1158 | # export it |
1159 | r = self.session.get( | |
46d06a12 | 1160 | self.url("/api/v1/servers/localhost/zones/" + name + "/export"), |
a83004d3 CH |
1161 | headers={'accept': 'application/json;q=0.9,*/*;q=0.8'} |
1162 | ) | |
c1374bdb | 1163 | self.assert_success_json(r) |
a83004d3 CH |
1164 | data = r.json() |
1165 | self.assertIn('zone', data) | |
ba2a1254 DK |
1166 | expected_data = [name + '\t3600\tIN\tNS\tns1.foo.com.', |
1167 | name + '\t3600\tIN\tNS\tns2.foo.com.', | |
f527c6ff | 1168 | name + '\t3600\tIN\tSOA\ta.misconfigured.dns.server.invalid. hostmaster.' + name + |
1d6b70f9 | 1169 | ' 0 10800 3600 604800 3600'] |
7386e38f | 1170 | self.assertCountEqual(data['zone'].strip().split('\n'), expected_data) |
a83004d3 | 1171 | |
8db3d7a6 CH |
1172 | def test_import_zone_consumer(self): |
1173 | zonestring = """ | |
1174 | $NAME$ 1D IN SOA ns1.example.org. hostmaster.example.org. ( | |
1175 | 2002022401 ; serial | |
1176 | 3H ; refresh | |
1177 | 15 ; retry | |
1178 | 1w ; expire | |
1179 | 3h ; minimum | |
1180 | ) | |
1181 | """ | |
1182 | self.create_zone(kind="Consumer", nameservers=[], zone=zonestring, expect_error="Zone data MUST NOT be given for Consumer zones") | |
1183 | ||
c1374bdb | 1184 | def test_export_zone_text(self): |
6754ef71 | 1185 | name, payload, zone = self.create_zone(nameservers=['ns1.foo.com.', 'ns2.foo.com.'], soa_edit_api='') |
a83004d3 CH |
1186 | # export it |
1187 | r = self.session.get( | |
46d06a12 | 1188 | self.url("/api/v1/servers/localhost/zones/" + name + "/export"), |
a83004d3 CH |
1189 | headers={'accept': '*/*'} |
1190 | ) | |
1191 | data = r.text.strip().split("\n") | |
ba2a1254 DK |
1192 | expected_data = [name + '\t3600\tIN\tNS\tns1.foo.com.', |
1193 | name + '\t3600\tIN\tNS\tns2.foo.com.', | |
f527c6ff | 1194 | name + '\t3600\tIN\tSOA\ta.misconfigured.dns.server.invalid. hostmaster.' + name + |
1d6b70f9 | 1195 | ' 0 10800 3600 604800 3600'] |
7386e38f | 1196 | self.assertCountEqual(data, expected_data) |
a83004d3 | 1197 | |
c1374bdb | 1198 | def test_update_zone(self): |
6754ef71 | 1199 | name, payload, zone = self.create_zone() |
bee2acae | 1200 | name = payload['name'] |
d29d5db7 | 1201 | # update, set as Master and enable SOA-EDIT-API |
7c0ba3d2 CH |
1202 | payload = { |
1203 | 'kind': 'Master', | |
c1374bdb | 1204 | 'masters': ['192.0.2.1', '192.0.2.2'], |
a0930e45 | 1205 | 'catalog': 'catalog.invalid.', |
6bb25159 MS |
1206 | 'soa_edit_api': 'EPOCH', |
1207 | 'soa_edit': 'EPOCH' | |
7c0ba3d2 | 1208 | } |
2f3f66e4 | 1209 | self.put_zone(name, payload) |
c43b2d23 | 1210 | data = self.get_zone(name) |
7c0ba3d2 CH |
1211 | for k in payload.keys(): |
1212 | self.assertIn(k, data) | |
4bfebc93 | 1213 | self.assertEqual(data[k], payload[k]) |
d29d5db7 | 1214 | # update, back to Native and empty(off) |
7c0ba3d2 | 1215 | payload = { |
d29d5db7 | 1216 | 'kind': 'Native', |
a0930e45 | 1217 | 'catalog': '', |
6bb25159 MS |
1218 | 'soa_edit_api': '', |
1219 | 'soa_edit': '' | |
7c0ba3d2 | 1220 | } |
2f3f66e4 | 1221 | self.put_zone(name, payload) |
c43b2d23 | 1222 | data = self.get_zone(name) |
7c0ba3d2 CH |
1223 | for k in payload.keys(): |
1224 | self.assertIn(k, data) | |
4bfebc93 | 1225 | self.assertEqual(data[k], payload[k]) |
b3905a3d | 1226 | |
c1374bdb | 1227 | def test_zone_rr_update(self): |
6754ef71 | 1228 | name, payload, zone = self.create_zone() |
b3905a3d | 1229 | # do a replace (= update) |
d708640f | 1230 | rrset = { |
b3905a3d CH |
1231 | 'changetype': 'replace', |
1232 | 'name': name, | |
8ce0dc75 | 1233 | 'type': 'ns', |
6754ef71 | 1234 | 'ttl': 3600, |
b3905a3d CH |
1235 | 'records': [ |
1236 | { | |
1d6b70f9 | 1237 | "content": "ns1.bar.com.", |
cea26350 CH |
1238 | "disabled": False |
1239 | }, | |
1240 | { | |
1d6b70f9 | 1241 | "content": "ns2-disabled.bar.com.", |
cea26350 | 1242 | "disabled": True |
b3905a3d CH |
1243 | } |
1244 | ] | |
1245 | } | |
d708640f | 1246 | payload = {'rrsets': [rrset]} |
b3905a3d | 1247 | r = self.session.patch( |
46d06a12 | 1248 | self.url("/api/v1/servers/localhost/zones/" + name), |
b3905a3d CH |
1249 | data=json.dumps(payload), |
1250 | headers={'content-type': 'application/json'}) | |
f0e76cee | 1251 | self.assert_success(r) |
b3905a3d | 1252 | # verify that (only) the new record is there |
c43b2d23 | 1253 | data = self.get_zone(name) |
7386e38f | 1254 | self.assertCountEqual(get_rrset(data, name, 'NS')['records'], rrset['records']) |
b3905a3d | 1255 | |
c1374bdb | 1256 | def test_zone_rr_update_mx(self): |
05cf6a71 | 1257 | # Important to test with MX records, as they have a priority field, which must end up in the content field. |
6754ef71 | 1258 | name, payload, zone = self.create_zone() |
41e3b10e | 1259 | # do a replace (= update) |
d708640f | 1260 | rrset = { |
41e3b10e CH |
1261 | 'changetype': 'replace', |
1262 | 'name': name, | |
1263 | 'type': 'MX', | |
6754ef71 | 1264 | 'ttl': 3600, |
41e3b10e CH |
1265 | 'records': [ |
1266 | { | |
1d6b70f9 | 1267 | "content": "10 mail.example.org.", |
41e3b10e CH |
1268 | "disabled": False |
1269 | } | |
1270 | ] | |
1271 | } | |
d708640f | 1272 | payload = {'rrsets': [rrset]} |
41e3b10e | 1273 | r = self.session.patch( |
46d06a12 | 1274 | self.url("/api/v1/servers/localhost/zones/" + name), |
41e3b10e CH |
1275 | data=json.dumps(payload), |
1276 | headers={'content-type': 'application/json'}) | |
f0e76cee | 1277 | self.assert_success(r) |
41e3b10e | 1278 | # verify that (only) the new record is there |
c43b2d23 | 1279 | data = self.get_zone(name) |
4bfebc93 | 1280 | self.assertEqual(get_rrset(data, name, 'MX')['records'], rrset['records']) |
d708640f | 1281 | |
81950930 CHB |
1282 | def test_zone_rr_update_invalid_mx(self): |
1283 | name, payload, zone = self.create_zone() | |
1284 | # do a replace (= update) | |
1285 | rrset = { | |
1286 | 'changetype': 'replace', | |
1287 | 'name': name, | |
1288 | 'type': 'MX', | |
1289 | 'ttl': 3600, | |
1290 | 'records': [ | |
1291 | { | |
1292 | "content": "10 mail@mx.example.org.", | |
1293 | "disabled": False | |
1294 | } | |
1295 | ] | |
1296 | } | |
1297 | payload = {'rrsets': [rrset]} | |
1298 | r = self.session.patch( | |
1299 | self.url("/api/v1/servers/localhost/zones/" + name), | |
1300 | data=json.dumps(payload), | |
1301 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 1302 | self.assertEqual(r.status_code, 422) |
97c8ea81 | 1303 | self.assertIn('non-hostname content', r.json()['error']) |
c43b2d23 | 1304 | data = self.get_zone(name) |
81950930 CHB |
1305 | self.assertIsNone(get_rrset(data, name, 'MX')) |
1306 | ||
a53b24d0 CHB |
1307 | def test_zone_rr_update_opt(self): |
1308 | name, payload, zone = self.create_zone() | |
1309 | # do a replace (= update) | |
1310 | rrset = { | |
1311 | 'changetype': 'replace', | |
1312 | 'name': name, | |
1313 | 'type': 'OPT', | |
1314 | 'ttl': 3600, | |
1315 | 'records': [ | |
1316 | { | |
1317 | "content": "9", | |
1318 | "disabled": False | |
1319 | } | |
1320 | ] | |
1321 | } | |
1322 | payload = {'rrsets': [rrset]} | |
1323 | r = self.session.patch( | |
1324 | self.url("/api/v1/servers/localhost/zones/" + name), | |
1325 | data=json.dumps(payload), | |
1326 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 1327 | self.assertEqual(r.status_code, 422) |
a53b24d0 CHB |
1328 | self.assertIn('OPT: invalid type given', r.json()['error']) |
1329 | ||
c1374bdb | 1330 | def test_zone_rr_update_multiple_rrsets(self): |
6754ef71 | 1331 | name, payload, zone = self.create_zone() |
d708640f CH |
1332 | rrset1 = { |
1333 | 'changetype': 'replace', | |
1334 | 'name': name, | |
1335 | 'type': 'NS', | |
6754ef71 | 1336 | 'ttl': 3600, |
d708640f CH |
1337 | 'records': [ |
1338 | { | |
6754ef71 | 1339 | |
1d6b70f9 | 1340 | "content": "ns9999.example.com.", |
d708640f CH |
1341 | "disabled": False |
1342 | } | |
1343 | ] | |
1344 | } | |
1345 | rrset2 = { | |
1346 | 'changetype': 'replace', | |
1347 | 'name': name, | |
1348 | 'type': 'MX', | |
6754ef71 | 1349 | 'ttl': 3600, |
d708640f CH |
1350 | 'records': [ |
1351 | { | |
1d6b70f9 | 1352 | "content": "10 mx444.example.com.", |
d708640f CH |
1353 | "disabled": False |
1354 | } | |
1355 | ] | |
1356 | } | |
1357 | payload = {'rrsets': [rrset1, rrset2]} | |
1358 | r = self.session.patch( | |
46d06a12 | 1359 | self.url("/api/v1/servers/localhost/zones/" + name), |
d708640f CH |
1360 | data=json.dumps(payload), |
1361 | headers={'content-type': 'application/json'}) | |
f0e76cee | 1362 | self.assert_success(r) |
d708640f | 1363 | # verify that all rrsets have been updated |
c43b2d23 | 1364 | data = self.get_zone(name) |
4bfebc93 CH |
1365 | self.assertEqual(get_rrset(data, name, 'NS')['records'], rrset1['records']) |
1366 | self.assertEqual(get_rrset(data, name, 'MX')['records'], rrset2['records']) | |
41e3b10e | 1367 | |
e3675a8a CH |
1368 | def test_zone_rr_update_duplicate_record(self): |
1369 | name, payload, zone = self.create_zone() | |
1370 | rrset = { | |
1371 | 'changetype': 'replace', | |
1372 | 'name': name, | |
1373 | 'type': 'NS', | |
1374 | 'ttl': 3600, | |
1375 | 'records': [ | |
1376 | {"content": "ns9999.example.com.", "disabled": False}, | |
1377 | {"content": "ns9996.example.com.", "disabled": False}, | |
1378 | {"content": "ns9987.example.com.", "disabled": False}, | |
1379 | {"content": "ns9988.example.com.", "disabled": False}, | |
1380 | {"content": "ns9999.example.com.", "disabled": False}, | |
1381 | ] | |
1382 | } | |
1383 | payload = {'rrsets': [rrset]} | |
1384 | r = self.session.patch( | |
1385 | self.url("/api/v1/servers/localhost/zones/" + name), | |
1386 | data=json.dumps(payload), | |
1387 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 1388 | self.assertEqual(r.status_code, 422) |
e3675a8a CH |
1389 | self.assertIn('Duplicate record in RRset', r.json()['error']) |
1390 | ||
90904988 PD |
1391 | def test_zone_rr_update_duplicate_rrset(self): |
1392 | name, payload, zone = self.create_zone() | |
1393 | rrset1 = { | |
1394 | 'changetype': 'replace', | |
1395 | 'name': name, | |
1396 | 'type': 'NS', | |
1397 | 'ttl': 3600, | |
1398 | 'records': [ | |
1399 | { | |
1400 | "content": "ns9999.example.com.", | |
1401 | "disabled": False | |
1402 | } | |
1403 | ] | |
1404 | } | |
1405 | rrset2 = { | |
1406 | 'changetype': 'replace', | |
1407 | 'name': name, | |
1408 | 'type': 'NS', | |
1409 | 'ttl': 3600, | |
1410 | 'records': [ | |
1411 | { | |
1412 | "content": "ns9998.example.com.", | |
1413 | "disabled": False | |
1414 | } | |
1415 | ] | |
1416 | } | |
1417 | payload = {'rrsets': [rrset1, rrset2]} | |
1418 | r = self.session.patch( | |
1419 | self.url("/api/v1/servers/localhost/zones/" + name), | |
1420 | data=json.dumps(payload), | |
1421 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 1422 | self.assertEqual(r.status_code, 422) |
90904988 PD |
1423 | self.assertIn('Duplicate RRset', r.json()['error']) |
1424 | ||
c1374bdb | 1425 | def test_zone_rr_delete(self): |
6754ef71 | 1426 | name, payload, zone = self.create_zone() |
b3905a3d | 1427 | # do a delete of all NS records (these are created with the zone) |
d708640f | 1428 | rrset = { |
b3905a3d CH |
1429 | 'changetype': 'delete', |
1430 | 'name': name, | |
1431 | 'type': 'NS' | |
1432 | } | |
d708640f | 1433 | payload = {'rrsets': [rrset]} |
b3905a3d | 1434 | r = self.session.patch( |
46d06a12 | 1435 | self.url("/api/v1/servers/localhost/zones/" + name), |
b3905a3d CH |
1436 | data=json.dumps(payload), |
1437 | headers={'content-type': 'application/json'}) | |
f0e76cee | 1438 | self.assert_success(r) |
b3905a3d | 1439 | # verify that the records are gone |
c43b2d23 | 1440 | data = self.get_zone(name) |
6754ef71 | 1441 | self.assertIsNone(get_rrset(data, name, 'NS')) |
cea26350 | 1442 | |
e732e9cc JE |
1443 | def test_zone_rr_update_rrset_combine_replace_and_delete(self): |
1444 | name, payload, zone = self.create_zone() | |
1445 | rrset1 = { | |
1446 | 'changetype': 'delete', | |
1447 | 'name': 'sub.' + name, | |
1448 | 'type': 'CNAME', | |
1449 | } | |
1450 | rrset2 = { | |
1451 | 'changetype': 'replace', | |
1452 | 'name': 'sub.' + name, | |
1453 | 'type': 'CNAME', | |
1454 | 'ttl': 500, | |
1455 | 'records': [ | |
1456 | { | |
1457 | "content": "www.example.org.", | |
1458 | "disabled": False | |
1459 | } | |
1460 | ] | |
1461 | } | |
1462 | payload = {'rrsets': [rrset1, rrset2]} | |
1463 | r = self.session.patch( | |
1464 | self.url("/api/v1/servers/localhost/zones/" + name), | |
1465 | data=json.dumps(payload), | |
1466 | headers={'content-type': 'application/json'}) | |
1467 | self.assert_success(r) | |
1468 | # verify that (only) the new record is there | |
c43b2d23 | 1469 | data = self.get_zone(name) |
4bfebc93 | 1470 | self.assertEqual(get_rrset(data, 'sub.' + name, 'CNAME')['records'], rrset2['records']) |
e732e9cc | 1471 | |
c1374bdb | 1472 | def test_zone_disable_reenable(self): |
d29d5db7 | 1473 | # This also tests that SOA-EDIT-API works. |
6754ef71 | 1474 | name, payload, zone = self.create_zone(soa_edit_api='EPOCH') |
cea26350 | 1475 | # disable zone by disabling SOA |
d708640f | 1476 | rrset = { |
cea26350 CH |
1477 | 'changetype': 'replace', |
1478 | 'name': name, | |
1479 | 'type': 'SOA', | |
6754ef71 | 1480 | 'ttl': 3600, |
cea26350 CH |
1481 | 'records': [ |
1482 | { | |
1d6b70f9 | 1483 | "content": "ns1.bar.com. hostmaster.foo.org. 1 1 1 1 1", |
cea26350 CH |
1484 | "disabled": True |
1485 | } | |
1486 | ] | |
1487 | } | |
d708640f | 1488 | payload = {'rrsets': [rrset]} |
cea26350 | 1489 | r = self.session.patch( |
46d06a12 | 1490 | self.url("/api/v1/servers/localhost/zones/" + name), |
cea26350 CH |
1491 | data=json.dumps(payload), |
1492 | headers={'content-type': 'application/json'}) | |
f0e76cee | 1493 | self.assert_success(r) |
d29d5db7 | 1494 | # check SOA serial has been edited |
c43b2d23 | 1495 | data = self.get_zone(name) |
f0e76cee | 1496 | soa_serial1 = get_first_rec(data, name, 'SOA')['content'].split()[2] |
4bfebc93 | 1497 | self.assertNotEqual(soa_serial1, '1') |
d29d5db7 | 1498 | # make sure domain is still in zone list (disabled SOA!) |
46d06a12 | 1499 | r = self.session.get(self.url("/api/v1/servers/localhost/zones")) |
cea26350 | 1500 | domains = r.json() |
4bfebc93 | 1501 | self.assertEqual(len([domain for domain in domains if domain['name'] == name]), 1) |
d29d5db7 CH |
1502 | # sleep 1sec to ensure the EPOCH value changes for the next request |
1503 | time.sleep(1) | |
cea26350 | 1504 | # verify that modifying it still works |
d708640f CH |
1505 | rrset['records'][0]['disabled'] = False |
1506 | payload = {'rrsets': [rrset]} | |
cea26350 | 1507 | r = self.session.patch( |
46d06a12 | 1508 | self.url("/api/v1/servers/localhost/zones/" + name), |
cea26350 CH |
1509 | data=json.dumps(payload), |
1510 | headers={'content-type': 'application/json'}) | |
f0e76cee | 1511 | self.assert_success(r) |
d29d5db7 | 1512 | # check SOA serial has been edited again |
c43b2d23 | 1513 | data = self.get_zone(name) |
f0e76cee | 1514 | soa_serial2 = get_first_rec(data, name, 'SOA')['content'].split()[2] |
4bfebc93 CH |
1515 | self.assertNotEqual(soa_serial2, '1') |
1516 | self.assertNotEqual(soa_serial2, soa_serial1) | |
02945d9a | 1517 | |
c1374bdb | 1518 | def test_zone_rr_update_out_of_zone(self): |
6754ef71 | 1519 | name, payload, zone = self.create_zone() |
35f26cc5 | 1520 | # replace with qname mismatch |
d708640f | 1521 | rrset = { |
35f26cc5 | 1522 | 'changetype': 'replace', |
1d6b70f9 | 1523 | 'name': 'not-in-zone.', |
35f26cc5 | 1524 | 'type': 'NS', |
6754ef71 | 1525 | 'ttl': 3600, |
35f26cc5 CH |
1526 | 'records': [ |
1527 | { | |
1d6b70f9 | 1528 | "content": "ns1.bar.com.", |
35f26cc5 CH |
1529 | "disabled": False |
1530 | } | |
1531 | ] | |
1532 | } | |
d708640f | 1533 | payload = {'rrsets': [rrset]} |
35f26cc5 | 1534 | r = self.session.patch( |
46d06a12 | 1535 | self.url("/api/v1/servers/localhost/zones/" + name), |
35f26cc5 CH |
1536 | data=json.dumps(payload), |
1537 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 1538 | self.assertEqual(r.status_code, 422) |
35f26cc5 CH |
1539 | self.assertIn('out of zone', r.json()['error']) |
1540 | ||
1d6b70f9 | 1541 | def test_zone_rr_update_restricted_chars(self): |
6754ef71 | 1542 | name, payload, zone = self.create_zone() |
1d6b70f9 CH |
1543 | # replace with qname mismatch |
1544 | rrset = { | |
1545 | 'changetype': 'replace', | |
1546 | 'name': 'test:' + name, | |
1547 | 'type': 'NS', | |
6754ef71 | 1548 | 'ttl': 3600, |
1d6b70f9 CH |
1549 | 'records': [ |
1550 | { | |
1d6b70f9 CH |
1551 | "content": "ns1.bar.com.", |
1552 | "disabled": False | |
1553 | } | |
1554 | ] | |
1555 | } | |
1556 | payload = {'rrsets': [rrset]} | |
1557 | r = self.session.patch( | |
1558 | self.url("/api/v1/servers/localhost/zones/" + name), | |
1559 | data=json.dumps(payload), | |
1560 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 1561 | self.assertEqual(r.status_code, 422) |
1d6b70f9 CH |
1562 | self.assertIn('contains unsupported characters', r.json()['error']) |
1563 | ||
24cd86ca | 1564 | def test_rrset_unknown_type(self): |
6754ef71 | 1565 | name, payload, zone = self.create_zone() |
24cd86ca CH |
1566 | rrset = { |
1567 | 'changetype': 'replace', | |
1568 | 'name': name, | |
1569 | 'type': 'FAFAFA', | |
6754ef71 | 1570 | 'ttl': 3600, |
24cd86ca CH |
1571 | 'records': [ |
1572 | { | |
24cd86ca CH |
1573 | "content": "4.3.2.1", |
1574 | "disabled": False | |
1575 | } | |
1576 | ] | |
1577 | } | |
1578 | payload = {'rrsets': [rrset]} | |
46d06a12 | 1579 | r = self.session.patch(self.url("/api/v1/servers/localhost/zones/" + name), data=json.dumps(payload), |
24cd86ca | 1580 | headers={'content-type': 'application/json'}) |
4bfebc93 | 1581 | self.assertEqual(r.status_code, 422) |
24cd86ca CH |
1582 | self.assertIn('unknown type', r.json()['error']) |
1583 | ||
646bcd7d CH |
1584 | @parameterized.expand([ |
1585 | ('CNAME', ), | |
646bcd7d CH |
1586 | ]) |
1587 | def test_rrset_exclusive_and_other(self, qtype): | |
8560f36a CH |
1588 | name, payload, zone = self.create_zone() |
1589 | rrset = { | |
1590 | 'changetype': 'replace', | |
1591 | 'name': name, | |
646bcd7d | 1592 | 'type': qtype, |
8560f36a CH |
1593 | 'ttl': 3600, |
1594 | 'records': [ | |
1595 | { | |
1596 | "content": "example.org.", | |
1597 | "disabled": False | |
1598 | } | |
1599 | ] | |
1600 | } | |
1601 | payload = {'rrsets': [rrset]} | |
1602 | r = self.session.patch(self.url("/api/v1/servers/localhost/zones/" + name), data=json.dumps(payload), | |
1603 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 1604 | self.assertEqual(r.status_code, 422) |
646bcd7d | 1605 | self.assertIn('Conflicts with pre-existing RRset', r.json()['error']) |
8560f36a | 1606 | |
646bcd7d CH |
1607 | @parameterized.expand([ |
1608 | ('CNAME', ), | |
646bcd7d CH |
1609 | ]) |
1610 | def test_rrset_other_and_exclusive(self, qtype): | |
8560f36a CH |
1611 | name, payload, zone = self.create_zone() |
1612 | rrset = { | |
1613 | 'changetype': 'replace', | |
1614 | 'name': 'sub.'+name, | |
646bcd7d | 1615 | 'type': qtype, |
8560f36a CH |
1616 | 'ttl': 3600, |
1617 | 'records': [ | |
1618 | { | |
1619 | "content": "example.org.", | |
1620 | "disabled": False | |
1621 | } | |
1622 | ] | |
1623 | } | |
1624 | payload = {'rrsets': [rrset]} | |
1625 | r = self.session.patch(self.url("/api/v1/servers/localhost/zones/" + name), data=json.dumps(payload), | |
1626 | headers={'content-type': 'application/json'}) | |
1627 | self.assert_success(r) | |
1628 | rrset = { | |
1629 | 'changetype': 'replace', | |
1630 | 'name': 'sub.'+name, | |
1631 | 'type': 'A', | |
1632 | 'ttl': 3600, | |
1633 | 'records': [ | |
1634 | { | |
1635 | "content": "1.2.3.4", | |
1636 | "disabled": False | |
1637 | } | |
1638 | ] | |
1639 | } | |
1640 | payload = {'rrsets': [rrset]} | |
1641 | r = self.session.patch(self.url("/api/v1/servers/localhost/zones/" + name), data=json.dumps(payload), | |
1642 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 1643 | self.assertEqual(r.status_code, 422) |
646bcd7d CH |
1644 | self.assertIn('Conflicts with pre-existing RRset', r.json()['error']) |
1645 | ||
1646 | @parameterized.expand([ | |
2eb206ec KM |
1647 | ('', 'SOA', ['ns1.example.org. test@example.org. 10 10800 3600 604800 3600', 'ns2.example.org. test@example.org. 10 10800 3600 604800 3600']), |
1648 | ('sub.', 'CNAME', ['01.example.org.', '02.example.org.']), | |
646bcd7d | 1649 | ]) |
2eb206ec | 1650 | def test_rrset_single_qtypes(self, label, qtype, contents): |
8b1fa85d RG |
1651 | name, payload, zone = self.create_zone() |
1652 | rrset = { | |
1653 | 'changetype': 'replace', | |
2eb206ec | 1654 | 'name': label + name, |
646bcd7d | 1655 | 'type': qtype, |
8b1fa85d RG |
1656 | 'ttl': 3600, |
1657 | 'records': [ | |
1658 | { | |
646bcd7d | 1659 | "content": contents[0], |
8b1fa85d RG |
1660 | "disabled": False |
1661 | }, | |
1662 | { | |
646bcd7d | 1663 | "content": contents[1], |
8b1fa85d RG |
1664 | "disabled": False |
1665 | } | |
1666 | ] | |
1667 | } | |
1668 | payload = {'rrsets': [rrset]} | |
1669 | r = self.session.patch(self.url("/api/v1/servers/localhost/zones/" + name), data=json.dumps(payload), | |
1670 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 1671 | self.assertEqual(r.status_code, 422) |
646bcd7d | 1672 | self.assertIn('IN ' + qtype + ' has more than one record', r.json()['error']) |
8b1fa85d | 1673 | |
d2b117ec AT |
1674 | def test_rrset_zone_apex(self): |
1675 | name, payload, zone = self.create_zone() | |
1676 | rrset1 = { | |
1677 | 'changetype': 'replace', | |
1678 | 'name': name, | |
1679 | 'type': 'SOA', | |
1680 | 'ttl': 3600, | |
1681 | 'records': [ | |
1682 | { | |
1683 | "content": 'ns1.example.org. test@example.org. 10 10800 3600 604800 3600', | |
1684 | "disabled": False | |
1685 | }, | |
1686 | ] | |
1687 | } | |
1688 | rrset2 = { | |
1689 | 'changetype': 'replace', | |
1690 | 'name': name, | |
1691 | 'type': 'DNAME', | |
1692 | 'ttl': 3600, | |
1693 | 'records': [ | |
1694 | { | |
1695 | "content": 'example.com.', | |
1696 | "disabled": False | |
1697 | }, | |
1698 | ] | |
1699 | } | |
1700 | ||
1701 | payload = {'rrsets': [rrset1, rrset2]} | |
1702 | r = self.session.patch(self.url("/api/v1/servers/localhost/zones/" + name), data=json.dumps(payload), | |
1703 | headers={'content-type': 'application/json'}) | |
1704 | self.assert_success(r) # user should be able to create DNAME at APEX as per RFC 6672 section 2.3 | |
1705 | ||
2eb206ec KM |
1706 | @parameterized.expand([ |
1707 | ('SOA', 'ns1.example.org. test@example.org. 10 10800 3600 604800 1800'), | |
1708 | ('DNSKEY', '257 3 8 AwEAAb/+pXOZWYQ8mv9WM5dFva8WU9jcIUdDuEjldbyfnkQ/xlrJC5zAEfhYhrea3SmIPmMTDimLqbh3/4SMTNPTUF+9+U1vpNfIRTFadqsmuU9Fddz3JqCcYwEpWbReg6DJOeyu+9oBoIQkPxFyLtIXEPGlQzrynKubn04Cx83I6NfzDTraJT3jLHKeW5PVc1ifqKzHz5TXdHHTA7NkJAa0sPcZCoNE1LpnJI/wcUpRUiuQhoLFeT1E432GuPuZ7y+agElGj0NnBxEgnHrhrnZWUbULpRa/il+Cr5Taj988HqX9Xdm6FjcP4Lbuds/44U7U8du224Q8jTrZ57Yvj4VDQKc='), | |
2eb206ec KM |
1709 | ]) |
1710 | def test_only_at_apex(self, qtype, content): | |
1711 | name, payload, zone = self.create_zone(soa_edit_api='') | |
1712 | rrset = { | |
1713 | 'changetype': 'replace', | |
1714 | 'name': name, | |
1715 | 'type': qtype, | |
1716 | 'ttl': 3600, | |
1717 | 'records': [ | |
1718 | { | |
1719 | "content": content, | |
1720 | "disabled": False | |
1721 | }, | |
1722 | ] | |
1723 | } | |
1724 | payload = {'rrsets': [rrset]} | |
1725 | r = self.session.patch( | |
1726 | self.url("/api/v1/servers/localhost/zones/" + name), | |
1727 | data=json.dumps(payload), | |
1728 | headers={'content-type': 'application/json'}) | |
1729 | self.assert_success(r) | |
1730 | # verify that the new record is there | |
c43b2d23 | 1731 | data = self.get_zone(name) |
2eb206ec KM |
1732 | self.assertEqual(get_rrset(data, name, qtype)['records'], rrset['records']) |
1733 | ||
1734 | rrset = { | |
1735 | 'changetype': 'replace', | |
1736 | 'name': 'sub.' + name, | |
1737 | 'type': qtype, | |
1738 | 'ttl': 3600, | |
1739 | 'records': [ | |
1740 | { | |
1741 | "content": content, | |
1742 | "disabled": False | |
1743 | }, | |
1744 | ] | |
1745 | } | |
1746 | payload = {'rrsets': [rrset]} | |
1747 | r = self.session.patch(self.url("/api/v1/servers/localhost/zones/" + name), data=json.dumps(payload), | |
1748 | headers={'content-type': 'application/json'}) | |
1749 | self.assertEqual(r.status_code, 422) | |
1750 | self.assertIn('only allowed at apex', r.json()['error']) | |
c43b2d23 | 1751 | data = self.get_zone(name) |
2eb206ec KM |
1752 | self.assertIsNone(get_rrset(data, 'sub.' + name, qtype)) |
1753 | ||
1754 | @parameterized.expand([ | |
1755 | ('DS', '44030 8 2 d4c3d5552b8679faeebc317e5f048b614b2e5f607dc57f1553182d49ab2179f7'), | |
1756 | ]) | |
1757 | def test_not_allowed_at_apex(self, qtype, content): | |
1758 | name, payload, zone = self.create_zone() | |
1759 | rrset = { | |
1760 | 'changetype': 'replace', | |
1761 | 'name': name, | |
1762 | 'type': qtype, | |
1763 | 'ttl': 3600, | |
1764 | 'records': [ | |
1765 | { | |
1766 | "content": content, | |
1767 | "disabled": False | |
1768 | }, | |
1769 | ] | |
1770 | } | |
1771 | payload = {'rrsets': [rrset]} | |
1772 | r = self.session.patch(self.url("/api/v1/servers/localhost/zones/" + name), data=json.dumps(payload), | |
1773 | headers={'content-type': 'application/json'}) | |
1774 | self.assertEqual(r.status_code, 422) | |
1775 | self.assertIn('not allowed at apex', r.json()['error']) | |
c43b2d23 | 1776 | data = self.get_zone(name) |
2eb206ec KM |
1777 | self.assertIsNone(get_rrset(data, 'sub.' + name, qtype)) |
1778 | ||
1779 | rrset = { | |
1780 | 'changetype': 'replace', | |
1781 | 'name': 'sub.' + name, | |
1782 | 'type': qtype, | |
1783 | 'ttl': 3600, | |
1784 | 'records': [ | |
1785 | { | |
1786 | "content": content, | |
1787 | "disabled": False | |
1788 | }, | |
1789 | ] | |
1790 | } | |
1791 | payload = {'rrsets': [rrset]} | |
1792 | r = self.session.patch( | |
1793 | self.url("/api/v1/servers/localhost/zones/" + name), | |
1794 | data=json.dumps(payload), | |
1795 | headers={'content-type': 'application/json'}) | |
1796 | self.assert_success(r) | |
1797 | # verify that the new record is there | |
c43b2d23 | 1798 | data = self.get_zone(name) |
2eb206ec KM |
1799 | self.assertEqual(get_rrset(data, 'sub.' + name, qtype)['records'], rrset['records']) |
1800 | ||
0ab5d78e PL |
1801 | def test_rr_svcb(self): |
1802 | name, payload, zone = self.create_zone() | |
1803 | rrset = { | |
1804 | 'changetype': 'replace', | |
1805 | 'name': 'svcb.' + name, | |
1806 | 'type': 'SVCB', | |
1807 | 'ttl': 3600, | |
1808 | 'records': [ | |
1809 | { | |
4f254e34 | 1810 | "content": '40 . mandatory=alpn alpn=h2,h3 ipv4hint=192.0.2.1,192.0.2.2 ech="dG90YWxseSBib2d1cyBlY2hjb25maWcgdmFsdWU="', |
0ab5d78e PL |
1811 | "disabled": False |
1812 | }, | |
1813 | ] | |
1814 | } | |
1815 | payload = {'rrsets': [rrset]} | |
1816 | r = self.session.patch(self.url("/api/v1/servers/localhost/zones/" + name), data=json.dumps(payload), | |
1817 | headers={'content-type': 'application/json'}) | |
1818 | self.assert_success(r) | |
1819 | ||
d2b117ec AT |
1820 | def test_rrset_ns_dname_exclude(self): |
1821 | name, payload, zone = self.create_zone() | |
1822 | rrset = { | |
1823 | 'changetype': 'replace', | |
1824 | 'name': 'delegation.'+name, | |
1825 | 'type': 'NS', | |
1826 | 'ttl': 3600, | |
1827 | 'records': [ | |
1828 | { | |
1829 | "content": "ns.example.org.", | |
1830 | "disabled": False | |
1831 | } | |
1832 | ] | |
1833 | } | |
1834 | payload = {'rrsets': [rrset]} | |
1835 | r = self.session.patch(self.url("/api/v1/servers/localhost/zones/" + name), data=json.dumps(payload), | |
1836 | headers={'content-type': 'application/json'}) | |
1837 | self.assert_success(r) | |
1838 | rrset = { | |
1839 | 'changetype': 'replace', | |
1840 | 'name': 'delegation.'+name, | |
1841 | 'type': 'DNAME', | |
1842 | 'ttl': 3600, | |
1843 | 'records': [ | |
1844 | { | |
7bc54205 | 1845 | "content": "example.com.", |
d2b117ec AT |
1846 | "disabled": False |
1847 | } | |
1848 | ] | |
1849 | } | |
1850 | payload = {'rrsets': [rrset]} | |
1851 | r = self.session.patch(self.url("/api/v1/servers/localhost/zones/" + name), data=json.dumps(payload), | |
1852 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 1853 | self.assertEqual(r.status_code, 422) |
d2b117ec AT |
1854 | self.assertIn('Cannot have both NS and DNAME except in zone apex', r.json()['error']) |
1855 | ||
7bc54205 AT |
1856 | ## FIXME: Enable this when it's time for it |
1857 | # def test_rrset_dname_nothing_under(self): | |
1858 | # name, payload, zone = self.create_zone() | |
1859 | # rrset = { | |
1860 | # 'changetype': 'replace', | |
1861 | # 'name': 'delegation.'+name, | |
1862 | # 'type': 'DNAME', | |
1863 | # 'ttl': 3600, | |
1864 | # 'records': [ | |
1865 | # { | |
1866 | # "content": "example.com.", | |
1867 | # "disabled": False | |
1868 | # } | |
1869 | # ] | |
1870 | # } | |
1871 | # payload = {'rrsets': [rrset]} | |
1872 | # r = self.session.patch(self.url("/api/v1/servers/localhost/zones/" + name), data=json.dumps(payload), | |
1873 | # headers={'content-type': 'application/json'}) | |
1874 | # self.assert_success(r) | |
1875 | # rrset = { | |
1876 | # 'changetype': 'replace', | |
1877 | # 'name': 'sub.delegation.'+name, | |
1878 | # 'type': 'A', | |
1879 | # 'ttl': 3600, | |
1880 | # 'records': [ | |
1881 | # { | |
1882 | # "content": "1.2.3.4", | |
1883 | # "disabled": False | |
1884 | # } | |
1885 | # ] | |
1886 | # } | |
1887 | # payload = {'rrsets': [rrset]} | |
1888 | # r = self.session.patch(self.url("/api/v1/servers/localhost/zones/" + name), data=json.dumps(payload), | |
1889 | # headers={'content-type': 'application/json'}) | |
4bfebc93 | 1890 | # self.assertEqual(r.status_code, 422) |
7bc54205 AT |
1891 | # self.assertIn('You cannot have record(s) under CNAME/DNAME', r.json()['error']) |
1892 | ||
1e5b9ab9 CH |
1893 | def test_create_zone_with_leading_space(self): |
1894 | # Actual regression. | |
6754ef71 | 1895 | name, payload, zone = self.create_zone() |
1e5b9ab9 CH |
1896 | rrset = { |
1897 | 'changetype': 'replace', | |
1898 | 'name': name, | |
1899 | 'type': 'A', | |
6754ef71 | 1900 | 'ttl': 3600, |
1e5b9ab9 CH |
1901 | 'records': [ |
1902 | { | |
1e5b9ab9 CH |
1903 | "content": " 4.3.2.1", |
1904 | "disabled": False | |
1905 | } | |
1906 | ] | |
1907 | } | |
1908 | payload = {'rrsets': [rrset]} | |
46d06a12 | 1909 | r = self.session.patch(self.url("/api/v1/servers/localhost/zones/" + name), data=json.dumps(payload), |
1e5b9ab9 | 1910 | headers={'content-type': 'application/json'}) |
4bfebc93 | 1911 | self.assertEqual(r.status_code, 422) |
1e5b9ab9 CH |
1912 | self.assertIn('Not in expected format', r.json()['error']) |
1913 | ||
d1b98434 | 1914 | @unittest.skipIf(is_auth_lmdb(), "No out-of-zone storage in LMDB") |
c1374bdb | 1915 | def test_zone_rr_delete_out_of_zone(self): |
6754ef71 | 1916 | name, payload, zone = self.create_zone() |
d708640f | 1917 | rrset = { |
35f26cc5 | 1918 | 'changetype': 'delete', |
1d6b70f9 | 1919 | 'name': 'not-in-zone.', |
35f26cc5 CH |
1920 | 'type': 'NS' |
1921 | } | |
d708640f | 1922 | payload = {'rrsets': [rrset]} |
35f26cc5 | 1923 | r = self.session.patch( |
46d06a12 | 1924 | self.url("/api/v1/servers/localhost/zones/" + name), |
35f26cc5 CH |
1925 | data=json.dumps(payload), |
1926 | headers={'content-type': 'application/json'}) | |
541bb91b | 1927 | print(r.content) |
f0e76cee | 1928 | self.assert_success(r) # succeed so users can fix their wrong, old data |
35f26cc5 | 1929 | |
37663c3b | 1930 | def test_zone_delete(self): |
6754ef71 | 1931 | name, payload, zone = self.create_zone() |
46d06a12 | 1932 | r = self.session.delete(self.url("/api/v1/servers/localhost/zones/" + name)) |
4bfebc93 | 1933 | self.assertEqual(r.status_code, 204) |
37663c3b CH |
1934 | self.assertNotIn('Content-Type', r.headers) |
1935 | ||
c1374bdb | 1936 | def test_zone_comment_create(self): |
6754ef71 | 1937 | name, payload, zone = self.create_zone() |
d708640f | 1938 | rrset = { |
6cc98ddf CH |
1939 | 'changetype': 'replace', |
1940 | 'name': name, | |
1941 | 'type': 'NS', | |
6754ef71 | 1942 | 'ttl': 3600, |
6cc98ddf CH |
1943 | 'comments': [ |
1944 | { | |
1945 | 'account': 'test1', | |
1946 | 'content': 'blah blah', | |
1947 | }, | |
1948 | { | |
1949 | 'account': 'test2', | |
1950 | 'content': 'blah blah bleh', | |
1951 | } | |
1952 | ] | |
1953 | } | |
d708640f | 1954 | payload = {'rrsets': [rrset]} |
6cc98ddf | 1955 | r = self.session.patch( |
46d06a12 | 1956 | self.url("/api/v1/servers/localhost/zones/" + name), |
6cc98ddf CH |
1957 | data=json.dumps(payload), |
1958 | headers={'content-type': 'application/json'}) | |
f626cc48 PD |
1959 | if is_auth_lmdb(): |
1960 | self.assert_error_json(r) # No comments in LMDB | |
1961 | return | |
1962 | else: | |
1963 | self.assert_success(r) | |
6cc98ddf CH |
1964 | # make sure the comments have been set, and that the NS |
1965 | # records are still present | |
c43b2d23 | 1966 | data = self.get_zone(name) |
f0e76cee | 1967 | serverset = get_rrset(data, name, 'NS') |
541bb91b | 1968 | print(serverset) |
4bfebc93 CH |
1969 | self.assertNotEqual(serverset['records'], []) |
1970 | self.assertNotEqual(serverset['comments'], []) | |
6cc98ddf | 1971 | # verify that modified_at has been set by pdns |
4bfebc93 | 1972 | self.assertNotEqual([c for c in serverset['comments']][0]['modified_at'], 0) |
0d7f3c75 | 1973 | # verify that TTL is correct (regression test) |
4bfebc93 | 1974 | self.assertEqual(serverset['ttl'], 3600) |
6cc98ddf | 1975 | |
c1374bdb | 1976 | def test_zone_comment_delete(self): |
6cc98ddf | 1977 | # Test: Delete ONLY comments. |
6754ef71 | 1978 | name, payload, zone = self.create_zone() |
d708640f | 1979 | rrset = { |
6cc98ddf CH |
1980 | 'changetype': 'replace', |
1981 | 'name': name, | |
1982 | 'type': 'NS', | |
1983 | 'comments': [] | |
1984 | } | |
d708640f | 1985 | payload = {'rrsets': [rrset]} |
6cc98ddf | 1986 | r = self.session.patch( |
46d06a12 | 1987 | self.url("/api/v1/servers/localhost/zones/" + name), |
6cc98ddf CH |
1988 | data=json.dumps(payload), |
1989 | headers={'content-type': 'application/json'}) | |
f0e76cee | 1990 | self.assert_success(r) |
6cc98ddf | 1991 | # make sure the NS records are still present |
c43b2d23 | 1992 | data = self.get_zone(name) |
f0e76cee | 1993 | serverset = get_rrset(data, name, 'NS') |
541bb91b | 1994 | print(serverset) |
4bfebc93 CH |
1995 | self.assertNotEqual(serverset['records'], []) |
1996 | self.assertEqual(serverset['comments'], []) | |
6cc98ddf | 1997 | |
d1b98434 | 1998 | @unittest.skipIf(is_auth_lmdb(), "No comments in LMDB") |
1148587f CH |
1999 | def test_zone_comment_out_of_range_modified_at(self): |
2000 | # Test if comments on an rrset stay intact if the rrset is replaced | |
2001 | name, payload, zone = self.create_zone() | |
2002 | rrset = { | |
2003 | 'changetype': 'replace', | |
2004 | 'name': name, | |
2005 | 'type': 'NS', | |
2006 | 'comments': [ | |
2007 | { | |
2008 | 'account': 'test1', | |
2009 | 'content': 'oh hi there', | |
2010 | 'modified_at': '4294967297' | |
2011 | } | |
2012 | ] | |
2013 | } | |
2014 | payload = {'rrsets': [rrset]} | |
2015 | r = self.session.patch( | |
2016 | self.url("/api/v1/servers/localhost/zones/" + name), | |
2017 | data=json.dumps(payload), | |
2018 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 2019 | self.assertEqual(r.status_code, 422) |
cf17e6b8 | 2020 | self.assertIn("Key 'modified_at' is out of range", r.json()['error']) |
1148587f | 2021 | |
d1b98434 | 2022 | @unittest.skipIf(is_auth_lmdb(), "No comments in LMDB") |
c1374bdb | 2023 | def test_zone_comment_stay_intact(self): |
6cc98ddf | 2024 | # Test if comments on an rrset stay intact if the rrset is replaced |
6754ef71 | 2025 | name, payload, zone = self.create_zone() |
6cc98ddf | 2026 | # create a comment |
d708640f | 2027 | rrset = { |
6cc98ddf CH |
2028 | 'changetype': 'replace', |
2029 | 'name': name, | |
2030 | 'type': 'NS', | |
2031 | 'comments': [ | |
2032 | { | |
2033 | 'account': 'test1', | |
2034 | 'content': 'oh hi there', | |
2696eea0 | 2035 | 'modified_at': 1111 |
6cc98ddf CH |
2036 | } |
2037 | ] | |
2038 | } | |
d708640f | 2039 | payload = {'rrsets': [rrset]} |
6cc98ddf | 2040 | r = self.session.patch( |
46d06a12 | 2041 | self.url("/api/v1/servers/localhost/zones/" + name), |
6cc98ddf CH |
2042 | data=json.dumps(payload), |
2043 | headers={'content-type': 'application/json'}) | |
f0e76cee | 2044 | self.assert_success(r) |
6cc98ddf | 2045 | # replace rrset records |
d708640f | 2046 | rrset2 = { |
6cc98ddf CH |
2047 | 'changetype': 'replace', |
2048 | 'name': name, | |
2049 | 'type': 'NS', | |
6754ef71 | 2050 | 'ttl': 3600, |
6cc98ddf CH |
2051 | 'records': [ |
2052 | { | |
1d6b70f9 | 2053 | "content": "ns1.bar.com.", |
6cc98ddf CH |
2054 | "disabled": False |
2055 | } | |
2056 | ] | |
2057 | } | |
d708640f | 2058 | payload2 = {'rrsets': [rrset2]} |
6cc98ddf | 2059 | r = self.session.patch( |
46d06a12 | 2060 | self.url("/api/v1/servers/localhost/zones/" + name), |
6cc98ddf CH |
2061 | data=json.dumps(payload2), |
2062 | headers={'content-type': 'application/json'}) | |
f0e76cee | 2063 | self.assert_success(r) |
6cc98ddf | 2064 | # make sure the comments still exist |
c43b2d23 | 2065 | data = self.get_zone(name) |
f0e76cee | 2066 | serverset = get_rrset(data, name, 'NS') |
541bb91b | 2067 | print(serverset) |
4bfebc93 CH |
2068 | self.assertEqual(serverset['records'], rrset2['records']) |
2069 | self.assertEqual(serverset['comments'], rrset['comments']) | |
6cc98ddf | 2070 | |
d1b98434 | 2071 | @unittest.skipIf(is_auth_lmdb(), "No search in LMDB") |
c1374bdb | 2072 | def test_search_rr_exact_zone(self): |
b1902fab | 2073 | name = unique_zone_name() |
1d6b70f9 CH |
2074 | self.create_zone(name=name, serial=22, soa_edit_api='') |
2075 | r = self.session.get(self.url("/api/v1/servers/localhost/search-data?q=" + name.rstrip('.'))) | |
c1374bdb | 2076 | self.assert_success_json(r) |
541bb91b | 2077 | print(r.json()) |
7386e38f | 2078 | self.assertCountEqual(r.json(), [ |
1d6b70f9 | 2079 | {u'object_type': u'zone', u'name': name, u'zone_id': name}, |
1d6b70f9 CH |
2080 | {u'content': u'ns1.example.com.', |
2081 | u'zone_id': name, u'zone': name, u'object_type': u'record', u'disabled': False, | |
2082 | u'ttl': 3600, u'type': u'NS', u'name': name}, | |
2083 | {u'content': u'ns2.example.com.', | |
2084 | u'zone_id': name, u'zone': name, u'object_type': u'record', u'disabled': False, | |
2085 | u'ttl': 3600, u'type': u'NS', u'name': name}, | |
f527c6ff | 2086 | {u'content': u'a.misconfigured.dns.server.invalid. hostmaster.'+name+' 22 10800 3600 604800 3600', |
45250285 JE |
2087 | u'zone_id': name, u'zone': name, u'object_type': u'record', u'disabled': False, |
2088 | u'ttl': 3600, u'type': u'SOA', u'name': name}, | |
2089 | ]) | |
2090 | ||
d1b98434 | 2091 | @unittest.skipIf(is_auth_lmdb(), "No search in LMDB") |
45250285 JE |
2092 | def test_search_rr_exact_zone_filter_type_zone(self): |
2093 | name = unique_zone_name() | |
2094 | data_type = "zone" | |
2095 | self.create_zone(name=name, serial=22, soa_edit_api='') | |
0bd91de6 | 2096 | r = self.session.get(self.url("/api/v1/servers/localhost/search-data?q=" + name.rstrip('.') + "&object_type=" + data_type)) |
45250285 JE |
2097 | self.assert_success_json(r) |
2098 | print(r.json()) | |
4bfebc93 | 2099 | self.assertEqual(r.json(), [ |
45250285 JE |
2100 | {u'object_type': u'zone', u'name': name, u'zone_id': name}, |
2101 | ]) | |
2102 | ||
d1b98434 | 2103 | @unittest.skipIf(is_auth_lmdb(), "No search in LMDB") |
45250285 JE |
2104 | def test_search_rr_exact_zone_filter_type_record(self): |
2105 | name = unique_zone_name() | |
2106 | data_type = "record" | |
2107 | self.create_zone(name=name, serial=22, soa_edit_api='') | |
0bd91de6 | 2108 | r = self.session.get(self.url("/api/v1/servers/localhost/search-data?q=" + name.rstrip('.') + "&object_type=" + data_type)) |
45250285 JE |
2109 | self.assert_success_json(r) |
2110 | print(r.json()) | |
7386e38f | 2111 | self.assertCountEqual(r.json(), [ |
45250285 JE |
2112 | {u'content': u'ns1.example.com.', |
2113 | u'zone_id': name, u'zone': name, u'object_type': u'record', u'disabled': False, | |
2114 | u'ttl': 3600, u'type': u'NS', u'name': name}, | |
2115 | {u'content': u'ns2.example.com.', | |
2116 | u'zone_id': name, u'zone': name, u'object_type': u'record', u'disabled': False, | |
2117 | u'ttl': 3600, u'type': u'NS', u'name': name}, | |
f527c6ff | 2118 | {u'content': u'a.misconfigured.dns.server.invalid. hostmaster.'+name+' 22 10800 3600 604800 3600', |
f2d6dcc0 RG |
2119 | u'zone_id': name, u'zone': name, u'object_type': u'record', u'disabled': False, |
2120 | u'ttl': 3600, u'type': u'SOA', u'name': name}, | |
1d6b70f9 | 2121 | ]) |
b1902fab | 2122 | |
d1b98434 | 2123 | @unittest.skipIf(is_auth_lmdb(), "No search in LMDB") |
c1374bdb | 2124 | def test_search_rr_substring(self): |
541bb91b CH |
2125 | name = unique_zone_name() |
2126 | search = name[5:-5] | |
b1902fab | 2127 | self.create_zone(name=name) |
541bb91b | 2128 | r = self.session.get(self.url("/api/v1/servers/localhost/search-data?q=*%s*" % search)) |
c1374bdb | 2129 | self.assert_success_json(r) |
541bb91b | 2130 | print(r.json()) |
b1902fab | 2131 | # should return zone, SOA, ns1, ns2 |
4bfebc93 | 2132 | self.assertEqual(len(r.json()), 4) |
b1902fab | 2133 | |
d1b98434 | 2134 | @unittest.skipIf(is_auth_lmdb(), "No search in LMDB") |
c1374bdb | 2135 | def test_search_rr_case_insensitive(self): |
541bb91b | 2136 | name = unique_zone_name()+'testsuffix.' |
57cb86d8 | 2137 | self.create_zone(name=name) |
541bb91b | 2138 | r = self.session.get(self.url("/api/v1/servers/localhost/search-data?q=*testSUFFIX*")) |
c1374bdb | 2139 | self.assert_success_json(r) |
541bb91b | 2140 | print(r.json()) |
57cb86d8 | 2141 | # should return zone, SOA, ns1, ns2 |
4bfebc93 | 2142 | self.assertEqual(len(r.json()), 4) |
57cb86d8 | 2143 | |
478a7402 PL |
2144 | @unittest.skipIf(is_auth_lmdb(), "No search or comments in LMDB") |
2145 | def test_search_rr_comment(self): | |
2146 | name = unique_zone_name() | |
2147 | rrsets = [{ | |
2148 | "name": name, | |
2149 | "type": "AAAA", | |
2150 | "ttl": 3600, | |
2151 | "records": [{ | |
2152 | "content": "2001:DB8::1", | |
2153 | "disabled": False, | |
2154 | }], | |
2155 | "comments": [{ | |
2156 | "account": "test AAAA", | |
2157 | "content": "blah", | |
2158 | "modified_at": 11112, | |
2159 | }], | |
2160 | }] | |
2161 | name, payload, data = self.create_zone(name=name, rrsets=rrsets) | |
2162 | r = self.session.get(self.url("/api/v1/servers/localhost/search-data?q=blah")) | |
2163 | self.assert_success_json(r) | |
2164 | data = r.json() | |
2165 | # should return the AAAA record | |
4bfebc93 | 2166 | self.assertEqual(len(data), 1) |
478a7402 PL |
2167 | self.assertEqual(data[0]['object_type'], 'comment') |
2168 | self.assertEqual(data[0]['type'], 'AAAA') | |
2169 | self.assertEqual(data[0]['name'], name) | |
2170 | self.assertEqual(data[0]['content'], rrsets[0]['comments'][0]['content']) | |
2171 | ||
d1b98434 | 2172 | @unittest.skipIf(is_auth_lmdb(), "No search in LMDB") |
7cbc5255 | 2173 | def test_search_after_rectify_with_ent(self): |
541bb91b CH |
2174 | name = unique_zone_name() |
2175 | search = name.split('.')[0] | |
7cbc5255 CH |
2176 | rrset = { |
2177 | "name": 'sub.sub.' + name, | |
2178 | "type": "A", | |
2179 | "ttl": 3600, | |
2180 | "records": [{ | |
2181 | "content": "4.3.2.1", | |
2182 | "disabled": False, | |
2183 | }], | |
2184 | } | |
2185 | self.create_zone(name=name, rrsets=[rrset]) | |
2186 | pdnsutil_rectify(name) | |
541bb91b | 2187 | r = self.session.get(self.url("/api/v1/servers/localhost/search-data?q=*%s*" % search)) |
7cbc5255 | 2188 | self.assert_success_json(r) |
541bb91b | 2189 | print(r.json()) |
7cbc5255 | 2190 | # should return zone, SOA, ns1, ns2, sub.sub A (but not the ENT) |
4bfebc93 | 2191 | self.assertEqual(len(r.json()), 5) |
7cbc5255 | 2192 | |
d1b98434 | 2193 | @unittest.skipIf(is_auth_lmdb(), "No get_db_records for LMDB") |
168a76b3 | 2194 | def test_default_api_rectify_dnssec(self): |
b8cd24cc | 2195 | name = unique_zone_name() |
b8cd24cc SH |
2196 | rrsets = [ |
2197 | { | |
2198 | "name": 'a.' + name, | |
2199 | "type": "AAAA", | |
2200 | "ttl": 3600, | |
2201 | "records": [{ | |
2202 | "content": "2001:DB8::1", | |
2203 | "disabled": False, | |
2204 | }], | |
2205 | }, | |
2206 | { | |
2207 | "name": 'b.' + name, | |
2208 | "type": "AAAA", | |
2209 | "ttl": 3600, | |
2210 | "records": [{ | |
2211 | "content": "2001:DB8::2", | |
2212 | "disabled": False, | |
2213 | }], | |
2214 | }, | |
2215 | ] | |
2216 | self.create_zone(name=name, rrsets=rrsets, dnssec=True, nsec3param='1 0 1 ab') | |
2217 | dbrecs = get_db_records(name, 'AAAA') | |
2218 | self.assertIsNotNone(dbrecs[0]['ordername']) | |
2219 | ||
168a76b3 CH |
2220 | def test_default_api_rectify_nodnssec(self): |
2221 | """Without any DNSSEC settings, rectify should still add ENTs. Setup the zone | |
2222 | so ENTs are necessary, and check for their existence using sdig. | |
2223 | """ | |
2224 | name = unique_zone_name() | |
2225 | rrsets = [ | |
2226 | { | |
2227 | "name": 'a.sub.' + name, | |
2228 | "type": "AAAA", | |
2229 | "ttl": 3600, | |
2230 | "records": [{ | |
2231 | "content": "2001:DB8::1", | |
2232 | "disabled": False, | |
2233 | }], | |
2234 | }, | |
2235 | { | |
2236 | "name": 'b.sub.' + name, | |
2237 | "type": "AAAA", | |
2238 | "ttl": 3600, | |
2239 | "records": [{ | |
2240 | "content": "2001:DB8::2", | |
2241 | "disabled": False, | |
2242 | }], | |
2243 | }, | |
2244 | ] | |
2245 | self.create_zone(name=name, rrsets=rrsets) | |
2246 | # default-api-rectify is yes (by default). expect rectify to have happened. | |
2247 | assert 'Rcode: 0 ' in sdig('sub.' + name, 'TXT') | |
2248 | ||
d1b98434 | 2249 | @unittest.skipIf(is_auth_lmdb(), "No get_db_records for LMDB") |
b8cd24cc SH |
2250 | def test_override_api_rectify(self): |
2251 | name = unique_zone_name() | |
2252 | search = name.split('.')[0] | |
2253 | rrsets = [ | |
2254 | { | |
2255 | "name": 'a.' + name, | |
2256 | "type": "AAAA", | |
2257 | "ttl": 3600, | |
2258 | "records": [{ | |
2259 | "content": "2001:DB8::1", | |
2260 | "disabled": False, | |
2261 | }], | |
2262 | }, | |
2263 | { | |
2264 | "name": 'b.' + name, | |
2265 | "type": "AAAA", | |
2266 | "ttl": 3600, | |
2267 | "records": [{ | |
2268 | "content": "2001:DB8::2", | |
2269 | "disabled": False, | |
2270 | }], | |
2271 | }, | |
2272 | ] | |
2273 | self.create_zone(name=name, rrsets=rrsets, api_rectify=False, dnssec=True, nsec3param='1 0 1 ab') | |
2274 | dbrecs = get_db_records(name, 'AAAA') | |
2275 | self.assertIsNone(dbrecs[0]['ordername']) | |
2276 | ||
d1b98434 | 2277 | @unittest.skipIf(is_auth_lmdb(), "No get_db_records for LMDB") |
a6185e05 CH |
2278 | def test_explicit_rectify_success(self): |
2279 | name, _, data = self.create_zone = self.create_zone(api_rectify=False, dnssec=True, nsec3param='1 0 1 ab') | |
2280 | dbrecs = get_db_records(name, 'SOA') | |
2281 | self.assertIsNone(dbrecs[0]['ordername']) | |
2282 | r = self.session.put(self.url("/api/v1/servers/localhost/zones/" + data['id'] + "/rectify")) | |
4bfebc93 | 2283 | self.assertEqual(r.status_code, 200) |
a6185e05 CH |
2284 | dbrecs = get_db_records(name, 'SOA') |
2285 | self.assertIsNotNone(dbrecs[0]['ordername']) | |
2286 | ||
a6185e05 CH |
2287 | def test_explicit_rectify_slave(self): |
2288 | # Some users want to move a zone to kind=Slave and then rectify, without a re-transfer. | |
2289 | name, _, data = self.create_zone = self.create_zone(api_rectify=False, dnssec=True, nsec3param='1 0 1 ab') | |
2f3f66e4 | 2290 | self.put_zone(data['id'], {'kind': 'Slave'}) |
a6185e05 | 2291 | r = self.session.put(self.url("/api/v1/servers/localhost/zones/" + data['id'] + "/rectify")) |
4bfebc93 | 2292 | self.assertEqual(r.status_code, 200) |
d1b98434 PD |
2293 | if not is_auth_lmdb(): |
2294 | dbrecs = get_db_records(name, 'SOA') | |
2295 | self.assertIsNotNone(dbrecs[0]['ordername']) | |
a6185e05 | 2296 | |
03b1cc25 | 2297 | def test_cname_at_ent_place(self): |
f04b32e4 | 2298 | name, payload, zone = self.create_zone(dnssec=True, api_rectify=True) |
03b1cc25 CH |
2299 | rrset = { |
2300 | 'changetype': 'replace', | |
2301 | 'name': 'sub2.sub1.' + name, | |
2302 | 'type': "A", | |
2303 | 'ttl': 3600, | |
2304 | 'records': [{ | |
2305 | 'content': "4.3.2.1", | |
2306 | 'disabled': False, | |
2307 | }], | |
2308 | } | |
2309 | payload = {'rrsets': [rrset]} | |
2310 | r = self.session.patch( | |
2311 | self.url("/api/v1/servers/localhost/zones/" + zone['id']), | |
2312 | data=json.dumps(payload), | |
2313 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 2314 | self.assertEqual(r.status_code, 204) |
03b1cc25 CH |
2315 | rrset = { |
2316 | 'changetype': 'replace', | |
2317 | 'name': 'sub1.' + name, | |
2318 | 'type': "CNAME", | |
2319 | 'ttl': 3600, | |
2320 | 'records': [{ | |
2321 | 'content': "www.example.org.", | |
2322 | 'disabled': False, | |
2323 | }], | |
2324 | } | |
2325 | payload = {'rrsets': [rrset]} | |
2326 | r = self.session.patch( | |
2327 | self.url("/api/v1/servers/localhost/zones/" + zone['id']), | |
2328 | data=json.dumps(payload), | |
2329 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 2330 | self.assertEqual(r.status_code, 204) |
03b1cc25 | 2331 | |
986e4858 PL |
2332 | def test_rrset_parameter_post_false(self): |
2333 | name = unique_zone_name() | |
2334 | payload = { | |
2335 | 'name': name, | |
2336 | 'kind': 'Native', | |
2337 | 'nameservers': ['ns1.example.com.', 'ns2.example.com.'] | |
2338 | } | |
2339 | r = self.session.post( | |
2340 | self.url("/api/v1/servers/localhost/zones?rrsets=false"), | |
2341 | data=json.dumps(payload), | |
2342 | headers={'content-type': 'application/json'}) | |
541bb91b | 2343 | print(r.json()) |
986e4858 | 2344 | self.assert_success_json(r) |
4bfebc93 CH |
2345 | self.assertEqual(r.status_code, 201) |
2346 | self.assertEqual(r.json().get('rrsets'), None) | |
986e4858 PL |
2347 | |
2348 | def test_rrset_false_parameter(self): | |
2349 | name = unique_zone_name() | |
2350 | self.create_zone(name=name, kind='Native') | |
c43b2d23 CH |
2351 | data = self.get_zone(name, rrsets="false") |
2352 | self.assertEqual(data.get('rrsets'), None) | |
986e4858 PL |
2353 | |
2354 | def test_rrset_true_parameter(self): | |
2355 | name = unique_zone_name() | |
2356 | self.create_zone(name=name, kind='Native') | |
c43b2d23 CH |
2357 | data = self.get_zone(name, rrsets="true") |
2358 | self.assertEqual(len(data['rrsets']), 2) | |
986e4858 PL |
2359 | |
2360 | def test_wrong_rrset_parameter(self): | |
2361 | name = unique_zone_name() | |
2362 | self.create_zone(name=name, kind='Native') | |
c43b2d23 CH |
2363 | self.get_zone( |
2364 | name, rrsets="foobar", | |
2365 | expect_error="'rrsets' request parameter value 'foobar' is not supported" | |
2366 | ) | |
986e4858 | 2367 | |
dc30b8fd PL |
2368 | def test_put_master_tsig_key_ids_non_existent(self): |
2369 | name = unique_zone_name() | |
2370 | keyname = unique_zone_name().split('.')[0] | |
2371 | self.create_zone(name=name, kind='Native') | |
2372 | payload = { | |
2373 | 'master_tsig_key_ids': [keyname] | |
2374 | } | |
2f3f66e4 | 2375 | self.put_zone(name, payload, expect_error='A TSIG key with the name') |
dc30b8fd PL |
2376 | |
2377 | def test_put_slave_tsig_key_ids_non_existent(self): | |
2378 | name = unique_zone_name() | |
2379 | keyname = unique_zone_name().split('.')[0] | |
2380 | self.create_zone(name=name, kind='Native') | |
2381 | payload = { | |
2382 | 'slave_tsig_key_ids': [keyname] | |
2383 | } | |
2f3f66e4 | 2384 | self.put_zone(name, payload, expect_error='A TSIG key with the name') |
dc30b8fd | 2385 | |
70f1db7c CH |
2386 | def test_zone_replace_rrsets_basic(self): |
2387 | """Basic test: all automatic modification is off, on replace the new rrsets are ingested as is.""" | |
2388 | name, _, _ = self.create_zone(dnssec=False, soa_edit='', soa_edit_api='') | |
2389 | rrsets = [ | |
2390 | {'name': name, 'type': 'SOA', 'ttl': 3600, 'records': [{'content': 'invalid. hostmaster.invalid. 1 10800 3600 604800 3600'}]}, | |
2391 | {'name': name, 'type': 'NS', 'ttl': 3600, 'records': [{'content': 'ns1.example.org.'}, {'content': 'ns2.example.org.'}]}, | |
2392 | {'name': 'www.' + name, 'type': 'A', 'ttl': 3600, 'records': [{'content': '192.0.2.1'}]}, | |
2393 | {'name': 'sub.' + name, 'type': 'NS', 'ttl': 3600, 'records': [{'content': 'ns1.example.org.'}]}, | |
2394 | ] | |
2395 | self.put_zone(name, {'rrsets': rrsets}) | |
2396 | ||
2397 | data = self.get_zone(name) | |
2398 | for rrset in rrsets: | |
2399 | rrset.setdefault('comments', []) | |
2400 | for record in rrset['records']: | |
2401 | record.setdefault('disabled', False) | |
2402 | assert_eq_rrsets(data['rrsets'], rrsets) | |
2403 | ||
2404 | def test_zone_replace_rrsets_dnssec(self): | |
2405 | """With dnssec: check automatic rectify is done""" | |
2406 | name, _, _ = self.create_zone(dnssec=True) | |
2407 | rrsets = [ | |
2408 | {'name': name, 'type': 'SOA', 'ttl': 3600, 'records': [{'content': 'invalid. hostmaster.invalid. 1 10800 3600 604800 3600'}]}, | |
2409 | {'name': name, 'type': 'NS', 'ttl': 3600, 'records': [{'content': 'ns1.example.org.'}, {'content': 'ns2.example.org.'}]}, | |
2410 | {'name': 'www.' + name, 'type': 'A', 'ttl': 3600, 'records': [{'content': '192.0.2.1'}]}, | |
2411 | ] | |
2412 | self.put_zone(name, {'rrsets': rrsets}) | |
2413 | ||
2414 | if not is_auth_lmdb(): | |
2415 | # lmdb: skip, no get_db_records implementations | |
2416 | dbrecs = get_db_records(name, 'A') | |
2417 | assert dbrecs[0]['ordername'] is not None # default = rectify enabled | |
2418 | ||
2419 | def test_zone_replace_rrsets_with_soa_edit(self): | |
2420 | """SOA-EDIT was enabled before rrsets will be replaced""" | |
2421 | name, _, _ = self.create_zone(soa_edit='INCEPTION-INCREMENT', soa_edit_api='SOA-EDIT-INCREASE') | |
2422 | rrsets = [ | |
2423 | {'name': name, 'type': 'SOA', 'ttl': 3600, 'records': [{'content': 'invalid. hostmaster.invalid. 1 10800 3600 604800 3600'}]}, | |
2424 | {'name': name, 'type': 'NS', 'ttl': 3600, 'records': [{'content': 'ns1.example.org.'}, {'content': 'ns2.example.org.'}]}, | |
2425 | {'name': 'www.' + name, 'type': 'A', 'ttl': 3600, 'records': [{'content': '192.0.2.1'}]}, | |
2426 | {'name': 'sub.' + name, 'type': 'NS', 'ttl': 3600, 'records': [{'content': 'ns1.example.org.'}]}, | |
2427 | ] | |
2428 | self.put_zone(name, {'rrsets': rrsets}) | |
2429 | ||
2430 | data = self.get_zone(name) | |
2431 | soa = [rrset['records'][0]['content'] for rrset in data['rrsets'] if rrset['type'] == 'SOA'][0] | |
2432 | assert int(soa.split()[2]) > 1 # serial is larger than what we sent | |
2433 | ||
2434 | def test_zone_replace_rrsets_no_soa_primary(self): | |
2435 | """Replace all RRsets but supply no SOA. Should fail.""" | |
2436 | name, _, _ = self.create_zone() | |
2437 | rrsets = [ | |
2438 | {'name': name, 'type': 'NS', 'ttl': 3600, 'records': [{'content': 'ns1.example.org.'}, {'content': 'ns2.example.org.'}]} | |
2439 | ] | |
2440 | self.put_zone(name, {'rrsets': rrsets}, expect_error='Must give SOA record for zone when replacing all RR sets') | |
2441 | ||
8db3d7a6 CH |
2442 | @parameterized.expand([ |
2443 | (None, []), | |
2444 | (None, [ | |
2445 | {'name': '$NAME$', 'type': 'SOA', 'ttl': 3600, 'records': [{'content': 'invalid. hostmaster.invalid. 1 10800 3600 604800 3600'}]}, | |
2446 | ]), | |
2447 | ]) | |
2448 | def test_zone_replace_rrsets_secondary(self, expected_error, rrsets): | |
26636b05 | 2449 | """ |
8db3d7a6 CH |
2450 | Replace all RRsets in a SECONDARY zone. |
2451 | ||
2452 | If no SOA is given, this should still succeed, also setting zone stale (but cannot assert this here). | |
26636b05 | 2453 | """ |
70f1db7c | 2454 | name, _, _ = self.create_zone(kind='Secondary', nameservers=None, masters=['127.0.0.2']) |
8db3d7a6 CH |
2455 | self.put_zone(name, {'rrsets': templated_rrsets(rrsets, name)}, expect_error=expected_error) |
2456 | ||
2457 | @parameterized.expand([ | |
2458 | (None, []), | |
2459 | ("Modifying RRsets in Consumer zones is unsupported", [ | |
2460 | {'name': '$NAME$', 'type': 'SOA', 'ttl': 3600, 'records': [{'content': 'invalid. hostmaster.invalid. 1 10800 3600 604800 3600'}]}, | |
2461 | ]), | |
2462 | ]) | |
2463 | def test_zone_replace_rrsets_consumer(self, expected_error, rrsets): | |
2464 | name, _, _ = self.create_zone(kind='Consumer', nameservers=None, masters=['127.0.0.2']) | |
2465 | self.put_zone(name, {'rrsets': templated_rrsets(rrsets, name)}, expect_error=expected_error) | |
70f1db7c | 2466 | |
cf17e6b8 CH |
2467 | def test_zone_replace_rrsets_negative_ttl(self): |
2468 | name, _, _ = self.create_zone(dnssec=False, soa_edit='', soa_edit_api='') | |
2469 | rrsets = [ | |
2470 | {'name': name, 'type': 'SOA', 'ttl': -1, 'records': [{'content': 'invalid. hostmaster.invalid. 1 10800 3600 604800 3600'}]}, | |
2471 | ] | |
2472 | self.put_zone(name, {'rrsets': rrsets}, expect_error="Key 'ttl' is not a positive Integer") | |
02945d9a | 2473 | |
acbb2efd CH |
2474 | @parameterized.expand([ |
2475 | ("IN MX: non-hostname content", [{'name': '$NAME$', 'type': 'MX', 'ttl': 3600, 'records': [{"content": "10 mail@mx.example.org."}]}]), | |
2476 | ("out of zone", [{'name': 'not-in-zone.', 'type': 'NS', 'ttl': 3600, 'records': [{"content": "ns1.example.org."}]}]), | |
2477 | ("contains unsupported characters", [{'name': 'test:.$NAME$', 'type': 'NS', 'ttl': 3600, 'records': [{"content": "ns1.example.org."}]}]), | |
2478 | ("unknown type", [{'name': '$NAME$', 'type': 'INVALID', 'ttl': 3600, 'records': [{"content": "192.0.2.1"}]}]), | |
2479 | ("Conflicts with another RRset", [{'name': '$NAME$', 'type': 'CNAME', 'ttl': 3600, 'records': [{"content": "example.org."}]}]), | |
2480 | ]) | |
2481 | def test_zone_replace_rrsets_invalid(self, expected_error, invalid_rrsets): | |
2482 | """Test validation of RRsets before replacing them""" | |
2483 | name, _, _ = self.create_zone(dnssec=False, soa_edit='', soa_edit_api='') | |
2484 | base_rrsets = [ | |
2485 | {'name': name, 'type': 'SOA', 'ttl': 3600, 'records': [{'content': 'invalid. hostmaster.invalid. 1 10800 3600 604800 3600'}]}, | |
2486 | {'name': name, 'type': 'NS', 'ttl': 3600, 'records': [{'content': 'ns1.example.org.'}, {'content': 'ns2.example.org.'}]}, | |
2487 | ] | |
26636b05 | 2488 | rrsets = base_rrsets + templated_rrsets(invalid_rrsets, name) |
acbb2efd | 2489 | self.put_zone(name, {'rrsets': rrsets}, expect_error=expected_error) |
dc30b8fd | 2490 | |
02945d9a | 2491 | |
406497f5 CH |
2492 | @unittest.skipIf(not is_auth(), "Not applicable") |
2493 | class AuthRootZone(ApiTestCase, AuthZonesHelperMixin): | |
2494 | ||
2495 | def setUp(self): | |
2496 | super(AuthRootZone, self).setUp() | |
2497 | # zone name is not unique, so delete the zone before each individual test. | |
46d06a12 | 2498 | self.session.delete(self.url("/api/v1/servers/localhost/zones/=2E")) |
406497f5 CH |
2499 | |
2500 | def test_create_zone(self): | |
6754ef71 | 2501 | name, payload, data = self.create_zone(name='.', serial=22, soa_edit_api='') |
406497f5 CH |
2502 | for k in ('id', 'url', 'name', 'masters', 'kind', 'last_check', 'notified_serial', 'serial', 'soa_edit_api', 'soa_edit', 'account'): |
2503 | self.assertIn(k, data) | |
2504 | if k in payload: | |
4bfebc93 | 2505 | self.assertEqual(data[k], payload[k]) |
406497f5 | 2506 | # validate generated SOA |
6754ef71 | 2507 | rec = get_first_rec(data, '.', 'SOA') |
4bfebc93 | 2508 | self.assertEqual( |
6754ef71 | 2509 | rec['content'], |
f527c6ff | 2510 | "a.misconfigured.dns.server.invalid. hostmaster. " + str(payload['serial']) + |
406497f5 CH |
2511 | " 10800 3600 604800 3600" |
2512 | ) | |
2513 | # Regression test: verify zone list works | |
46d06a12 | 2514 | zonelist = self.session.get(self.url("/api/v1/servers/localhost/zones")).json() |
541bb91b | 2515 | print("zonelist:", zonelist) |
406497f5 CH |
2516 | self.assertIn(payload['name'], [zone['name'] for zone in zonelist]) |
2517 | # Also test that fetching the zone works. | |
541bb91b | 2518 | print("id:", data['id']) |
4bfebc93 | 2519 | self.assertEqual(data['id'], '=2E') |
c43b2d23 | 2520 | data = self.get_zone(data['id']) |
541bb91b | 2521 | print("zone (fetched):", data) |
406497f5 CH |
2522 | for k in ('name', 'kind'): |
2523 | self.assertIn(k, data) | |
4bfebc93 | 2524 | self.assertEqual(data[k], payload[k]) |
6754ef71 | 2525 | self.assertEqual(data['rrsets'][0]['name'], '.') |
406497f5 CH |
2526 | |
2527 | def test_update_zone(self): | |
6754ef71 | 2528 | name, payload, zone = self.create_zone(name='.') |
406497f5 CH |
2529 | zone_id = '=2E' |
2530 | # update, set as Master and enable SOA-EDIT-API | |
2531 | payload = { | |
2532 | 'kind': 'Master', | |
2533 | 'masters': ['192.0.2.1', '192.0.2.2'], | |
2534 | 'soa_edit_api': 'EPOCH', | |
2535 | 'soa_edit': 'EPOCH' | |
2536 | } | |
2f3f66e4 | 2537 | self.put_zone(zone_id, payload) |
c43b2d23 | 2538 | data = self.get_zone(zone_id) |
406497f5 CH |
2539 | for k in payload.keys(): |
2540 | self.assertIn(k, data) | |
4bfebc93 | 2541 | self.assertEqual(data[k], payload[k]) |
406497f5 CH |
2542 | # update, back to Native and empty(off) |
2543 | payload = { | |
2544 | 'kind': 'Native', | |
2545 | 'soa_edit_api': '', | |
2546 | 'soa_edit': '' | |
2547 | } | |
2f3f66e4 | 2548 | self.put_zone(zone_id, payload) |
c43b2d23 | 2549 | data = self.get_zone(zone_id) |
406497f5 CH |
2550 | for k in payload.keys(): |
2551 | self.assertIn(k, data) | |
4bfebc93 | 2552 | self.assertEqual(data[k], payload[k]) |
406497f5 CH |
2553 | |
2554 | ||
c1374bdb | 2555 | @unittest.skipIf(not is_recursor(), "Not applicable") |
02945d9a CH |
2556 | class RecursorZones(ApiTestCase): |
2557 | ||
37bc3d01 CH |
2558 | def create_zone(self, name=None, kind=None, rd=False, servers=None): |
2559 | if name is None: | |
2560 | name = unique_zone_name() | |
2561 | if servers is None: | |
2562 | servers = [] | |
02945d9a | 2563 | payload = { |
37bc3d01 CH |
2564 | 'name': name, |
2565 | 'kind': kind, | |
2566 | 'servers': servers, | |
2567 | 'recursion_desired': rd | |
02945d9a CH |
2568 | } |
2569 | r = self.session.post( | |
46d06a12 | 2570 | self.url("/api/v1/servers/localhost/zones"), |
02945d9a CH |
2571 | data=json.dumps(payload), |
2572 | headers={'content-type': 'application/json'}) | |
c1374bdb CH |
2573 | self.assert_success_json(r) |
2574 | return payload, r.json() | |
37bc3d01 | 2575 | |
c1374bdb | 2576 | def test_create_auth_zone(self): |
37bc3d01 | 2577 | payload, data = self.create_zone(kind='Native') |
02945d9a | 2578 | for k in payload.keys(): |
4bfebc93 | 2579 | self.assertEqual(data[k], payload[k]) |
02945d9a | 2580 | |
1d6b70f9 | 2581 | def test_create_zone_no_name(self): |
1d6b70f9 CH |
2582 | payload = { |
2583 | 'name': '', | |
2584 | 'kind': 'Native', | |
2585 | 'servers': ['8.8.8.8'], | |
2586 | 'recursion_desired': False, | |
2587 | } | |
541bb91b | 2588 | print(payload) |
1d6b70f9 CH |
2589 | r = self.session.post( |
2590 | self.url("/api/v1/servers/localhost/zones"), | |
2591 | data=json.dumps(payload), | |
2592 | headers={'content-type': 'application/json'}) | |
4bfebc93 | 2593 | self.assertEqual(r.status_code, 422) |
1d6b70f9 CH |
2594 | self.assertIn('is not canonical', r.json()['error']) |
2595 | ||
c1374bdb | 2596 | def test_create_forwarded_zone(self): |
37bc3d01 | 2597 | payload, data = self.create_zone(kind='Forwarded', rd=False, servers=['8.8.8.8']) |
02945d9a CH |
2598 | # return values are normalized |
2599 | payload['servers'][0] += ':53' | |
02945d9a | 2600 | for k in payload.keys(): |
4bfebc93 | 2601 | self.assertEqual(data[k], payload[k]) |
02945d9a | 2602 | |
c1374bdb | 2603 | def test_create_forwarded_rd_zone(self): |
1d6b70f9 | 2604 | payload, data = self.create_zone(name='google.com.', kind='Forwarded', rd=True, servers=['8.8.8.8']) |
02945d9a CH |
2605 | # return values are normalized |
2606 | payload['servers'][0] += ':53' | |
02945d9a | 2607 | for k in payload.keys(): |
4bfebc93 | 2608 | self.assertEqual(data[k], payload[k]) |
02945d9a | 2609 | |
c1374bdb | 2610 | def test_create_auth_zone_with_symbols(self): |
37bc3d01 | 2611 | payload, data = self.create_zone(name='foo/bar.'+unique_zone_name(), kind='Native') |
1dbe38ba | 2612 | expected_id = (payload['name'].replace('/', '=2F')) |
02945d9a | 2613 | for k in payload.keys(): |
4bfebc93 CH |
2614 | self.assertEqual(data[k], payload[k]) |
2615 | self.assertEqual(data['id'], expected_id) | |
e2367534 | 2616 | |
c1374bdb | 2617 | def test_rename_auth_zone(self): |
37bc3d01 | 2618 | payload, data = self.create_zone(kind='Native') |
1d6b70f9 | 2619 | name = payload['name'] |
e2367534 CH |
2620 | # now rename it |
2621 | payload = { | |
2622 | 'name': 'renamed-'+name, | |
2623 | 'kind': 'Native', | |
2624 | 'recursion_desired': False | |
2625 | } | |
2626 | r = self.session.put( | |
46d06a12 | 2627 | self.url("/api/v1/servers/localhost/zones/" + name), |
e2367534 CH |
2628 | data=json.dumps(payload), |
2629 | headers={'content-type': 'application/json'}) | |
f0e76cee CH |
2630 | self.assert_success(r) |
2631 | data = self.session.get(self.url("/api/v1/servers/localhost/zones/" + payload['name'])).json() | |
e2367534 | 2632 | for k in payload.keys(): |
4bfebc93 | 2633 | self.assertEqual(data[k], payload[k]) |
37bc3d01 | 2634 | |
37663c3b CH |
2635 | def test_zone_delete(self): |
2636 | payload, zone = self.create_zone(kind='Native') | |
2637 | name = payload['name'] | |
46d06a12 | 2638 | r = self.session.delete(self.url("/api/v1/servers/localhost/zones/" + name)) |
4bfebc93 | 2639 | self.assertEqual(r.status_code, 204) |
37663c3b CH |
2640 | self.assertNotIn('Content-Type', r.headers) |
2641 | ||
c1374bdb | 2642 | def test_search_rr_exact_zone(self): |
1d6b70f9 | 2643 | name = unique_zone_name() |
37bc3d01 | 2644 | self.create_zone(name=name, kind='Native') |
46d06a12 | 2645 | r = self.session.get(self.url("/api/v1/servers/localhost/search-data?q=" + name)) |
c1374bdb | 2646 | self.assert_success_json(r) |
541bb91b | 2647 | print(r.json()) |
4bfebc93 | 2648 | self.assertEqual(r.json(), [{u'type': u'zone', u'name': name, u'zone_id': name}]) |
37bc3d01 | 2649 | |
c1374bdb | 2650 | def test_search_rr_substring(self): |
1d6b70f9 | 2651 | name = 'search-rr-zone.name.' |
37bc3d01 | 2652 | self.create_zone(name=name, kind='Native') |
46d06a12 | 2653 | r = self.session.get(self.url("/api/v1/servers/localhost/search-data?q=rr-zone")) |
c1374bdb | 2654 | self.assert_success_json(r) |
541bb91b | 2655 | print(r.json()) |
37bc3d01 | 2656 | # should return zone, SOA |
4bfebc93 | 2657 | self.assertEqual(len(r.json()), 2) |
ccfabd0d | 2658 | |
ccfabd0d CH |
2659 | @unittest.skipIf(not is_auth(), "Not applicable") |
2660 | class AuthZoneKeys(ApiTestCase, AuthZonesHelperMixin): | |
2661 | ||
2662 | def test_get_keys(self): | |
2663 | r = self.session.get( | |
2664 | self.url("/api/v1/servers/localhost/zones/powerdnssec.org./cryptokeys")) | |
2665 | self.assert_success_json(r) | |
2666 | keys = r.json() | |
2667 | self.assertGreater(len(keys), 0) | |
2668 | ||
2669 | key0 = deepcopy(keys[0]) | |
2670 | del key0['dnskey'] | |
b6bd795c | 2671 | del key0['ds'] |
ccfabd0d | 2672 | expected = { |
5d9c6182 PL |
2673 | u'algorithm': u'ECDSAP256SHA256', |
2674 | u'bits': 256, | |
ccfabd0d CH |
2675 | u'active': True, |
2676 | u'type': u'Cryptokey', | |
b6bd795c PL |
2677 | u'keytype': u'csk', |
2678 | u'flags': 257, | |
33918299 | 2679 | u'published': True, |
ccfabd0d | 2680 | u'id': 1} |
4bfebc93 | 2681 | self.assertEqual(key0, expected) |
ccfabd0d CH |
2682 | |
2683 | keydata = keys[0]['dnskey'].split() | |
2684 | self.assertEqual(len(keydata), 4) | |
17d96af7 PD |
2685 | |
2686 | def test_get_keys_with_cds(self): | |
2687 | payload_metadata = {"type": "Metadata", "kind": "PUBLISH-CDS", "metadata": ["4"]} | |
2688 | r = self.session.post(self.url("/api/v1/servers/localhost/zones/powerdnssec.org./metadata"), | |
2689 | data=json.dumps(payload_metadata)) | |
2690 | rdata = r.json() | |
4bfebc93 CH |
2691 | self.assertEqual(r.status_code, 201) |
2692 | self.assertEqual(rdata["metadata"], payload_metadata["metadata"]) | |
17d96af7 PD |
2693 | |
2694 | r = self.session.get( | |
2695 | self.url("/api/v1/servers/localhost/zones/powerdnssec.org./cryptokeys")) | |
2696 | self.assert_success_json(r) | |
2697 | keys = r.json() | |
2698 | self.assertGreater(len(keys), 0) | |
2699 | ||
2700 | key0 = deepcopy(keys[0]) | |
4bfebc93 | 2701 | self.assertEqual(len(key0['cds']), 1) |
17d96af7 | 2702 | self.assertIn(key0['cds'][0], key0['ds']) |
4bfebc93 | 2703 | self.assertEqual(key0['cds'][0].split()[2], '4') |
17d96af7 PD |
2704 | del key0['dnskey'] |
2705 | del key0['ds'] | |
2706 | del key0['cds'] | |
2707 | expected = { | |
2708 | u'algorithm': u'ECDSAP256SHA256', | |
2709 | u'bits': 256, | |
2710 | u'active': True, | |
2711 | u'type': u'Cryptokey', | |
2712 | u'keytype': u'csk', | |
2713 | u'flags': 257, | |
2714 | u'published': True, | |
2715 | u'id': 1} | |
4bfebc93 | 2716 | self.assertEqual(key0, expected) |
17d96af7 PD |
2717 | |
2718 | keydata = keys[0]['dnskey'].split() | |
2719 | self.assertEqual(len(keydata), 4) | |
2720 | ||
2721 | r = self.session.delete(self.url("/api/v1/servers/localhost/zones/powerdnssec.org./metadata/PUBLISH-CDS")) | |
a406b334 | 2722 | self.assertEqual(r.status_code, 204) |