6 from dnsdisttests
import DNSDistTest
8 class TestAPIBasics(DNSDistTest
):
12 _webServerBasicAuthPassword
= 'secret'
13 _webServerAPIKey
= 'apisecret'
14 # paths accessible using the API key only
15 _apiOnlyPaths
= ['/api/v1/servers/localhost/config', '/api/v1/servers/localhost/config/allow-from', '/api/v1/servers/localhost/statistics']
16 # paths accessible using an API key or basic auth
17 _statsPaths
= [ '/jsonstat?command=stats', '/jsonstat?command=dynblocklist', '/api/v1/servers/localhost']
18 # paths accessible using basic auth only (list not exhaustive)
19 _basicOnlyPaths
= ['/', '/index.html']
20 _config_params
= ['_testServerPort', '_webServerPort', '_webServerBasicAuthPassword', '_webServerAPIKey']
21 _config_template
= """
22 setACL({"127.0.0.1/32", "::1/128"})
23 newServer{address="127.0.0.1:%s"}
24 webserver("127.0.0.1:%s", "%s", "%s")
27 def testBasicAuth(self
):
29 API: Basic Authentication
31 for path
in self
._basicOnlyPaths
+ self
._statsPaths
:
32 url
= 'http://127.0.0.1:' + str(self
._webServerPort
) + path
33 r
= requests
.get(url
, auth
=('whatever', self
._webServerBasicAuthPassword
), timeout
=self
._webTimeout
)
35 self
.assertEquals(r
.status_code
, 200)
37 def testXAPIKey(self
):
41 headers
= {'x-api-key': self
._webServerAPIKey
}
42 for path
in self
._apiOnlyPaths
+ self
._statsPaths
:
43 url
= 'http://127.0.0.1:' + str(self
._webServerPort
) + path
44 r
= requests
.get(url
, headers
=headers
, timeout
=self
._webTimeout
)
46 self
.assertEquals(r
.status_code
, 200)
48 def testBasicAuthOnly(self
):
50 API: Basic Authentication Only
52 headers
= {'x-api-key': self
._webServerAPIKey
}
53 for path
in self
._basicOnlyPaths
:
54 url
= 'http://127.0.0.1:' + str(self
._webServerPort
) + path
55 r
= requests
.get(url
, headers
=headers
, timeout
=self
._webTimeout
)
56 self
.assertEquals(r
.status_code
, 401)
58 def testAPIKeyOnly(self
):
62 for path
in self
._apiOnlyPaths
:
63 url
= 'http://127.0.0.1:' + str(self
._webServerPort
) + path
64 r
= requests
.get(url
, auth
=('whatever', self
._webServerBasicAuthPassword
), timeout
=self
._webTimeout
)
65 self
.assertEquals(r
.status_code
, 401)
67 def testServersLocalhost(self
):
69 API: /api/v1/servers/localhost
71 headers
= {'x-api-key': self
._webServerAPIKey
}
72 url
= 'http://127.0.0.1:' + str(self
._webServerPort
) + '/api/v1/servers/localhost'
73 r
= requests
.get(url
, headers
=headers
, timeout
=self
._webTimeout
)
75 self
.assertEquals(r
.status_code
, 200)
76 self
.assertTrue(r
.json())
79 self
.assertEquals(content
['daemon_type'], 'dnsdist')
81 rule_groups
= ['response-rules', 'cache-hit-response-rules', 'self-answered-response-rules']
82 for key
in ['version', 'acl', 'local', 'rules', 'servers', 'frontends', 'pools'] + rule_groups
:
83 self
.assertIn(key
, content
)
85 for rule
in content
['rules']:
86 for key
in ['id', 'matches', 'rule', 'action', 'uuid']:
87 self
.assertIn(key
, rule
)
88 for key
in ['id', 'matches']:
89 self
.assertTrue(rule
[key
] >= 0)
91 for rule_group
in rule_groups
:
92 for rule
in content
[rule_group
]:
93 for key
in ['id', 'matches', 'rule', 'action', 'uuid']:
94 self
.assertIn(key
, rule
)
95 for key
in ['id', 'matches']:
96 self
.assertTrue(rule
[key
] >= 0)
98 for server
in content
['servers']:
99 for key
in ['id', 'latency', 'name', 'weight', 'outstanding', 'qpsLimit',
100 'reuseds', 'state', 'address', 'pools', 'qps', 'queries', 'order', 'sendErrors']:
101 self
.assertIn(key
, server
)
103 for key
in ['id', 'latency', 'weight', 'outstanding', 'qpsLimit', 'reuseds',
104 'qps', 'queries', 'order']:
105 self
.assertTrue(server
[key
] >= 0)
107 self
.assertTrue(server
['state'] in ['up', 'down', 'UP', 'DOWN'])
109 for frontend
in content
['frontends']:
110 for key
in ['id', 'address', 'udp', 'tcp', 'queries']:
111 self
.assertIn(key
, frontend
)
113 for key
in ['id', 'queries']:
114 self
.assertTrue(frontend
[key
] >= 0)
116 for pool
in content
['pools']:
117 for key
in ['id', 'name', 'cacheSize', 'cacheEntries', 'cacheHits', 'cacheMisses', 'cacheDeferredInserts', 'cacheDeferredLookups', 'cacheLookupCollisions', 'cacheInsertCollisions', 'cacheTTLTooShorts']:
118 self
.assertIn(key
, pool
)
120 for key
in ['id', 'cacheSize', 'cacheEntries', 'cacheHits', 'cacheMisses', 'cacheDeferredInserts', 'cacheDeferredLookups', 'cacheLookupCollisions', 'cacheInsertCollisions', 'cacheTTLTooShorts']:
121 self
.assertTrue(pool
[key
] >= 0)
123 def testServersIDontExist(self
):
125 API: /api/v1/servers/idontexist (should be 404)
127 headers
= {'x-api-key': self
._webServerAPIKey
}
128 url
= 'http://127.0.0.1:' + str(self
._webServerPort
) + '/api/v1/servers/idontexist'
129 r
= requests
.get(url
, headers
=headers
, timeout
=self
._webTimeout
)
130 self
.assertEquals(r
.status_code
, 404)
132 def testServersLocalhostConfig(self
):
134 API: /api/v1/servers/localhost/config
136 headers
= {'x-api-key': self
._webServerAPIKey
}
137 url
= 'http://127.0.0.1:' + str(self
._webServerPort
) + '/api/v1/servers/localhost/config'
138 r
= requests
.get(url
, headers
=headers
, timeout
=self
._webTimeout
)
140 self
.assertEquals(r
.status_code
, 200)
141 self
.assertTrue(r
.json())
144 for entry
in content
:
145 for key
in ['type', 'name', 'value']:
146 self
.assertIn(key
, entry
)
148 self
.assertEquals(entry
['type'], 'ConfigSetting')
149 values
[entry
['name']] = entry
['value']
151 for key
in ['acl', 'control-socket', 'ecs-override', 'ecs-source-prefix-v4',
152 'ecs-source-prefix-v6', 'fixup-case', 'max-outstanding', 'server-policy',
153 'stale-cache-entries-ttl', 'tcp-recv-timeout', 'tcp-send-timeout',
154 'truncate-tc', 'verbose', 'verbose-health-checks']:
155 self
.assertIn(key
, values
)
157 for key
in ['max-outstanding', 'stale-cache-entries-ttl', 'tcp-recv-timeout',
159 self
.assertTrue(values
[key
] >= 0)
161 self
.assertTrue(values
['ecs-source-prefix-v4'] >= 0 and values
['ecs-source-prefix-v4'] <= 32)
162 self
.assertTrue(values
['ecs-source-prefix-v6'] >= 0 and values
['ecs-source-prefix-v6'] <= 128)
164 def testServersLocalhostConfigAllowFrom(self
):
166 API: /api/v1/servers/localhost/config/allow-from
168 headers
= {'x-api-key': self
._webServerAPIKey
}
169 url
= 'http://127.0.0.1:' + str(self
._webServerPort
) + '/api/v1/servers/localhost/config/allow-from'
170 r
= requests
.get(url
, headers
=headers
, timeout
=self
._webTimeout
)
172 self
.assertEquals(r
.status_code
, 200)
173 self
.assertTrue(r
.json())
175 for key
in ['type', 'name', 'value']:
176 self
.assertIn(key
, content
)
178 self
.assertEquals(content
['name'], 'allow-from')
179 self
.assertEquals(content
['type'], 'ConfigSetting')
180 self
.assertEquals(content
['value'], ["127.0.0.1/32", "::1/128"])
182 def testServersLocalhostConfigAllowFromPut(self
):
184 API: PUT /api/v1/servers/localhost/config/allow-from (should be refused)
186 The API is read-only by default, so this should be refused
188 newACL
= ["192.0.2.0/24", "198.51.100.0/24", "203.0.113.0/24"]
189 payload
= json
.dumps({"name": "allow-from",
190 "type": "ConfigSetting",
192 headers
= {'x-api-key': self
._webServerAPIKey
}
193 url
= 'http://127.0.0.1:' + str(self
._webServerPort
) + '/api/v1/servers/localhost/config/allow-from'
194 r
= requests
.put(url
, headers
=headers
, timeout
=self
._webTimeout
, data
=payload
)
196 self
.assertEquals(r
.status_code
, 405)
198 def testServersLocalhostStatistics(self
):
200 API: /api/v1/servers/localhost/statistics
202 headers
= {'x-api-key': self
._webServerAPIKey
}
203 url
= 'http://127.0.0.1:' + str(self
._webServerPort
) + '/api/v1/servers/localhost/statistics'
204 r
= requests
.get(url
, headers
=headers
, timeout
=self
._webTimeout
)
206 self
.assertEquals(r
.status_code
, 200)
207 self
.assertTrue(r
.json())
210 for entry
in content
:
211 self
.assertIn('type', entry
)
212 self
.assertIn('name', entry
)
213 self
.assertIn('value', entry
)
214 self
.assertEquals(entry
['type'], 'StatisticItem')
215 values
[entry
['name']] = entry
['value']
217 expected
= ['responses', 'servfail-responses', 'queries', 'acl-drops',
218 'rule-drop', 'rule-nxdomain', 'rule-refused', 'self-answered', 'downstream-timeouts',
219 'downstream-send-errors', 'trunc-failures', 'no-policy', 'latency0-1',
220 'latency1-10', 'latency10-50', 'latency50-100', 'latency100-1000',
221 'latency-slow', 'latency-avg100', 'latency-avg1000', 'latency-avg10000',
222 'latency-avg1000000', 'uptime', 'real-memory-usage', 'noncompliant-queries',
223 'noncompliant-responses', 'rdqueries', 'empty-queries', 'cache-hits',
224 'cache-misses', 'cpu-user-msec', 'cpu-sys-msec', 'fd-usage', 'dyn-blocked',
225 'dyn-block-nmg-size']
228 self
.assertIn(key
, values
)
229 self
.assertTrue(values
[key
] >= 0)
232 self
.assertIn(key
, expected
)
234 def testJsonstatStats(self
):
236 API: /jsonstat?command=stats
238 headers
= {'x-api-key': self
._webServerAPIKey
}
239 url
= 'http://127.0.0.1:' + str(self
._webServerPort
) + '/jsonstat?command=stats'
240 r
= requests
.get(url
, headers
=headers
, timeout
=self
._webTimeout
)
242 self
.assertEquals(r
.status_code
, 200)
243 self
.assertTrue(r
.json())
246 expected
= ['responses', 'servfail-responses', 'queries', 'acl-drops',
247 'rule-drop', 'rule-nxdomain', 'rule-refused', 'self-answered', 'downstream-timeouts',
248 'downstream-send-errors', 'trunc-failures', 'no-policy', 'latency0-1',
249 'latency1-10', 'latency10-50', 'latency50-100', 'latency100-1000',
250 'latency-slow', 'latency-avg100', 'latency-avg1000', 'latency-avg10000',
251 'latency-avg1000000', 'uptime', 'real-memory-usage', 'noncompliant-queries',
252 'noncompliant-responses', 'rdqueries', 'empty-queries', 'cache-hits',
253 'cache-misses', 'cpu-user-msec', 'cpu-sys-msec', 'fd-usage', 'dyn-blocked',
254 'dyn-block-nmg-size', 'packetcache-hits', 'packetcache-misses', 'over-capacity-drops',
258 self
.assertIn(key
, content
)
259 self
.assertTrue(content
[key
] >= 0)
261 def testJsonstatDynblocklist(self
):
263 API: /jsonstat?command=dynblocklist
265 headers
= {'x-api-key': self
._webServerAPIKey
}
266 url
= 'http://127.0.0.1:' + str(self
._webServerPort
) + '/jsonstat?command=dynblocklist'
267 r
= requests
.get(url
, headers
=headers
, timeout
=self
._webTimeout
)
269 self
.assertEquals(r
.status_code
, 200)
274 for key
in ['reason', 'seconds', 'blocks']:
275 self
.assertIn(key
, content
)
277 for key
in ['blocks']:
278 self
.assertTrue(content
[key
] >= 0)
280 class TestAPIServerDown(DNSDistTest
):
283 _webServerPort
= 8083
284 _webServerBasicAuthPassword
= 'secret'
285 _webServerAPIKey
= 'apisecret'
286 # paths accessible using the API key
287 _config_params
= ['_testServerPort', '_webServerPort', '_webServerBasicAuthPassword', '_webServerAPIKey']
288 _config_template
= """
289 setACL({"127.0.0.1/32", "::1/128"})
290 newServer{address="127.0.0.1:%s"}
291 getServer(0):setDown()
292 webserver("127.0.0.1:%s", "%s", "%s")
295 def testServerDownNoLatencyLocalhost(self
):
297 API: /api/v1/servers/localhost, no latency for a down server
299 headers
= {'x-api-key': self
._webServerAPIKey
}
300 url
= 'http://127.0.0.1:' + str(self
._webServerPort
) + '/api/v1/servers/localhost'
301 r
= requests
.get(url
, headers
=headers
, timeout
=self
._webTimeout
)
303 self
.assertEquals(r
.status_code
, 200)
304 self
.assertTrue(r
.json())
307 self
.assertEquals(content
['servers'][0]['latency'], None)
309 class TestAPIWritable(DNSDistTest
):
312 _webServerPort
= 8083
313 _webServerBasicAuthPassword
= 'secret'
314 _webServerAPIKey
= 'apisecret'
315 _APIWriteDir
= '/tmp'
316 _config_params
= ['_testServerPort', '_webServerPort', '_webServerBasicAuthPassword', '_webServerAPIKey', '_APIWriteDir']
317 _config_template
= """
318 setACL({"127.0.0.1/32", "::1/128"})
319 newServer{address="127.0.0.1:%s"}
320 webserver("127.0.0.1:%s", "%s", "%s")
321 setAPIWritable(true, "%s")
324 def testSetACL(self
):
328 headers
= {'x-api-key': self
._webServerAPIKey
}
329 url
= 'http://127.0.0.1:' + str(self
._webServerPort
) + '/api/v1/servers/localhost/config/allow-from'
330 r
= requests
.get(url
, headers
=headers
, timeout
=self
._webTimeout
)
332 self
.assertEquals(r
.status_code
, 200)
333 self
.assertTrue(r
.json())
335 self
.assertEquals(content
['value'], ["127.0.0.1/32", "::1/128"])
337 newACL
= ["192.0.2.0/24", "198.51.100.0/24", "203.0.113.0/24"]
338 payload
= json
.dumps({"name": "allow-from",
339 "type": "ConfigSetting",
341 r
= requests
.put(url
, headers
=headers
, timeout
=self
._webTimeout
, data
=payload
)
343 self
.assertEquals(r
.status_code
, 200)
344 self
.assertTrue(r
.json())
346 self
.assertEquals(content
['value'], newACL
)
348 r
= requests
.get(url
, headers
=headers
, timeout
=self
._webTimeout
)
350 self
.assertEquals(r
.status_code
, 200)
351 self
.assertTrue(r
.json())
353 self
.assertEquals(content
['value'], newACL
)
355 configFile
= self
._APIWriteDir
+ '/' + 'acl.conf'
356 self
.assertTrue(os
.path
.isfile(configFile
))
358 with
file(configFile
) as f
:
359 fileContent
= f
.read()
361 self
.assertEquals(fileContent
, """-- Generated by the REST API, DO NOT EDIT
362 setACL({"192.0.2.0/24", "198.51.100.0/24", "203.0.113.0/24"})