summaryrefslogtreecommitdiffstats
path: root/ipatests/test_xmlrpc/test_dns_realmdomains_integration.py
diff options
context:
space:
mode:
Diffstat (limited to 'ipatests/test_xmlrpc/test_dns_realmdomains_integration.py')
-rw-r--r--ipatests/test_xmlrpc/test_dns_realmdomains_integration.py168
1 files changed, 168 insertions, 0 deletions
diff --git a/ipatests/test_xmlrpc/test_dns_realmdomains_integration.py b/ipatests/test_xmlrpc/test_dns_realmdomains_integration.py
new file mode 100644
index 000000000..1e46d362e
--- /dev/null
+++ b/ipatests/test_xmlrpc/test_dns_realmdomains_integration.py
@@ -0,0 +1,168 @@
+# Authors:
+# Ana Krivokapic <akrivoka@redhat.com>
+#
+# Copyright (C) 2013 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+"""
+Test integration of DNS and realmdomains.
+1. dnszone_{add,del} should create/delete appropriate entry in realmdomains.
+2. realmdomains_mod should add a _kerberos TXT record in the DNS zone.
+"""
+
+from ipalib import api, errors
+from ipapython.dn import DN
+from ipatests.test_xmlrpc import objectclasses
+from xmlrpc_test import Declarative, fuzzy_digits
+
+
+cn = u'Realm Domains'
+dn = DN(('cn', cn), ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn)
+our_domain = api.env.domain
+dnszone_1 = u'dnszone.test'
+dnszone_1_dn = DN(('idnsname', dnszone_1), api.env.container_dns,
+ api.env.basedn)
+idnssoamname = u'ns1.%s.' % dnszone_1
+idnssoarname = u'root.%s.' % dnszone_1
+dnszone_2 = u'dnszone2.test'
+dnszone_2_dn = DN(('idnsname', dnszone_2), api.env.container_dns,
+ api.env.basedn)
+
+
+def assert_realmdomain_and_txt_record_present(response):
+ zone = response['value']
+
+ r = api.Command['realmdomains_show']()
+ assert zone in r['result']['associateddomain']
+
+ r = api.Command['dnsrecord_show'](zone, u'_kerberos')
+ assert api.env.realm in r['result']['txtrecord']
+
+ return True
+
+
+def assert_realmdomain_and_txt_record_not_present(response):
+ zone = response['value']
+
+ r = api.Command['realmdomains_show']()
+ assert zone not in r['result']['associateddomain']
+
+ try:
+ api.Command['dnsrecord_show'](zone, u'_kerberos')
+ except errors.NotFound:
+ return True
+
+
+class test_dns_realmdomains_integration(Declarative):
+ cleanup_commands = [
+ ('realmdomains_mod', [], {'associateddomain': [our_domain]}),
+ ('dnszone_del', [dnszone_1, dnszone_2], {'continue': True}),
+ ]
+
+ tests = [
+ dict(
+ desc='Check realmdomain and TXT record get created '
+ 'during dnszone_add',
+ command=(
+ 'dnszone_add', [dnszone_1], {
+ 'idnssoamname': idnssoamname,
+ 'idnssoarname': idnssoarname,
+ 'ip_address': u'1.2.3.4',
+ }
+ ),
+ expected={
+ 'value': dnszone_1,
+ 'summary': None,
+ 'result': {
+ 'dn': dnszone_1_dn,
+ 'idnsname': [dnszone_1],
+ 'idnszoneactive': [u'TRUE'],
+ 'idnssoamname': [idnssoamname],
+ 'nsrecord': [idnssoamname],
+ 'idnssoarname': [idnssoarname],
+ 'idnssoaserial': [fuzzy_digits],
+ 'idnssoarefresh': [fuzzy_digits],
+ 'idnssoaretry': [fuzzy_digits],
+ 'idnssoaexpire': [fuzzy_digits],
+ 'idnssoaminimum': [fuzzy_digits],
+ 'idnsallowdynupdate': [u'FALSE'],
+ 'idnsupdatepolicy': [u'grant %(realm)s krb5-self * A; '
+ u'grant %(realm)s krb5-self * AAAA; '
+ u'grant %(realm)s krb5-self * SSHFP;'
+ % dict(realm=api.env.realm)],
+ 'idnsallowtransfer': [u'none;'],
+ 'idnsallowquery': [u'any;'],
+ 'objectclass': objectclasses.dnszone,
+
+ },
+ },
+ extra_check=assert_realmdomain_and_txt_record_present,
+ ),
+
+ dict(
+ desc='Check realmdomain and TXT record do not get created '
+ 'during dnszone_add for forwarded zone',
+ command=(
+ 'dnszone_add', [dnszone_2], {
+ 'idnssoamname': idnssoamname,
+ 'idnssoarname': idnssoarname,
+ 'idnsforwarders': u'1.2.3.4',
+ 'idnsforwardpolicy': u'only',
+ 'force': True,
+ }
+ ),
+ expected={
+ 'value': dnszone_2,
+ 'summary': None,
+ 'result': {
+ 'dn': dnszone_2_dn,
+ 'idnsname': [dnszone_2],
+ 'idnszoneactive': [u'TRUE'],
+ 'idnssoamname': [idnssoamname],
+ 'idnsforwarders': [u'1.2.3.4'],
+ 'idnsforwardpolicy': [u'only'],
+ 'nsrecord': [idnssoamname],
+ 'idnssoarname': [idnssoarname],
+ 'idnssoaserial': [fuzzy_digits],
+ 'idnssoarefresh': [fuzzy_digits],
+ 'idnssoaretry': [fuzzy_digits],
+ 'idnssoaexpire': [fuzzy_digits],
+ 'idnssoaminimum': [fuzzy_digits],
+ 'idnsallowdynupdate': [u'FALSE'],
+ 'idnsupdatepolicy': [u'grant %(realm)s krb5-self * A; '
+ u'grant %(realm)s krb5-self * AAAA; '
+ u'grant %(realm)s krb5-self * SSHFP;'
+ % dict(realm=api.env.realm)],
+ 'idnsallowtransfer': [u'none;'],
+ 'idnsallowquery': [u'any;'],
+ 'objectclass': objectclasses.dnszone,
+
+ },
+ },
+ extra_check=assert_realmdomain_and_txt_record_not_present,
+ ),
+
+ dict(
+ desc='Check realmdomain and TXT record get deleted '
+ 'during dnszone_del',
+ command=('dnszone_del', [dnszone_1], {}),
+ expected={
+ 'value': dnszone_1,
+ 'summary': u'Deleted DNS zone "%s"' % dnszone_1,
+ 'result': {'failed': u''},
+ },
+ extra_check=assert_realmdomain_and_txt_record_not_present,
+ ),
+ ]
generated by cgit (git 2.34.1) at 2024-04-19 11:33:29 +0000