From 2203abfca8beba99ebcd3820d017385e6526f3bf Mon Sep 17 00:00:00 2001
From: Martin Basti <mbasti@redhat.com>
Date: Fri, 4 Jul 2014 16:28:17 +0200
Subject: Test DNS: TLSA record

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
---
 ipatests/test_xmlrpc/test_dns_plugin.py | 66 +++++++++++++++++++++++++++++++++
 1 file changed, 66 insertions(+)

diff --git a/ipatests/test_xmlrpc/test_dns_plugin.py b/ipatests/test_xmlrpc/test_dns_plugin.py
index 7b3a014e2..abc844982 100644
--- a/ipatests/test_xmlrpc/test_dns_plugin.py
+++ b/ipatests/test_xmlrpc/test_dns_plugin.py
@@ -139,6 +139,15 @@ dlv_dn = DN(('idnsname', dlv), zone1_dn)
 
 dlvrec = u'60485 5 1 2BB183AF5F22588179A53B0A98631FAD1A292118'
 
+tlsa = u'tlsa'
+tlsa_dnsname = DNSName(tlsa)
+tlsa_dn = DN(('idnsname', tlsa), zone1_dn)
+
+tlsarec_err1 = u'300 0 1 d2abde240d7cd3ee6b4b28c54df034b97983a1d16e8a410e4561cb106618e971'
+tlsarec_err2 = u'0 300 1 d2abde240d7cd3ee6b4b28c54df034b97983a1d16e8a410e4561cb106618e971'
+tlsarec_err3 = u'0 0 300 d2abde240d7cd3ee6b4b28c54df034b97983a1d16e8a410e4561cb106618e971'
+tlsarec_ok = u'0 0 1 d2abde240d7cd3ee6b4b28c54df034b97983a1d16e8a410e4561cb106618e971'
+
 wildcard_rec1 = u'*.test'
 wildcard_rec1_dnsname = DNSName(wildcard_rec1)
 wildcard_rec1_dn = DN(('idnsname',wildcard_rec1), zone1_dn)
@@ -1277,6 +1286,63 @@ class test_dns(Declarative):
         ),
 
 
+        dict(
+            desc='Try to add invalid TLSA record to %r using dnsrecord_add (1)' % (tlsa),
+            command=('dnsrecord_add', [zone1, tlsa], {'tlsarecord': tlsarec_err1}),
+            expected=errors.ValidationError(
+                name="cert_usage",
+                error=u'can be at most 255'
+            ),
+        ),
+
+
+        dict(
+            desc='Try to add invalid TLSA record to %r using dnsrecord_add (2)' % (tlsa),
+            command=('dnsrecord_add', [zone1, tlsa], {'tlsarecord': tlsarec_err2}),
+            expected=errors.ValidationError(
+                name="selector",
+                error=u'can be at most 255'
+            ),
+        ),
+
+
+        dict(
+            desc='Try to add invalid TLSA record to %r using dnsrecord_add (3)' % (tlsa),
+            command=('dnsrecord_add', [zone1, tlsa], {'tlsarecord': tlsarec_err3}),
+            expected=errors.ValidationError(
+                name="matching_type",
+                error=u'can be at most 255'
+            ),
+        ),
+
+
+        dict(
+            desc='Add TLSA record to %r using dnsrecord_add' % (tlsa),
+            command=('dnsrecord_add', [zone1, tlsa], {'tlsarecord': tlsarec_ok}),
+            expected={
+                'value': tlsa_dnsname,
+                'summary': None,
+                'result': {
+                    'objectclass': objectclasses.dnsrecord,
+                    'dn': tlsa_dn,
+                    'idnsname': [tlsa_dnsname],
+                    'tlsarecord': [tlsarec_ok],
+                },
+            },
+        ),
+
+
+        dict(
+            desc='Delete record %r in zone %r' % (tlsa, zone1),
+            command=('dnsrecord_del', [zone1, tlsa], {'del_all': True}),
+            expected={
+                'value': [tlsa_dnsname],
+                'summary': u'Deleted record "%s"' % tlsa,
+                'result': {'failed': []},
+            },
+        ),
+
+
         dict(
             desc='Try to create a reverse zone from invalid IP',
             command=(
-- 
cgit