<text omitted> > > Pushed both patches to master, but just the first to ipa-3-3 as the test > updating patch did not apply (a lot). > > Martin, you will need to check if DNS tests pass in ipa-3-3, I assume there > are > changes required. > > Martin
Patch for ipa-3-3 tests attached. -- Martin^2 Basti
>From ef3dda520faafce4fc9c62cef1597f68630a835c Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Fri, 31 Jan 2014 15:52:35 +0100 Subject: [PATCH] DNS tests for classless reverse domains Ticket: https://fedorahosted.org/freeipa/ticket/4143 Backport for IPA-3-3 Conflicts: ipatests/test_xmlrpc/test_dns_plugin.py ipatests/test_xmlrpc/test_radiusproxy_plugin.py --- ipatests/test_xmlrpc/test_dns_plugin.py | 309 +++++++++++++++++++++++++-- ipatests/test_xmlrpc/test_netgroup_plugin.py | 8 +- ipatests/test_xmlrpc/test_sudorule_plugin.py | 4 +- 3 files changed, 302 insertions(+), 19 deletions(-) diff --git a/ipatests/test_xmlrpc/test_dns_plugin.py b/ipatests/test_xmlrpc/test_dns_plugin.py index 1bfaee71e2e069616c3f2f58ad4d72f541cff694..9a14e3c32296922d680a2dd080b1d085e85b00d7 100644 --- a/ipatests/test_xmlrpc/test_dns_plugin.py +++ b/ipatests/test_xmlrpc/test_dns_plugin.py @@ -57,6 +57,95 @@ dnsrescname_dn = DN(('idnsname',dnsrescname), dnszone1_dn) dnsresdname = u'testdns-dname' dnsresdname_dn = DN(('idnsname',dnsresdname), dnszone1_dn) +zone1 = u'dnszone.test' +zone1_ip = u'172.16.29.111' +zone1_dn = DN(('idnsname',zone1), api.env.container_dns, api.env.basedn) +zone1_ns = u'ns1.%s.' % zone1 +zone1_ns_dn = DN(('idnsname','ns1'), zone1_dn) +zone1_rname = u'root.%s.' % zone1 +zone1_permission = u'Manage DNS zone %s' % zone1 +zone1_permission_dn = DN(('cn',zone1_permission), + api.env.container_permission,api.env.basedn) + +zone1_txtrec_dn = DN(('idnsname', '_kerberos'), zone1_dn) + +zone2 = u'zone2.test' +zone2_dn = DN(('idnsname', zone2), api.env.container_dns, api.env.basedn) +zone2_ns = u'ns1.%s.' % zone2 +zone2_rname = u'root.%s.' % zone2 + +zone3 = u'zone3.test' +zone3_ip = u'192.168.1.1' +zone3_ip2 = u'192.168.1.129' +zone3_dn = DN(('idnsname', zone3), api.env.container_dns, api.env.basedn) +zone3_ns = u'ns1.%s.' % zone3 +zone3_ns2 = u'ns2.%s.' % zone3 +zone3_rname = u'root.%s.' % zone3 + +zone3_ns2_arec = u'ns2' +zone3_ns2_arec_dn = DN(('idnsname',zone3_ns2_arec), zone3_dn) + +revzone1 = u'31.16.172.in-addr.arpa.' +revzone1_ip = u'172.16.31.0' +revzone1_ipprefix = u'172.16.31.' +revzone1_dn = DN(('idnsname', revzone1), api.env.container_dns, api.env.basedn) + +revzone2 = u'30.15.172.in-addr.arpa.' +revzone2_ip = u'172.15.30.0/24' +revzone2_dn = DN(('idnsname',revzone2), api.env.container_dns, api.env.basedn) + +revzone3_classless1 = u'1.168.192.in-addr.arpa.' +revzone3_classless1_ip = u'192.168.1.0' +revzone3_classless1_ipprefix = u'192.168.1.' +revzone3_classless1_dn = DN(('idnsname', revzone3_classless1), api.env.container_dns, api.env.basedn) + +revzone3_classless2 = u'128/25.1.168.192.in-addr.arpa.' +revzone3_classless2_ip = u'192.168.1.128' +revzone3_classless2_ipprefix = u'192.168.1.' +revzone3_classless2_dn = DN(('idnsname', revzone3_classless2), api.env.container_dns, api.env.basedn) + +name1 = u'testdnsres' +name1_dn = DN(('idnsname',name1), zone1_dn) +name1_renamed = u'testdnsres-renamed' + +revname1 = u'80' +revname1_ip = revzone1_ipprefix + revname1 +revname1_dn = DN(('idnsname',revname1), revzone1_dn) + +revname2 = u'81' +revname2_ip = revzone1_ipprefix + revname2 +revname2_dn = DN(('idnsname',revname2), revzone1_dn) + +cname = u'testcnamerec' +cname_dn = DN(('idnsname',cname), zone1_dn) + +dname = u'testdns-dname' +dname_dn = DN(('idnsname',dname), zone1_dn) + +nsrev = u'128/25' +nsrev_dn = DN(('idnsname',nsrev), revzone3_classless1_dn) + +cnamerev = u'129' +cnamerev_dn = DN(('idnsname',cnamerev), revzone3_classless1_dn) +cnamerev_hostname = u'129.128/25.1.168.192.in-addr.arpa.' + +ptr_revzone3 = u'129' +ptr_revzone3_dn = DN(('idnsname',cnamerev), revzone3_classless2_dn) +ptr_revzone3_hostname = zone3_ns2; + +relnxname = u'does-not-exist-test' +absnxname = u'does.not.exist.test.' + +arec1 = u'172.16.29.111' +arec2 = u'172.31.254.222' +arec3 = u'172.16.250.123' + +fwd_ip = u'172.16.31.80' +allowtransfer_tofwd = u'%s;' % fwd_ip + +allowquery_restricted_in = u'!192.0.2/24;any;' +allowquery_restricted_out = u'!192.0.2.0/24;any;' + class test_dns(Declarative): @classmethod @@ -78,7 +167,9 @@ class test_dns(Declarative): pass cleanup_commands = [ - ('dnszone_del', [dnszone1, dnszone2, revdnszone1, revdnszone2], + ('dnszone_del', [dnszone1, dnszone2, revdnszone1, revdnszone2, + zone1, zone2, zone3, revzone1, revzone2, + revzone3_classless1, revzone3_classless2], {'continue': True}), ('dnsconfig_mod', [], {'idnsforwarders' : None, 'idnsforwardpolicy' : None, @@ -123,8 +214,8 @@ class test_dns(Declarative): } ), expected=errors.ValidationError(name='name', - error=u'only letters, numbers, and - are allowed. ' + - u'DNS label may not start or end with -'), + error=u"only letters, numbers, '-' are allowed." + + u" DNS label may not start or end with '-'"), ), @@ -500,8 +591,8 @@ class test_dns(Declarative): desc='Try to create record with invalid name in zone %r' % dnszone1, command=('dnsrecord_add', [dnszone1, u'invalid record'], {'arecord': u'127.0.0.1'}), expected=errors.ValidationError(name='name', - error=u'only letters, numbers, _, and - are allowed. ' + - u'DNS label may not start or end with -'), + error=u"only letters, numbers, '_', '/', '-' are allowed." + + u" DNS label may not start or end with '/', '-'"), ), @@ -676,8 +767,8 @@ class test_dns(Declarative): 'srv_part_port' : 123, 'srv_part_target' : u'foo bar'}), expected=errors.ValidationError(name='srv_target', - error=u'invalid domain-name: only letters, numbers, _, and - ' + - u'are allowed. DNS label may not start or end with -'), + error=u"invalid domain-name: only letters, numbers, '_', '-' are allowed." + + u" DNS label may not start or end with '-'"), ), dict( @@ -779,8 +870,8 @@ class test_dns(Declarative): desc='Try to add invalid CNAME record %r using dnsrecord_add' % (dnsrescname), command=('dnsrecord_add', [dnszone1, dnsrescname], {'cnamerecord': u'-.example.com'}), expected=errors.ValidationError(name='hostname', - error=u'invalid domain-name: only letters, numbers, _, and - ' + - u'are allowed. DNS label may not start or end with -'), + error=u"invalid domain-name: only letters, numbers, '_', '/', '-' are allowed." + + u" DNS label may not start or end with '/', '-'"), ), dict( @@ -848,8 +939,8 @@ class test_dns(Declarative): desc='Try to add invalid DNAME record %r using dnsrecord_add' % (dnsresdname), command=('dnsrecord_add', [dnszone1, dnsresdname], {'dnamerecord': u'-.example.com.'}), expected=errors.ValidationError(name='target', - error=u'invalid domain-name: only letters, numbers, _, and - ' + - u'are allowed. DNS label may not start or end with -'), + error=u"invalid domain-name: only letters, numbers, '_', '/', '-' are allowed." + + u" DNS label may not start or end with '/', '-'"), ), dict( @@ -1131,8 +1222,8 @@ class test_dns(Declarative): desc='Try to add invalid PTR %r to %r using dnsrecord_add' % (dnsrev1, revdnszone1), command=('dnsrecord_add', [revdnszone1, dnsrev1], {'ptrrecord': u'-.example.com' }), expected=errors.ValidationError(name='hostname', - error=u'invalid domain-name: only letters, numbers, and - ' + - u'are allowed. DNS label may not start or end with -'), + error=u"invalid domain-name: only letters, numbers, '-' " + + u"are allowed. DNS label may not start or end with '-'"), ), dict( @@ -1507,4 +1598,196 @@ class test_dns(Declarative): }, ), + dict( + desc='Create zone %r' % zone3, + command=( + 'dnszone_add', [zone3], { + 'idnssoamname': zone3_ns, + 'idnssoarname': zone3_rname, + 'ip_address' : zone3_ip, + } + ), + expected={ + 'value': zone3, + 'summary': None, + 'result': { + 'dn': zone3_dn, + 'idnsname': [zone3], + 'idnszoneactive': [u'TRUE'], + 'idnssoamname': [zone3_ns], + 'nsrecord': [zone3_ns], + 'idnssoarname': [zone3_rname], + 'idnssoaserial': [fuzzy_digits], + 'idnssoarefresh': [fuzzy_digits], + 'idnssoaretry': [fuzzy_digits], + 'idnssoaexpire': [fuzzy_digits], + 'idnssoaminimum': [fuzzy_digits], + 'idnsallowdynupdate': [u'FALSE'], + 'idnsupdatepolicy': [u'grant %(realm)s krb5-self * A; ' + u'grant %(realm)s krb5-self * AAAA; ' + u'grant %(realm)s krb5-self * SSHFP;' + % dict(realm=api.env.realm)], + 'idnsallowtransfer': [u'none;'], + 'idnsallowquery': [u'any;'], + 'objectclass': objectclasses.dnszone, + }, + }, + ), + + dict( + desc='Add A record to %r in zone %r' % (zone3_ns2_arec, zone3), + command=('dnsrecord_add', [zone3, zone3_ns2_arec], {'arecord': zone3_ip2}), + expected={ + 'value': zone3_ns2_arec, + 'summary': None, + 'result': { + 'dn': zone3_ns2_arec_dn, + 'idnsname': [zone3_ns2_arec], + 'arecord': [zone3_ip2], + 'objectclass': objectclasses.dnsrecord, + }, + }, + ), + + dict( + desc='Create reverse zone %r' % revzone3_classless1, + command=( + 'dnszone_add', [revzone3_classless1], { + 'idnssoamname': zone3_ns, + 'idnssoarname': zone3_rname, + } + ), + expected={ + 'value': revzone3_classless1, + 'summary': None, + 'result': { + 'dn': revzone3_classless1_dn, + 'idnsname': [revzone3_classless1], + 'idnszoneactive': [u'TRUE'], + 'idnssoamname': [zone3_ns], + 'nsrecord': [zone3_ns], + 'idnssoarname': [zone3_rname], + 'idnssoaserial': [fuzzy_digits], + 'idnssoarefresh': [fuzzy_digits], + 'idnssoaretry': [fuzzy_digits], + 'idnssoaexpire': [fuzzy_digits], + 'idnssoaminimum': [fuzzy_digits], + 'idnsallowdynupdate': [u'FALSE'], + 'idnsupdatepolicy': [u'grant %(realm)s krb5-subdomain %(zone)s PTR;' + % dict(realm=api.env.realm, zone=revzone3_classless1)], + 'idnsallowtransfer': [u'none;'], + 'idnsallowquery': [u'any;'], + 'objectclass': objectclasses.dnszone, + }, + }, + ), + + dict( + desc='Create classless reverse zone %r' % revzone3_classless2, + command=( + 'dnszone_add', [revzone3_classless2], { + 'idnssoamname': zone3_ns2, + 'idnssoarname': zone3_rname, + } + ), + expected={ + 'value': revzone3_classless2, + 'summary': None, + 'result': { + 'dn': revzone3_classless2_dn, + 'idnsname': [revzone3_classless2], + 'idnszoneactive': [u'TRUE'], + 'idnssoamname': [zone3_ns2], + 'nsrecord': [zone3_ns2], + 'idnssoarname': [zone3_rname], + 'idnssoaserial': [fuzzy_digits], + 'idnssoarefresh': [fuzzy_digits], + 'idnssoaretry': [fuzzy_digits], + 'idnssoaexpire': [fuzzy_digits], + 'idnssoaminimum': [fuzzy_digits], + 'idnsallowdynupdate': [u'FALSE'], + 'idnsupdatepolicy': [u'grant %(realm)s krb5-subdomain %(zone)s PTR;' + % dict(realm=api.env.realm, zone=revzone3_classless2)], + 'idnsallowtransfer': [u'none;'], + 'idnsallowquery': [u'any;'], + 'objectclass': objectclasses.dnszone, + }, + }, + ), + + dict( + desc='Add NS record to %r in revzone %r' % (nsrev, revzone3_classless1), + command=('dnsrecord_add', [revzone3_classless1, nsrev], {'nsrecord': zone3_ns2}), + expected={ + 'value': nsrev, + 'summary': None, + 'result': { + 'dn': nsrev_dn, + 'idnsname': [nsrev], + 'nsrecord': [zone3_ns2], + 'objectclass': objectclasses.dnsrecord, + }, + }, + ), + + dict( + desc='Add CNAME record to %r in revzone %r' % (cnamerev, revzone3_classless1), + command=('dnsrecord_add', [revzone3_classless1, cnamerev], {'cnamerecord': cnamerev_hostname}), + expected={ + 'value': cnamerev, + 'summary': None, + 'result': { + 'dn': cnamerev_dn, + 'idnsname': [cnamerev], + 'cnamerecord': [cnamerev_hostname], + 'objectclass': objectclasses.dnsrecord, + }, + }, + ), + + dict( + desc='Add PTR record to %r in revzone %r' % (ptr_revzone3, revzone3_classless2), + command=('dnsrecord_add', [revzone3_classless2, cnamerev], + {'ptrrecord': ptr_revzone3_hostname}), + expected={ + 'value': ptr_revzone3, + 'summary': None, + 'result': { + 'dn': ptr_revzone3_dn, + 'idnsname': [ptr_revzone3], + 'ptrrecord': [ptr_revzone3_hostname], + 'objectclass': objectclasses.dnsrecord, + }, + }, + ), + + dict( + desc='Try to create zone with invalid name', + command=( + 'dnszone_add', [u'invalid/zone'], { + 'idnssoamname': zone1_ns, + 'idnssoarname': zone1_rname, + 'ip_address' : zone1_ip, + } + ), + expected=errors.ValidationError(name='name', + error=u"only letters, numbers, '-' are allowed." + + u" DNS label may not start or end with '-'"), + ), + + dict( + desc='Try to add NS record %r to non-reverse zone %r using dnsrecord_add' % (nsrev, zone1), + command=('dnsrecord_add', [zone1, nsrev], {'nsrecord': zone3_ns2}), + expected=errors.ValidationError(name='idnsname', + error=u"only letters, numbers, '_', '-' are allowed." + + u" DNS label may not start or end with '-'"), + ), + + dict( + desc='Try to add invalid PTR hostname %r to %r using dnsrecord_add' % (cnamerev_hostname, revzone1), + command=('dnsrecord_add', [revzone1, revname1], {'ptrrecord': cnamerev_hostname }), + expected=errors.ValidationError(name='hostname', + error=u"invalid domain-name: only letters, numbers, '-' are allowed." + + u" DNS label may not start or end with '-'"), + ), ] diff --git a/ipatests/test_xmlrpc/test_netgroup_plugin.py b/ipatests/test_xmlrpc/test_netgroup_plugin.py index 15453bd3cfd45dce9be43cc5003b67a87a7915ac..acfaa1c221d0b2089201ee831a64700fae2505ce 100644 --- a/ipatests/test_xmlrpc/test_netgroup_plugin.py +++ b/ipatests/test_xmlrpc/test_netgroup_plugin.py @@ -385,8 +385,8 @@ class test_netgroup(Declarative): desc='Add invalid host %r to netgroup %r' % (invalidhost, netgroup1), command=('netgroup_add_member', [netgroup1], dict(host=invalidhost)), expected=errors.ValidationError(name='host', - error='only letters, numbers, _, and - are allowed. ' + - u'DNS label may not start or end with -'), + error=u"only letters, numbers, '_', '-' are allowed. " + + u"DNS label may not start or end with '-'"), ), @@ -826,8 +826,8 @@ class test_netgroup(Declarative): dict(setattr='externalhost=%s' % invalidhost) ), expected=errors.ValidationError(name='externalhost', - error='only letters, numbers, _, and - are allowed. ' + - 'DNS label may not start or end with -'), + error=u"only letters, numbers, '_', '-' are allowed. " + + u"DNS label may not start or end with '-'"), ), dict( diff --git a/ipatests/test_xmlrpc/test_sudorule_plugin.py b/ipatests/test_xmlrpc/test_sudorule_plugin.py index ec5d16d62cc38b0d9ef439de96267dda88525fa8..7dc3cb1e458b6f5d145dc315d977e85a1f5b6431 100644 --- a/ipatests/test_xmlrpc/test_sudorule_plugin.py +++ b/ipatests/test_xmlrpc/test_sudorule_plugin.py @@ -496,8 +496,8 @@ class test_sudorule(XMLRPC_test): ) except errors.ValidationError, e: assert unicode(e) == ("invalid 'externalhost': only letters, " + - "numbers, _, and - are allowed. " + - "DNS label may not start or end with -") + "numbers, '_', '-' are allowed. " + + "DNS label may not start or end with '-'") else: assert False -- 1.8.3.1
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel