2013-04-12 08:20:07 -05:00
|
|
|
# Authors:
|
|
|
|
# Ana Krivokapic <akrivoka@redhat.com>
|
|
|
|
#
|
|
|
|
# Copyright (C) 2013 Red Hat
|
|
|
|
# see file 'COPYING' for use and warranty information
|
|
|
|
#
|
|
|
|
# This program is free software; you can redistribute it and/or modify
|
|
|
|
# it under the terms of the GNU General Public License as published by
|
|
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
|
|
# (at your option) any later version.
|
|
|
|
#
|
|
|
|
# This program is distributed in the hope that it will be useful,
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
#
|
|
|
|
# You should have received a copy of the GNU General Public License
|
|
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
"""
|
|
|
|
Test integration of DNS and realmdomains.
|
|
|
|
1. dnszone_{add,del} should create/delete appropriate entry in realmdomains.
|
|
|
|
2. realmdomains_mod should add a _kerberos TXT record in the DNS zone.
|
|
|
|
"""
|
|
|
|
|
2015-09-11 06:43:28 -05:00
|
|
|
import six
|
|
|
|
|
2013-04-12 08:20:07 -05:00
|
|
|
from ipalib import api, errors
|
2014-09-19 05:38:34 -05:00
|
|
|
from ipalib.util import normalize_zone
|
2013-04-12 08:20:07 -05:00
|
|
|
from ipapython.dn import DN
|
2014-03-28 04:13:14 -05:00
|
|
|
from ipapython.dnsutil import DNSName
|
2013-05-21 06:40:27 -05:00
|
|
|
from ipatests.test_xmlrpc import objectclasses
|
2015-07-31 03:15:01 -05:00
|
|
|
from ipatests.test_xmlrpc.xmlrpc_test import Declarative, fuzzy_digits
|
2015-04-24 07:39:48 -05:00
|
|
|
import pytest
|
2013-04-12 08:20:07 -05:00
|
|
|
|
2015-09-11 06:43:28 -05:00
|
|
|
if six.PY3:
|
|
|
|
unicode = str
|
|
|
|
|
2013-04-12 08:20:07 -05:00
|
|
|
|
|
|
|
cn = u'Realm Domains'
|
|
|
|
dn = DN(('cn', cn), ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn)
|
|
|
|
our_domain = api.env.domain
|
|
|
|
dnszone_1 = u'dnszone.test'
|
2014-03-28 04:13:14 -05:00
|
|
|
dnszone_1_absolute = u'%s.' % dnszone_1
|
|
|
|
dnszone_1_dn = DN(('idnsname', dnszone_1_absolute), api.env.container_dns,
|
2013-04-12 08:20:07 -05:00
|
|
|
api.env.basedn)
|
|
|
|
idnssoamname = u'ns1.%s.' % dnszone_1
|
|
|
|
idnssoarname = u'root.%s.' % dnszone_1
|
|
|
|
dnszone_2 = u'dnszone2.test'
|
2014-03-28 04:13:14 -05:00
|
|
|
dnszone_2_absolute = "%s." % dnszone_2
|
|
|
|
dnszone_2_dn = DN(('idnsname', dnszone_2_absolute), api.env.container_dns,
|
2013-04-12 08:20:07 -05:00
|
|
|
api.env.basedn)
|
|
|
|
|
2014-09-19 05:38:34 -05:00
|
|
|
self_server_ns = normalize_zone(api.env.host)
|
|
|
|
self_server_ns_dnsname = DNSName(self_server_ns)
|
2013-04-12 08:20:07 -05:00
|
|
|
|
|
|
|
def assert_realmdomain_and_txt_record_present(response):
|
|
|
|
zone = response['value']
|
2014-03-28 04:13:14 -05:00
|
|
|
if isinstance(zone, (tuple, list)):
|
|
|
|
zone = zone[0]
|
|
|
|
zone = unicode(zone)
|
|
|
|
if zone.endswith(u'.'):
|
|
|
|
#realmdomains are without end dot
|
|
|
|
zone = zone[:-1]
|
2013-04-12 08:20:07 -05:00
|
|
|
|
|
|
|
r = api.Command['realmdomains_show']()
|
|
|
|
assert zone in r['result']['associateddomain']
|
|
|
|
|
|
|
|
r = api.Command['dnsrecord_show'](zone, u'_kerberos')
|
|
|
|
assert api.env.realm in r['result']['txtrecord']
|
|
|
|
|
|
|
|
return True
|
|
|
|
|
|
|
|
|
|
|
|
def assert_realmdomain_and_txt_record_not_present(response):
|
|
|
|
zone = response['value']
|
2014-03-27 08:04:00 -05:00
|
|
|
if isinstance(zone, (tuple, list)):
|
|
|
|
zone = zone[0]
|
2014-03-28 04:13:14 -05:00
|
|
|
zone = unicode(zone)
|
|
|
|
if zone.endswith(u'.'):
|
|
|
|
#realmdomains are without end dot
|
|
|
|
zone = zone[:-1]
|
2013-04-12 08:20:07 -05:00
|
|
|
|
|
|
|
r = api.Command['realmdomains_show']()
|
|
|
|
assert zone not in r['result']['associateddomain']
|
|
|
|
|
|
|
|
try:
|
|
|
|
api.Command['dnsrecord_show'](zone, u'_kerberos')
|
|
|
|
except errors.NotFound:
|
|
|
|
return True
|
2018-11-09 04:13:38 -06:00
|
|
|
else:
|
|
|
|
return False
|
2013-04-12 08:20:07 -05:00
|
|
|
|
|
|
|
|
2015-04-24 07:39:48 -05:00
|
|
|
@pytest.mark.tier1
|
2013-04-12 08:20:07 -05:00
|
|
|
class test_dns_realmdomains_integration(Declarative):
|
|
|
|
cleanup_commands = [
|
|
|
|
('realmdomains_mod', [], {'associateddomain': [our_domain]}),
|
|
|
|
('dnszone_del', [dnszone_1, dnszone_2], {'continue': True}),
|
|
|
|
]
|
|
|
|
|
|
|
|
tests = [
|
|
|
|
dict(
|
|
|
|
desc='Check realmdomain and TXT record get created '
|
|
|
|
'during dnszone_add',
|
|
|
|
command=(
|
|
|
|
'dnszone_add', [dnszone_1], {
|
|
|
|
'idnssoarname': idnssoarname,
|
|
|
|
}
|
|
|
|
),
|
|
|
|
expected={
|
2014-03-28 04:13:14 -05:00
|
|
|
'value':DNSName(dnszone_1_absolute),
|
2013-04-12 08:20:07 -05:00
|
|
|
'summary': None,
|
|
|
|
'result': {
|
|
|
|
'dn': dnszone_1_dn,
|
2014-03-28 04:13:14 -05:00
|
|
|
'idnsname': [DNSName(dnszone_1_absolute)],
|
2013-04-12 08:20:07 -05:00
|
|
|
'idnszoneactive': [u'TRUE'],
|
2014-09-19 05:38:34 -05:00
|
|
|
'idnssoamname': [self_server_ns_dnsname],
|
|
|
|
'nsrecord': lambda x: True,
|
2014-03-28 04:13:14 -05:00
|
|
|
'idnssoarname': [DNSName(idnssoarname)],
|
2013-04-12 08:20:07 -05:00
|
|
|
'idnssoaserial': [fuzzy_digits],
|
|
|
|
'idnssoarefresh': [fuzzy_digits],
|
|
|
|
'idnssoaretry': [fuzzy_digits],
|
|
|
|
'idnssoaexpire': [fuzzy_digits],
|
|
|
|
'idnssoaminimum': [fuzzy_digits],
|
|
|
|
'idnsallowdynupdate': [u'FALSE'],
|
|
|
|
'idnsupdatepolicy': [u'grant %(realm)s krb5-self * A; '
|
|
|
|
u'grant %(realm)s krb5-self * AAAA; '
|
|
|
|
u'grant %(realm)s krb5-self * SSHFP;'
|
|
|
|
% dict(realm=api.env.realm)],
|
|
|
|
'idnsallowtransfer': [u'none;'],
|
|
|
|
'idnsallowquery': [u'any;'],
|
|
|
|
'objectclass': objectclasses.dnszone,
|
|
|
|
},
|
2021-07-22 11:21:01 -05:00
|
|
|
'messages': ({
|
|
|
|
'code': 13004,
|
|
|
|
'data': {'additional_info': 'Value will be ignored.',
|
|
|
|
'option': 'idnssoaserial'},
|
|
|
|
'message': "'idnssoaserial' option is deprecated. "
|
|
|
|
"Value will be ignored.",
|
|
|
|
'name': 'OptionDeprecatedWarning',
|
|
|
|
'type': 'warning'},),
|
2013-04-12 08:20:07 -05:00
|
|
|
},
|
|
|
|
extra_check=assert_realmdomain_and_txt_record_present,
|
|
|
|
),
|
|
|
|
|
|
|
|
dict(
|
2016-06-27 04:46:09 -05:00
|
|
|
desc='Check realmdomain and TXT record gets created '
|
|
|
|
'during dnszone_add for master zone with a forwarder',
|
2013-04-12 08:20:07 -05:00
|
|
|
command=(
|
|
|
|
'dnszone_add', [dnszone_2], {
|
|
|
|
'idnssoarname': idnssoarname,
|
2016-06-27 04:46:09 -05:00
|
|
|
'idnsforwarders': u'198.18.19.20',
|
2013-04-12 08:20:07 -05:00
|
|
|
'idnsforwardpolicy': u'only',
|
|
|
|
}
|
|
|
|
),
|
|
|
|
expected={
|
2014-03-28 04:13:14 -05:00
|
|
|
'value': DNSName(dnszone_2_absolute),
|
2013-04-12 08:20:07 -05:00
|
|
|
'summary': None,
|
2021-07-22 11:21:01 -05:00
|
|
|
'messages': (
|
|
|
|
{
|
|
|
|
'code': 13004,
|
|
|
|
'data': {'additional_info': 'Value will be ignored.',
|
|
|
|
'option': 'idnssoaserial'},
|
|
|
|
'message': "'idnssoaserial' option is deprecated. "
|
|
|
|
"Value will be ignored.",
|
|
|
|
'name': 'OptionDeprecatedWarning',
|
|
|
|
'type': 'warning'
|
|
|
|
},
|
|
|
|
{
|
|
|
|
u'message': u'DNS forwarder semantics changed since '
|
|
|
|
u'IPA 4.0.\nYou may want to use forward zones '
|
|
|
|
u'(dnsforwardzone-*) instead.\nFor more details read '
|
|
|
|
u'the docs.',
|
|
|
|
u'code': 13002,
|
|
|
|
u'type': u'warning',
|
|
|
|
u'name': u'ForwardersWarning',
|
|
|
|
u'data': {}
|
|
|
|
},),
|
2013-04-12 08:20:07 -05:00
|
|
|
'result': {
|
|
|
|
'dn': dnszone_2_dn,
|
2014-03-28 04:13:14 -05:00
|
|
|
'idnsname': [DNSName(dnszone_2_absolute)],
|
2013-04-12 08:20:07 -05:00
|
|
|
'idnszoneactive': [u'TRUE'],
|
2014-09-19 05:38:34 -05:00
|
|
|
'idnssoamname': [self_server_ns_dnsname],
|
2016-06-27 04:46:09 -05:00
|
|
|
'idnsforwarders': [u'198.18.19.20'],
|
2013-04-12 08:20:07 -05:00
|
|
|
'idnsforwardpolicy': [u'only'],
|
2014-09-19 05:38:34 -05:00
|
|
|
'nsrecord': lambda x: True,
|
2014-03-28 04:13:14 -05:00
|
|
|
'idnssoarname': [DNSName(idnssoarname)],
|
2013-04-12 08:20:07 -05:00
|
|
|
'idnssoaserial': [fuzzy_digits],
|
|
|
|
'idnssoarefresh': [fuzzy_digits],
|
|
|
|
'idnssoaretry': [fuzzy_digits],
|
|
|
|
'idnssoaexpire': [fuzzy_digits],
|
|
|
|
'idnssoaminimum': [fuzzy_digits],
|
|
|
|
'idnsallowdynupdate': [u'FALSE'],
|
|
|
|
'idnsupdatepolicy': [u'grant %(realm)s krb5-self * A; '
|
|
|
|
u'grant %(realm)s krb5-self * AAAA; '
|
|
|
|
u'grant %(realm)s krb5-self * SSHFP;'
|
|
|
|
% dict(realm=api.env.realm)],
|
|
|
|
'idnsallowtransfer': [u'none;'],
|
|
|
|
'idnsallowquery': [u'any;'],
|
|
|
|
'objectclass': objectclasses.dnszone,
|
|
|
|
|
|
|
|
},
|
|
|
|
},
|
2016-06-27 04:46:09 -05:00
|
|
|
extra_check=assert_realmdomain_and_txt_record_present,
|
2013-04-12 08:20:07 -05:00
|
|
|
),
|
|
|
|
|
|
|
|
dict(
|
|
|
|
desc='Check realmdomain and TXT record get deleted '
|
|
|
|
'during dnszone_del',
|
|
|
|
command=('dnszone_del', [dnszone_1], {}),
|
|
|
|
expected={
|
2014-03-28 04:13:14 -05:00
|
|
|
'value': [DNSName(dnszone_1_absolute)],
|
|
|
|
'summary': u'Deleted DNS zone "%s"' % dnszone_1_absolute,
|
2014-03-27 08:04:00 -05:00
|
|
|
'result': {'failed': []},
|
2013-04-12 08:20:07 -05:00
|
|
|
},
|
|
|
|
extra_check=assert_realmdomain_and_txt_record_not_present,
|
|
|
|
),
|
|
|
|
]
|