Test DNS: TLSA record

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2025-02-25 18:55:28 -06:00 · 2014-07-04 16:28:17 +02:00 · 2014-07-04 16:28:17 +02:00 · 2203abfca8
commit 2203abfca8
parent c48cee99a2
1 changed files with 66 additions and 0 deletions
--- a/ipatests/test_xmlrpc/test_dns_plugin.py
+++ b/ipatests/test_xmlrpc/test_dns_plugin.py
@ -139,6 +139,15 @@ dlv_dn = DN(('idnsname', dlv), zone1_dn)

 dlvrec = u'60485 5 1 2BB183AF5F22588179A53B0A98631FAD1A292118'

+tlsa = u'tlsa'
+tlsa_dnsname = DNSName(tlsa)
+tlsa_dn = DN(('idnsname', tlsa), zone1_dn)
+
+tlsarec_err1 = u'300 0 1 d2abde240d7cd3ee6b4b28c54df034b97983a1d16e8a410e4561cb106618e971'
+tlsarec_err2 = u'0 300 1 d2abde240d7cd3ee6b4b28c54df034b97983a1d16e8a410e4561cb106618e971'
+tlsarec_err3 = u'0 0 300 d2abde240d7cd3ee6b4b28c54df034b97983a1d16e8a410e4561cb106618e971'
+tlsarec_ok = u'0 0 1 d2abde240d7cd3ee6b4b28c54df034b97983a1d16e8a410e4561cb106618e971'
+
 wildcard_rec1 = u'*.test'
 wildcard_rec1_dnsname = DNSName(wildcard_rec1)
 wildcard_rec1_dn = DN(('idnsname',wildcard_rec1), zone1_dn)
@ -1277,6 +1286,63 @@ class test_dns(Declarative):
        ),


+        dict(
+            desc='Try to add invalid TLSA record to %r using dnsrecord_add (1)' % (tlsa),
+            command=('dnsrecord_add', [zone1, tlsa], {'tlsarecord': tlsarec_err1}),
+            expected=errors.ValidationError(
+                name="cert_usage",
+                error=u'can be at most 255'
+            ),
+        ),
+
+
+        dict(
+            desc='Try to add invalid TLSA record to %r using dnsrecord_add (2)' % (tlsa),
+            command=('dnsrecord_add', [zone1, tlsa], {'tlsarecord': tlsarec_err2}),
+            expected=errors.ValidationError(
+                name="selector",
+                error=u'can be at most 255'
+            ),
+        ),
+
+
+        dict(
+            desc='Try to add invalid TLSA record to %r using dnsrecord_add (3)' % (tlsa),
+            command=('dnsrecord_add', [zone1, tlsa], {'tlsarecord': tlsarec_err3}),
+            expected=errors.ValidationError(
+                name="matching_type",
+                error=u'can be at most 255'
+            ),
+        ),
+
+
+        dict(
+            desc='Add TLSA record to %r using dnsrecord_add' % (tlsa),
+            command=('dnsrecord_add', [zone1, tlsa], {'tlsarecord': tlsarec_ok}),
+            expected={
+                'value': tlsa_dnsname,
+                'summary': None,
+                'result': {
+                    'objectclass': objectclasses.dnsrecord,
+                    'dn': tlsa_dn,
+                    'idnsname': [tlsa_dnsname],
+                    'tlsarecord': [tlsarec_ok],
+                },
+            },
+        ),
+
+
+        dict(
+            desc='Delete record %r in zone %r' % (tlsa, zone1),
+            command=('dnsrecord_del', [zone1, tlsa], {'del_all': True}),
+            expected={
+                'value': [tlsa_dnsname],
+                'summary': u'Deleted record "%s"' % tlsa,
+                'result': {'failed': []},
+            },
+        ),
+
+
        dict(
            desc='Try to create a reverse zone from invalid IP',
            command=(