From 155126b524f990facf767171f94d3733663602f8 Mon Sep 17 00:00:00 2001
From: Martin Basti <mbasti@redhat.com>
Date: Sep 05 2014 10:11:39 +0000
Subject: Tests: DNS dsrecord validation


Part of: https://fedorahosted.org/freeipa/ticket/3801

Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Martin Kosek <mkosek@redhat.com>

---

diff --git a/ipatests/test_xmlrpc/test_dns_plugin.py b/ipatests/test_xmlrpc/test_dns_plugin.py
index 1cfbbdb..ea67f77 100644
--- a/ipatests/test_xmlrpc/test_dns_plugin.py
+++ b/ipatests/test_xmlrpc/test_dns_plugin.py
@@ -147,6 +147,12 @@ dlv_dn = DN(('idnsname', dlv), zone1_dn)
 
 dlvrec = u'60485 5 1 2BB183AF5F22588179A53B0A98631FAD1A292118'
 
+ds = u'ds'
+ds_dnsname = DNSName(ds)
+ds_dn = DN(('idnsname', ds), zone1_dn)
+
+ds_rec = u'0 0 0 00'
+
 tlsa = u'tlsa'
 tlsa_dnsname = DNSName(tlsa)
 tlsa_dn = DN(('idnsname', tlsa), zone1_dn)
@@ -1321,6 +1327,83 @@ class test_dns(Declarative):
 
 
         dict(
+            desc='Try to add DS record to zone %r apex, using dnsrecord_add' % (zone1),
+            command=('dnsrecord_add', [zone1, zone1_absolute], {'dsrecord': ds_rec}),
+            expected=errors.ValidationError(
+                name="dsrecord",
+                error=u'DS record must not be in zone apex (RFC 4035 section 2.4)'
+            ),
+        ),
+
+
+        dict(
+            desc='Try to add DS record %r without NS record in RRset, using dnsrecord_add' % (ds),
+            command=('dnsrecord_add', [zone1, ds], {'dsrecord': ds_rec}),
+            expected=errors.ValidationError(
+                name="dsrecord",
+                error=u'DS record requires to coexist with an NS record (RFC 4592 section 4.6, RFC 4035 section 2.4)'
+            ),
+        ),
+
+
+        dict(
+            desc='Add NS record to %r using dnsrecord_add' % (ds),
+            command=('dnsrecord_add', [zone1, ds],
+                     {'nsrecord': zone1_ns}),
+            expected={
+                'value': ds_dnsname,
+                'summary': None,
+                'result': {
+                    'objectclass': objectclasses.dnsrecord,
+                    'dn': ds_dn,
+                    'idnsname': [ds_dnsname],
+                    'nsrecord': [zone1_ns],
+                },
+            },
+        ),
+
+
+        dict(
+            desc='Add DS record to %r using dnsrecord_add' % (ds),
+            command=('dnsrecord_add', [zone1, ds],
+                     {'dsrecord': ds_rec}),
+            expected={
+                'value': ds_dnsname,
+                'summary': None,
+                'result': {
+                    'objectclass': objectclasses.dnsrecord,
+                    'dn': ds_dn,
+                    'idnsname': [ds_dnsname],
+                    'nsrecord': [zone1_ns],
+                    'dsrecord': [ds_rec],
+                },
+            },
+        ),
+
+
+        dict(
+            desc='Try to delete NS record (with DS record) %r using dnsrecord_del' % (ds),
+            command=('dnsrecord_del', [zone1, ds],
+                     {'nsrecord': zone1_ns}),
+            expected=errors.ValidationError(
+                name="dsrecord",
+                error=u'DS record requires to coexist with an NS record (RFC 4592 section 4.6, RFC 4035 section 2.4)'
+            ),
+        ),
+
+
+        dict(
+            desc='Delete NS+DS record %r in zone %r' % (ds, zone1),
+            command=('dnsrecord_del', [zone1, ds], {'nsrecord': zone1_ns, 'dsrecord': ds_rec}),
+            expected={
+                'value': [ds_dnsname],
+                'summary': u'Deleted record "%s"' % ds,
+                'result': {'failed': []},
+            },
+        ),
+
+
+        dict(
             desc='Delete record %r in zone %r' % (dlv, zone1),
             command=('dnsrecord_del', [zone1, dlv], {'del_all': True}),
             expected={