devstack exercise for deletion, dns checking

This adds record and domain deletion to the designate.sh devstack
exercise.  This also adds DNS checking for the domain/record operations,
to verify that the changes were made in DNS.  Some functions in
designate.sh were moved to lib/designate and refactored slightly.
This also removes some IPA variables that were refactored into a
backend specific file, and fixes a bug in the ipa backend file.

Closes-Bug: #1326141
Change-Id: Ibb86b0b237b3d73a145733bc88dbc18dddbc20f5

contrib/devstack/exercises/designate.sh

@@ -28,7 +28,7 @@ TOP_DIR=$(cd $EXERCISE_DIR/..; pwd)
 source $TOP_DIR/functions
 
 # Import configuration
-source $TOP_DIR/openrc
+source $TOP_DIR/openrc admin admin
 
 # Import exercise configuration
 source $TOP_DIR/exerciserc
@@ -36,22 +36,13 @@ source $TOP_DIR/exerciserc
 # Skip if designate is not enabled
 is_service_enabled designate || exit 55
 
-# Various functions
+# Import designate library
-# -----------------
+source $TOP_DIR/lib/designate
-function get_domain_id {
-    local DOMAIN_NAME=$1
-    local DOMAIN_ID=$(designate domain-list | egrep " $DOMAIN_NAME " | get_field 1)
-    die_if_not_set $LINENO DOMAIN_ID "Failure retrieving DOMAIN_ID"
-    echo "$DOMAIN_ID"
-}
 
-function get_record_id {
+# stack.sh should have added a server
-    local DOMAIN_ID=$1
+#designate server-create --name $DESIGNATE_TEST_NSREC
-    local RECORD_NAME=$2
+
-    local RECORD_ID=$(designate record-list $DOMAIN_ID | egrep " $RECORD_NAME " | get_field 1)
+designate server-list
-    die_if_not_set $LINENO RECORD_ID "Failure retrieving RECORD_ID"
-    echo "$RECORD_ID"
-}
 
 # Testing Domains
 # ===============
@@ -64,7 +55,11 @@ DOMAIN_NAME="exercise-$(openssl rand -hex 4).com."
 
 # Create the domain
 designate domain-create --name $DOMAIN_NAME --email devstack@example.org
-DOMAIN_ID=$(get_domain_id $DOMAIN_NAME)
+# should have SOA and NS records
+verify_name_type_dns $DOMAIN_NAME SOA $DESIGNATE_TEST_NSREC
+verify_name_type_dns $DOMAIN_NAME NS $DESIGNATE_TEST_NSREC
+
+DOMAIN_ID=$(get_domain_id $DOMAIN_NAME 1)
 
 # Fetch the domain
 designate domain-get $DOMAIN_ID
@@ -77,11 +72,29 @@ RECORD_NAME="$(openssl rand -hex 4).${DOMAIN_NAME}"
 
 # Create the record
 designate record-create $DOMAIN_ID --name $RECORD_NAME --type A --data 127.0.0.1
-RECORD_ID=$(get_record_id $DOMAIN_ID $RECORD_NAME)
+# should have A record
+verify_name_type_dns $RECORD_NAME A 127.0.0.1
+
+RECORD_ID=$(get_record_id $DOMAIN_ID $RECORD_NAME 1)
 
 # Fetch the record
 designate record-get $DOMAIN_ID $RECORD_ID
 
+# Delete the record
+designate record-delete $DOMAIN_ID $RECORD_ID
+# Fetch the record - should be gone
+designate record-get $DOMAIN_ID $RECORD_ID || echo "good - record was removed"
+# verify not in DNS anymore
+verify_name_type_dns $RECORD_NAME A 127.0.0.1 1
+
+# Delete the domain
+designate domain-delete $DOMAIN_ID
+# Fetch the domain - should be gone
+designate domain-get $DOMAIN_ID || echo "good - domain was removed"
+# should not have SOA and NS records
+verify_name_type_dns $DOMAIN_NAME SOA $DESIGNATE_TEST_NSREC 1
+verify_name_type_dns $DOMAIN_NAME NS $DESIGNATE_TEST_NSREC 1
+
 set +o xtrace
 echo "*********************************************************************"
 echo "SUCCESS: End DevStack Exercise: $0"

contrib/devstack/lib/designate

@@ -48,6 +48,7 @@ DESIGNATE_SERVICE_HOST=${DESIGNATE_SERVICE_HOST:-$SERVICE_HOST}
 DESIGNATE_SERVICE_PORT=${DESIGNATE_SERVICE_PORT:-9001}
 DESIGNATE_SERVICE_PORT_INT=${DESIGNATE_SERVICE_PORT_INT:-19001}
 DESIGNATE_SERVICE_PROTOCOL=${DESIGNATE_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
+DESIGNATE_TEST_NSREC=${DESIGNATE_TEST_NSREC:-ns1.devstack.org.}
 
 # Get backend configuration
 # ----------------------------
@@ -56,9 +57,63 @@ if is_service_enabled designate && [[ -r $DESIGNATE_PLUGINS/backend-$DESIGNATE_B
     source $DESIGNATE_PLUGINS/backend-$DESIGNATE_BACKEND_DRIVER
 fi
 
+# used with dig to look up in DNS
+DESIGNATE_DIG_HOST="@127.0.0.1"
+DESIGNATE_DIG_FLAGS="+short"
+
 # Functions
 # ---------
 
+# lookup the given name and type in DNS
+# if it does not match the expected value, give an error
+# if $4 is given, reverse the test - assert the value is not present
+function verify_name_type_dns {
+    if [ "$DESIGNATE_BACKEND_DRIVER" = "fake" ] ; then
+        # if the backend is fake, there will be no actual DNS records
+        return 0
+    fi
+    # give DNS changes time to show up
+    sleep 1
+    # for debugging
+    dig $DESIGNATE_DIG_FLAGS $DESIGNATE_DIG_HOST "$1" "$2"
+    if [ -n "$4" ] ; then
+        if dig $DESIGNATE_DIG_FLAGS $DESIGNATE_DIG_HOST "$1" "$2"|grep "$3"; then
+            die $LINENO "Error: record $3 found in DNS, should have been removed"
+        fi
+        return 0
+    else
+        if dig $DESIGNATE_DIG_FLAGS $DESIGNATE_DIG_HOST "$1" "$2"|grep "$3"; then
+            return 0
+        fi
+        die $LINENO "Error: record $3 not found in DNS"
+    fi
+}
+
+# get the domain id (uuid) given the domain name
+# if REQUIRED is set, die with an error if name not found
+function get_domain_id {
+    local DOMAIN_NAME=$1
+    local REQUIRED=$2
+    local DOMAIN_ID=$(designate domain-list | egrep " $DOMAIN_NAME " | get_field 1)
+    if [ "$REQUIRED" = "1" ] ; then
+        die_if_not_set $LINENO DOMAIN_ID "Failure retrieving DOMAIN_ID"
+    fi
+    echo "$DOMAIN_ID"
+}
+
+# get the record id (uuid) given the record name and domain id
+# if REQUIRED is set, die with an error if name not found
+function get_record_id {
+    local DOMAIN_ID=$1
+    local RECORD_NAME=$2
+    local REQUIRED=$3
+    local RECORD_ID=$(designate record-list $DOMAIN_ID | egrep " $RECORD_NAME " | get_field 1)
+    if [ "$REQUIRED" = "1" ] ; then
+        die_if_not_set $LINENO RECORD_ID "Failure retrieving RECORD_ID"
+    fi
+    echo "$RECORD_ID"
+}
+
 # cleanup_designate() - Remove residual data files, anything left over from previous
 # runs that a clean run would need to clean up
 function cleanup_designate() {
@@ -171,9 +226,25 @@ function create_designate_accounts() {
     fi
 }
 
+# get the domain_name given the id
+function get_domain_name() {
+    designate domain-list | grep "$1" | get_field 2
+}
+
+# if the given domain does not exist, it will be created
+# the domain_id of the domain will be returned
+function get_or_create_domain_id() {
+    domainid=$(get_domain_id "$1")
+    if [[ -z "$domainid" ]]; then
+        designate domain-create --name $1 --email admin@devstack.org --ttl 86400 --description "domain $1" 1>&2
+        domainid=$(designate domain-list | grep "$1" | get_field 1)
+    fi
+    echo $domainid
+}
+
 function create_designate_initial_resources() {
     #ADMIN_TENANT_ID=$(keystone tenant-list | grep " admin " | get_field 1)
-    designate server-create --name ns1.devstack.org.
+    designate server-create --name $DESIGNATE_TEST_NSREC
 }
 
 # init_designate() - Initialize etc.

contrib/devstack/lib/designate_plugins/backend-ipa

@@ -47,9 +47,9 @@ function configure_designate_backend {
     if [[ $rc = 1 ]]; then
         die $LINENO "Error with IPA configuration"
     fi
-    iniset $DESIGNATE_CONF backend:ipa DESIGNATE_IPA_HOST $DESIGNATE_IPA_HOST
+    iniset $DESIGNATE_CONF backend:ipa ipa_host $DESIGNATE_IPA_HOST
-    iniset $DESIGNATE_CONF backend:ipa DESIGNATE_IPA_CA_CERT $DESIGNATE_IPA_CA_CERT
+    iniset $DESIGNATE_CONF backend:ipa ipa_ca_cert $DESIGNATE_IPA_CA_CERT
-    iniset $DESIGNATE_CONF backend:ipa DESIGNATE_IPA_CLIENT_KEYTAB $DESIGNATE_IPA_CLIENT_KEYTAB
+    iniset $DESIGNATE_CONF backend:ipa ipa_client_keytab $DESIGNATE_IPA_CLIENT_KEYTAB
     # devstack tests use dummy NS records, so tell IPA to allow this
     iniset $DESIGNATE_CONF backend:ipa ipa_force_ns_use True
 }