4 files changed, 154 insertions, 1 deletions

diff --git a/designateclient/functionaltests/client.py b/designateclient/functionaltests/client.py
index c439edb..1f0fc03 100644
--- a/designateclient/functionaltests/client.py
+++ b/designateclient/functionaltests/client.py
@@ -273,8 +273,44 @@ class TLDCommands(object):
         return self.parsed_cmd(cmd, FieldValueModel, *args, **kwargs)
 
 
-class BlacklistCommands(object):
+class TSIGKeyCommands(object):
+    def tsigkey_list(self, *args, **kwargs):
+        return self.parsed_cmd('tsigkey list', ListModel, *args, **kwargs)
+
+    def tsigkey_show(self, id, *args, **kwargs):
+        return self.parsed_cmd('tsigkey show {0}'.format(id), FieldValueModel,
+                               *args, **kwargs)
+
+    def tsigkey_delete(self, id, *args, **kwargs):
+        return self.parsed_cmd('tsigkey delete {0}'.format(id), *args,
+                               **kwargs)
 
+    def tsigkey_create(self, name, algorithm, secret, scope, resource_id,
+                       *args, **kwargs):
+        options_str = build_option_string({
+            '--name': name,
+            '--algorithm': algorithm,
+            '--secret': secret,
+            '--scope': scope,
+            '--resource-id': resource_id,
+        })
+        cmd = 'tsigkey create {0}'.format(options_str)
+        return self.parsed_cmd(cmd, FieldValueModel, *args, **kwargs)
+
+    def tsigkey_set(self, id, name=None, algorithm=None, secret=None,
+                    scope=None,
+                    *args, **kwargs):
+        options_str = build_option_string({
+            '--name': name,
+            '--algorithm': algorithm,
+            '--secret': secret,
+            '--scope': scope,
+        })
+        cmd = 'tsigkey set {0} {1}'.format(id, options_str)
+        return self.parsed_cmd(cmd, FieldValueModel, *args, **kwargs)
+
+
+class BlacklistCommands(object):
     def zone_blacklist_list(self, *args, **kwargs):
         cmd = 'zone blacklist list'
         return self.parsed_cmd(cmd, ListModel, *args, **kwargs)
diff --git a/designateclient/functionaltests/datagen.py b/designateclient/functionaltests/datagen.py
index 91f72ba..aaa555f 100644
--- a/designateclient/functionaltests/datagen.py
+++ b/designateclient/functionaltests/datagen.py
@@ -25,6 +25,14 @@ def random_tld(name='testtld'):
     return "{0}{1}".format(name, random_digits())
 
 
+def random_tsigkey_name(name='testtsig'):
+    return "{0}{1}".format(name, random_digits())
+
+
+def random_tsigkey_secret(name='test-secret'):
+    return "{0}-{1}".format(name, random_digits(254 - len(name)))
+
+
 def random_zone_name(name='testdomain', tld='com'):
     return "{0}{1}.{2}.".format(name, random_digits(), tld)
 
diff --git a/designateclient/functionaltests/v2/fixtures.py b/designateclient/functionaltests/v2/fixtures.py
index 67ca404..8e2ff95 100644
--- a/designateclient/functionaltests/v2/fixtures.py
+++ b/designateclient/functionaltests/v2/fixtures.py
@@ -193,6 +193,25 @@ class TLDFixture(BaseFixture):
             pass
 
 
+class TSIGKeyFixture(BaseFixture):
+    """See DesignateCLI.tsigkey_create for __init__ args"""
+
+    def __init__(self, user='admin', *args, **kwargs):
+        super(TSIGKeyFixture, self).__init__(user=user, *args, **kwargs)
+
+    def _setUp(self):
+        super(TSIGKeyFixture, self)._setUp()
+        self.tsigkey = self.client.tsigkey_create(*self.args, **self.kwargs)
+        self.addCleanup(self.cleanup_tsigkey(self.client, self.tsigkey.id))
+
+    @classmethod
+    def cleanup_tsigkey(cls, client, tsigkey_id):
+        try:
+            client.tsigkey_delete(tsigkey_id)
+        except CommandFailed:
+            pass
+
+
 class BlacklistFixture(BaseFixture):
     """See DesignateCLI.zone_blacklist_create for __init__ args"""
 
diff --git a/designateclient/functionaltests/v2/test_tsigkeys.py b/designateclient/functionaltests/v2/test_tsigkeys.py
new file mode 100644
index 0000000..7ed4d75
--- /dev/null
+++ b/designateclient/functionaltests/v2/test_tsigkeys.py
@@ -0,0 +1,90 @@
+"""
+Copyright 2017 SAP SE
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+"""
+from tempest.lib.exceptions import CommandFailed
+
+from designateclient.functionaltests.base import BaseDesignateTest
+from designateclient.functionaltests.datagen import random_tsigkey_name
+from designateclient.functionaltests.datagen import random_tsigkey_secret
+from designateclient.functionaltests.datagen import random_zone_name
+from designateclient.functionaltests.v2.fixtures import TSIGKeyFixture
+from designateclient.functionaltests.v2.fixtures import ZoneFixture
+
+
+class TestTSIGKey(BaseDesignateTest):
+    def setUp(self):
+        super(TestTSIGKey, self).setUp()
+        self.ensure_tsigkey_exists('com')
+        self.zone = self.useFixture(ZoneFixture(
+            name=random_zone_name(),
+            email='test@example.com',
+        )).zone
+        tsig_name = random_tsigkey_name()
+        tsig_algorithm = "hmac-sha256"
+        tsig_secret = random_tsigkey_secret()
+        tsig_scope = 'ZONE'
+        self.tsig = self.useFixture(TSIGKeyFixture(
+            name=tsig_name,
+            algorithm=tsig_algorithm,
+            secret=tsig_secret,
+            scope=tsig_scope,
+            resource_id=self.zone.id
+        )).tsig
+
+        self.assertEqual(self.tsig.name, tsig_name)
+        self.assertEqual(self.tsig.algorithm, tsig_algorithm)
+        self.assertEqual(self.tsig.secret, tsig_secret)
+        self.assertEqual(self.tsig.scope, tsig_scope)
+        self.assertEqual(self.tsig.resource_id, self.zone.id)
+
+    def test_tsigkey_list(self):
+        tsigkeys = self.clients.as_user('admin').tsigkey_list()
+        self.assertGreater(len(tsigkeys), 0)
+
+    def test_tsigkey_create_and_show(self):
+        tsigkey = self.clients.as_user('admin').tsigkey_show(self.tsigkey.id)
+        self.assertEqual(tsigkey.name, self.tsigkey.name)
+        self.assertEqual(tsigkey.created_at, self.tsigkey.created_at)
+        self.assertEqual(tsigkey.id, self.tsigkey.id)
+        self.assertEqual(self.tsig.algorithm, self.tsig_algorithm)
+        self.assertEqual(self.tsig.secret, self.tsig_secret)
+        self.assertEqual(self.tsig.scope, self.tsig_scope)
+        self.assertEqual(self.tsig.resource_id, self.zone.id)
+        self.assertEqual(tsigkey.updated_at, self.tsigkey.updated_at)
+
+    def test_tsigkey_delete(self):
+        client = self.clients.as_user('admin')
+        client.tsigkey_delete(self.tsigkey.id)
+        self.assertRaises(CommandFailed, client.tsigkey_show, self.tsigkey.id)
+
+    def test_tsigkey_set(self):
+        client = self.clients.as_user('admin')
+        updated_name = random_tsigkey_name('updated')
+        tsigkey = client.tsigkey_set(self.tsigkey.id, name=updated_name,
+                                     secret='An updated tsigsecret')
+        self.assertEqual(tsigkey.secret, 'An updated tsigsecret')
+        self.assertEqual(tsigkey.name, updated_name)
+
+
+class TestTSIGKeyNegative(BaseDesignateTest):
+    def test_tsigkey_invalid_commmand(self):
+        client = self.clients.as_user('admin')
+        self.assertRaises(CommandFailed, client.openstack,
+                          'tsigkey notacommand')
+
+    def test_tsigkey_create_invalid_flag(self):
+        client = self.clients.as_user('admin')
+        self.assertRaises(CommandFailed, client.openstack,
+                          'tsigkey create --notanoption "junk"')