From 33db82cf2060d0197fef986da3b9d9e14357aebf Mon Sep 17 00:00:00 2001
From: Matthijs Mekking <matthijs@isc.org>
Date: Wed, 14 Jun 2023 15:52:09 +0200
Subject: [PATCH] Remove auto-dnssec checkconf tests

Any checkconf tests related to auto-dnssec can be removed, as this
option will be removed too.
---
 bin/tests/system/checkconf/bad-kasp2.conf     | 24 -------------
 bin/tests/system/checkconf/bad-noddns.conf    |  2 +-
 bin/tests/system/checkconf/dnssec.1           | 27 ---------------
 bin/tests/system/checkconf/dnssec.2           | 34 -------------------
 bin/tests/system/checkconf/dnssec.3           | 18 ----------
 bin/tests/system/checkconf/inline-bad.conf    |  2 +-
 bin/tests/system/checkconf/inline-good.conf   |  2 +-
 bin/tests/system/checkconf/inline-no.conf     |  2 +-
 .../kasp-and-other-dnssec-options.conf        |  1 -
 bin/tests/system/checkconf/tests.sh           | 18 ----------
 10 files changed, 4 insertions(+), 126 deletions(-)
 delete mode 100644 bin/tests/system/checkconf/bad-kasp2.conf
 delete mode 100644 bin/tests/system/checkconf/dnssec.1
 delete mode 100644 bin/tests/system/checkconf/dnssec.2
 delete mode 100644 bin/tests/system/checkconf/dnssec.3

diff --git a/bin/tests/system/checkconf/bad-kasp2.conf b/bin/tests/system/checkconf/bad-kasp2.conf
deleted file mode 100644
index 2e88964dff..0000000000
--- a/bin/tests/system/checkconf/bad-kasp2.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * SPDX-License-Identifier: MPL-2.0
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0.  If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-include "good-kasp.conf";
-
-// Bad zone configuration because this has dnssec-policy and other DNSSEC sign
-// configuration options (auto-dnssec).
-zone "example.net" {
-	type primary;
-	file "example.db";
-	dnssec-policy "test";
-	auto-dnssec maintain;
-	allow-update { any; };
-};
diff --git a/bin/tests/system/checkconf/bad-noddns.conf b/bin/tests/system/checkconf/bad-noddns.conf
index f7859d1937..76435bc6e6 100644
--- a/bin/tests/system/checkconf/bad-noddns.conf
+++ b/bin/tests/system/checkconf/bad-noddns.conf
@@ -14,6 +14,6 @@
 zone example {
 	type primary;
 	file "example.db";
-	auto-dnssec maintain;
+	dnssec-policy default;
 	allow-update { none; };
 };
diff --git a/bin/tests/system/checkconf/dnssec.1 b/bin/tests/system/checkconf/dnssec.1
deleted file mode 100644
index a466ac4071..0000000000
--- a/bin/tests/system/checkconf/dnssec.1
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * SPDX-License-Identifier: MPL-2.0
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-view view1 {
-	match-clients { any; };
-	dnssec-validation yes;
-};
-
-view view2 {
-	match-clients { none; };
-	dnssec-validation auto;
-};
-
-view view3 {
-	match-clients { none; };
-	auto-dnssec maintain;
-};
diff --git a/bin/tests/system/checkconf/dnssec.2 b/bin/tests/system/checkconf/dnssec.2
deleted file mode 100644
index 0f6a8afdd2..0000000000
--- a/bin/tests/system/checkconf/dnssec.2
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * SPDX-License-Identifier: MPL-2.0
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-view view1 {
-	match-clients { any; };
-};
-
-view view2 {
-	match-clients { none; };
-};
-
-view view3 {
-	match-clients { none; };
-	dnssec-validation auto;
-};
-
-view view4 {
-	match-clients { none; };
-};
-
-view view5 {
-	match-clients { none; };
-	auto-dnssec off;
-};
diff --git a/bin/tests/system/checkconf/dnssec.3 b/bin/tests/system/checkconf/dnssec.3
deleted file mode 100644
index 53e5d9158e..0000000000
--- a/bin/tests/system/checkconf/dnssec.3
+++ /dev/null
@@ -1,18 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * SPDX-License-Identifier: MPL-2.0
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-zone "test" {
-	type primary;
-	file "test.db";
-	auto-dnssec maintain;
-};
diff --git a/bin/tests/system/checkconf/inline-bad.conf b/bin/tests/system/checkconf/inline-bad.conf
index 17dcb6bdf3..4662e5a900 100644
--- a/bin/tests/system/checkconf/inline-bad.conf
+++ b/bin/tests/system/checkconf/inline-bad.conf
@@ -17,7 +17,7 @@ primaries "publicSecondaries" {127.0.0.1;};
 zone "example.net" {
 	type secondary;
 	key-directory "/var/lib/bind/example.net";
-	auto-dnssec maintain;
+	dnssec-policy default;
 	inline-signing yes;
 	primaries { stealthPrimaries; };
 	notify explicit;
diff --git a/bin/tests/system/checkconf/inline-good.conf b/bin/tests/system/checkconf/inline-good.conf
index f588bcdd81..88c403c2db 100644
--- a/bin/tests/system/checkconf/inline-good.conf
+++ b/bin/tests/system/checkconf/inline-good.conf
@@ -18,7 +18,7 @@ zone "example.net" {
 	type secondary;
 	file "/var/cache/bind/example.net.db";
 	key-directory "/var/lib/bind/example.net";
-	auto-dnssec maintain;
+	dnssec-policy default;
 	inline-signing yes;
 	primaries { stealthPrimaries; };
 	notify explicit;
diff --git a/bin/tests/system/checkconf/inline-no.conf b/bin/tests/system/checkconf/inline-no.conf
index f6dbc5ac75..af7c14130f 100644
--- a/bin/tests/system/checkconf/inline-no.conf
+++ b/bin/tests/system/checkconf/inline-no.conf
@@ -17,7 +17,7 @@ primaries "publicSecondaries" {127.0.0.1;};
 zone "example.net" {
 	type secondary;
 	key-directory "/var/lib/bind/example.net";
-	auto-dnssec maintain;
+	dnssec-policy default;
 	inline-signing no;
 	primaries { stealthPrimaries; };
 	notify explicit;
diff --git a/bin/tests/system/checkconf/kasp-and-other-dnssec-options.conf b/bin/tests/system/checkconf/kasp-and-other-dnssec-options.conf
index 57dd6adfe0..3b9ad8e51f 100644
--- a/bin/tests/system/checkconf/kasp-and-other-dnssec-options.conf
+++ b/bin/tests/system/checkconf/kasp-and-other-dnssec-options.conf
@@ -17,7 +17,6 @@ zone "nsec3.net" {
 	type primary;
 	file "nsec3.db";
 	dnssec-policy "test";
-	auto-dnssec maintain;
 	dnskey-sig-validity 3600;
 	dnssec-dnskey-kskonly yes;
 	dnssec-update-mode maintain;
diff --git a/bin/tests/system/checkconf/tests.sh b/bin/tests/system/checkconf/tests.sh
index 12243b86ef..0b95d7bff1 100644
--- a/bin/tests/system/checkconf/tests.sh
+++ b/bin/tests/system/checkconf/tests.sh
@@ -142,23 +142,6 @@ warnings=$(grep "'notify' is disabled" < checkconf.out$n | wc -l)
 if [ $ret -ne 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
 
-n=$((n + 1))
-echo_i "checking named-checkconf dnssec warnings ($n)"
-ret=0
-# dnssec.1: auto-dnssec warning
-$CHECKCONF dnssec.1 > checkconf.out$n.1 2>&1 && ret=1
-grep 'auto-dnssec may only be ' < checkconf.out$n.1 > /dev/null || ret=1
-# dnssec.2: should have no warnings (other than deprecation warning)
-$CHECKCONF dnssec.2 > checkconf.out$n.2 2>&1 || ret=1
-grep "option 'auto-dnssec' is deprecated" < checkconf.out$n.2 > /dev/null || ret=1
-lines=$(wc -l < "checkconf.out$n.2")
-if [ $lines != 1 ]; then ret=1; fi
-# dnssec.3: should have specific deprecation warning
-$CHECKCONF dnssec.3 > checkconf.out$n.3 2>&1 && ret=1
-grep "'auto-dnssec' option is deprecated and will be removed in BIND 9\.19" < checkconf.out$n.3 > /dev/null || ret=1
-if [ $ret != 0 ]; then echo_i "failed"; fi
-status=$((status + ret))
-
 n=$((n + 1))
 echo_i "checking named-checkconf deprecate warnings ($n)"
 ret=0
@@ -507,7 +490,6 @@ echo_i "checking named-checkconf kasp errors ($n)"
 ret=0
 $CHECKCONF kasp-and-other-dnssec-options.conf > checkconf.out$n 2>&1 && ret=1
 grep "'inline-signing yes;' must also be configured explicitly for zones using dnssec-policy without a configured 'allow-update' or 'update-policy'" < checkconf.out$n > /dev/null || ret=1
-grep "'auto-dnssec maintain;' cannot be configured if dnssec-policy is also set" < checkconf.out$n > /dev/null || ret=1
 grep "dnskey-sig-validity: cannot be configured if dnssec-policy is also set" < checkconf.out$n > /dev/null || ret=1
 grep "dnssec-dnskey-kskonly: cannot be configured if dnssec-policy is also set" < checkconf.out$n > /dev/null || ret=1
 grep "dnssec-update-mode: cannot be configured if dnssec-policy is also set" < checkconf.out$n > /dev/null || ret=1