Use jinja2 templates in kasp test

- ns3 had fips/rsasha1 config variants. These were refactored similarly
  to the way they're handled in nsec3 test.
- ns3 special character zone contains @, which is interpreted by jinja2.
  To avoid, {% raw %} directive was added
- ns6 contained unused policies and named2.conf, these were removed

(cherry picked from commit bf694d0628)

bin/tests/system/kasp/ns3/named-common.conf.j2

@@ -11,40 +11,32 @@
  * information regarding copyright ownership.
  */
 
-// NS6
-
-include "policies/kasp.conf";
-include "policies/csk2.conf";
+// NS3
 
 options {
-	query-source address 10.53.0.6;
-	notify-source 10.53.0.6;
-	transfer-source 10.53.0.6;
+	query-source address 10.53.0.3;
+	notify-source 10.53.0.3;
+	transfer-source 10.53.0.3;
 	port @PORT@;
 	pid-file "named.pid";
-	listen-on { 10.53.0.6; };
+	listen-on { 10.53.0.3; };
 	listen-on-v6 { none; };
 	allow-transfer { any; };
 	recursion no;
+	dnssec-policy "rsasha256";
 	dnssec-validation no;
 };
 
 key rndc_key {
-	secret "1234abcd8765";
-	algorithm @DEFAULT_HMAC@;
+        secret "1234abcd8765";
+        algorithm @DEFAULT_HMAC@;
 };
 
 controls {
-	inet 10.53.0.6 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+        inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
 };
 
 zone "." {
 	type hint;
 	file "../../_common/root.hint.blackhole";
 };
-
-zone example {
-	type primary;
-	file "example.db";
-	dnssec-policy modified;
-};

bin/tests/system/kasp/ns3/named-fips.conf.j2

@@ -11,39 +11,6 @@
  * information regarding copyright ownership.
  */
 
-// NS3
-
-include "policies/kasp.conf";
-include "policies/autosign.conf";
-
-options {
-	query-source address 10.53.0.3;
-	notify-source 10.53.0.3;
-	transfer-source 10.53.0.3;
-	port @PORT@;
-	pid-file "named.pid";
-	listen-on { 10.53.0.3; };
-	listen-on-v6 { none; };
-	allow-transfer { any; };
-	recursion no;
-	dnssec-policy "rsasha256";
-	dnssec-validation no;
-};
-
-key rndc_key {
-        secret "1234abcd8765";
-        algorithm @DEFAULT_HMAC@;
-};
-
-controls {
-        inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
-};
-
-zone "." {
-	type hint;
-	file "../../_common/root.hint.blackhole";
-};
-
 /* Zones that are getting initially signed */
 
 /* The default case: No keys created, using default policy. */
@@ -54,7 +21,7 @@ zone "default.kasp" {
 };
 
 /* A zone with special characters. */
-zone "i-am.\":\;?&[]\@!\$*+,|=\.\(\)special.kasp." {
+zone {% raw %}"i-am.\":\;?&[]\@!\$*+,|=\.\(\)special.kasp."{% endraw %} {
         type primary;
         file "i-am.special.kasp.db";
         check-names ignore;

bin/tests/system/kasp/ns3/named-rsasha1.conf.j2

@@ -11,10 +11,6 @@
  * information regarding copyright ownership.
  */
 
-// NS3
-
-include "named-fips.conf";
-
 zone "rsasha1.kasp" {
 	type primary;
 	file "rsasha1.kasp.db";

bin/tests/system/kasp/ns3/named.conf.j2

@@ -11,23 +11,12 @@
  * information regarding copyright ownership.
  */
 
+include "policies/autosign.conf";
 include "policies/kasp-fips.conf";
+include "named-common.conf";
+include "named-fips.conf";
 
-dnssec-policy "rsasha1" {
-	signatures-refresh P5D;
-	signatures-validity 30d;
-	signatures-validity-dnskey 30d;
-
-	keys {
-		ksk lifetime unlimited algorithm rsasha1;
-		zsk lifetime unlimited algorithm rsasha1;
-	};
-
-	dnskey-ttl 1h;
-	publish-safety PT1H;
-	retire-safety 2h;
-	zone-propagation-delay 3600;
-	max-zone-ttl 6h;
-	parent-propagation-delay pt1h;
-	parent-ds-ttl 7200;
-};
+{% if RSASHA1_SUPPORTED == "1" %}
+include "policies/kasp-rsasha1.conf";
+include "named-rsasha1.conf";
+{% endif %}

bin/tests/system/kasp/ns3/policies/kasp-rsasha1.conf.j2

@@ -11,8 +11,6 @@
  * information regarding copyright ownership.
  */
 
-include "policies/kasp-fips.conf";
-
 dnssec-policy "rsasha1" {
 	dnskey-ttl 1234;
 

bin/tests/system/kasp/ns6/policies/csk2.conf.in

@@ -1,30 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * SPDX-License-Identifier: MPL-2.0
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0.  If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-dnssec-policy "csk-algoroll" {
-	signatures-refresh P5D;
-	signatures-validity 30d;
-	signatures-validity-dnskey 30d;
-
-	keys {
-		csk lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
-	};
-
-	dnskey-ttl 1h;
-	publish-safety PT1H;
-	retire-safety 2h;
-	zone-propagation-delay 3600;
-	max-zone-ttl 6h;
-	parent-propagation-delay pt1h;
-	parent-ds-ttl 7200;
-};

bin/tests/system/kasp/ns6/policies/kasp.conf.j2

@@ -11,29 +11,8 @@
  * information regarding copyright ownership.
  */
 
-dnssec-policy "nsec3" {
-	nsec3param iterations 0 optout no salt-length 0;
-};
-
 dnssec-policy "modified" {
 	keys {
 		csk lifetime unlimited algorithm rsasha256 2048;
 	};
 };
-
-dnssec-policy "unlimited-lifetime" {
-	keys {
-		csk lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
-	};
-};
-dnssec-policy "short-lifetime" {
-	keys {
-		csk lifetime P6M algorithm @DEFAULT_ALGORITHM@;
-	};
-};
-
-dnssec-policy "long-lifetime" {
-	keys {
-		csk lifetime P1Y algorithm @DEFAULT_ALGORITHM@;
-	};
-};

bin/tests/system/kasp/setup.sh

@@ -19,32 +19,6 @@ set -e
 mkdir keys
 mkdir ns3/keys
 
-copy_setports ns2/named.conf.in ns2/named.conf
-if [ $RSASHA1_SUPPORTED = 0 ]; then
-  copy_setports ns3/named-fips.conf.in ns3/named.conf
-else
-  copy_setports ns3/named-fips.conf.in ns3/named-fips.conf
-  copy_setports ns3/named.conf.in ns3/named.conf
-fi
-copy_setports ns4/named.conf.in ns4/named.conf
-copy_setports ns5/named.conf.in ns5/named.conf
-copy_setports ns6/named.conf.in ns6/named.conf
-
-copy_setports ns3/policies/autosign.conf.in ns3/policies/autosign.conf
-copy_setports ns3/policies/kasp-fips.conf.in ns3/policies/kasp-fips.conf
-copy_setports ns3/policies/kasp.conf.in ns3/policies/kasp.conf
-if [ $RSASHA1_SUPPORTED = 0 ]; then
-  cp ns3/policies/kasp-fips.conf ns3/policies/kasp.conf
-fi
-
-copy_setports ns6/policies/csk1.conf.in ns6/policies/csk1.conf
-copy_setports ns6/policies/csk2.conf.in ns6/policies/csk2.conf
-copy_setports ns6/policies/kasp-fips.conf.in ns6/policies/kasp-fips.conf
-copy_setports ns6/policies/kasp.conf.in ns6/policies/kasp.conf
-if [ $RSASHA1_SUPPORTED = 0 ]; then
-  cp ns6/policies/kasp-fips.conf ns6/policies/kasp.conf
-fi
-
 # Setup zones
 (
   cd ns2

bin/tests/system/kasp/tests_kasp.py

@@ -73,7 +73,7 @@ pytestmark = pytest.mark.extra_artifacts(
         "ns*/zsk",
         "ns*/zsk",
         "ns*/zsk/K*",
-        "ns*/named-fips.conf",
+        "ns*/named*.conf",
         "ns*/settime.out.*",
         "ns*/signer.out.*",
         "ns*/zones",