From 4690e95d2953140ac48bdc5c6a063d9be7b3b153 Mon Sep 17 00:00:00 2001
From: Matthijs Mekking <matthijs@isc.org>
Date: Thu, 29 Jun 2023 11:23:34 +0200
Subject: [PATCH] Update views system test

Change test configuration to make use of 'dnssec-policy' instead of
'auto-dnssec'.

Because we now use 'dnssec-policy', there is no need to create an
explicit key in the final test that adds multiple inline zones
followed by a reconfig.
---
 bin/tests/system/views/ns2/named1.conf.in |  9 +++++++--
 bin/tests/system/views/ns2/named2.conf.in | 13 +++++++++----
 bin/tests/system/views/tests.sh           |  4 +---
 3 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/bin/tests/system/views/ns2/named1.conf.in b/bin/tests/system/views/ns2/named1.conf.in
index 4a257c049e..cfd5526d9f 100644
--- a/bin/tests/system/views/ns2/named1.conf.in
+++ b/bin/tests/system/views/ns2/named1.conf.in
@@ -33,6 +33,12 @@ controls {
 	inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
 };
 
+dnssec-policy "views" {
+	keys {
+		ksk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
+		csk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
+	};
+};
 
 zone "." {
 	type hint;
@@ -49,7 +55,6 @@ zone "inline" {
 	type primary;
 	file "external/inline.db";
 	key-directory "external";
-	auto-dnssec maintain;
+	dnssec-policy views;
 	inline-signing yes;
-	dnssec-dnskey-kskonly no;
 };
diff --git a/bin/tests/system/views/ns2/named2.conf.in b/bin/tests/system/views/ns2/named2.conf.in
index 8a4d77385e..beea2abe32 100644
--- a/bin/tests/system/views/ns2/named2.conf.in
+++ b/bin/tests/system/views/ns2/named2.conf.in
@@ -33,6 +33,13 @@ controls {
 	inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
 };
 
+dnssec-policy "views" {
+	keys {
+		ksk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
+		csk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
+	};
+};
+
 view "internal" {
 	match-clients { 10.53.0.2;
 			10.53.0.3; };
@@ -63,9 +70,8 @@ view "internal" {
 		type primary;
 		file "internal/inline.db";
 		key-directory "internal";
-		auto-dnssec maintain;
+		dnssec-policy views;
 		inline-signing yes;
-		dnssec-dnskey-kskonly no;
 	};
 };
 
@@ -96,8 +102,7 @@ view "external" {
 		type primary;
 		file "external/inline.db";
 		key-directory "external";
-		auto-dnssec maintain;
+		dnssec-policy views;
 		inline-signing yes;
-		dnssec-dnskey-kskonly no;
 	};
 };
diff --git a/bin/tests/system/views/tests.sh b/bin/tests/system/views/tests.sh
index 06cb3b1a5f..e99c12d86c 100644
--- a/bin/tests/system/views/tests.sh
+++ b/bin/tests/system/views/tests.sh
@@ -158,8 +158,7 @@ while [ $i -lt 50 ]; do
 	zone "${zone_name}" {
 	    type primary;
 	    file "db.${zone_name}";
-	    dnssec-dnskey-kskonly yes;
-	    auto-dnssec maintain;
+	    dnssec-policy default;
 	    inline-signing yes;
 	};
 	EOF
@@ -178,7 +177,6 @@ while [ $i -lt 50 ]; do
 	localhost       IN      A       127.0.0.1
 	EOF
 
-	$KEYGEN -q -Kns2 -fk -aecdsa256 "${zone_name}" > /dev/null
 	$RNDCCMD 10.53.0.2 reconfig || ret=1
 	if [ $ret != 0 ]; then echo_i "failed"; break; fi
 	i=$((i + 1))