upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-25 02:47:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Move parts into a common module

Browse source 
Some constants and test functionality are the same for test cases
prior and after reconfiguration. Move these into a common module.
This commit is contained in:
Matthijs Mekking 2025-09-30 11:48:30 +02:00
parent 4a404dd806
commit 85eea3db37
2 changed files with 116 additions and 94 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

106
bin/tests/system/nsec3/common.py Normal file
View file

@ -0,0 +1,106 @@
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# SPDX-License-Identifier: MPL-2.0
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
import os
from datetime import timedelta
import dns
import pytest
pytestmark = pytest.mark.extra_artifacts(
[
"*.axfr",
"*.created",
"dig.out.*",
"rndc.reload.*",
"rndc.signing.*",
"update.out.*",
"verify.out.*",
"ns*/dsset-**",
"ns*/K*",
"ns*/settime.out.*",
"ns*/*.db",
"ns*/*.jbk",
"ns*/*.jnl",
"ns*/*.signed",
"ns*/keygen.out.*",
"ns3/named-common.conf",
"ns3/named-fips.conf",
"ns3/named-rsasha1.conf",
]
)
ALGORITHM = os.environ["DEFAULT_ALGORITHM_NUMBER"]
SIZE = os.environ["DEFAULT_BITS"]
default_config = {
"dnskey-ttl": timedelta(hours=1),
"ds-ttl": timedelta(days=1),
"max-zone-ttl": timedelta(days=1),
"parent-propagation-delay": timedelta(hours=1),
"publish-safety": timedelta(hours=1),
"retire-safety": timedelta(hours=1),
"signatures-refresh": timedelta(days=5),
"signatures-validity": timedelta(days=14),
"zone-propagation-delay": timedelta(minutes=5),
}
def check_auth_nsec(response):
rrs = []
for rrset in response.authority:
if rrset.match(dns.rdataclass.IN, dns.rdatatype.NSEC, dns.rdatatype.NONE):
rrs.append(rrset)
assert not rrset.match(
dns.rdataclass.IN, dns.rdatatype.NSEC3, dns.rdatatype.NONE
)
assert len(rrs) != 0, "no NSEC records found in authority section"
def check_auth_nsec3(response, iterations=0, optout=0, saltlen=0):
match = f"IN NSEC3 1 {optout} {iterations}"
rrs = []
for rrset in response.authority:
if rrset.match(dns.rdataclass.IN, dns.rdatatype.NSEC3, dns.rdatatype.NONE):
assert match in rrset.to_text()
if saltlen == 0:
assert f"{match} -" in rrset.to_text()
else:
assert not f"{match} -" in rrset.to_text()
rrs.append(rrset)
assert not rrset.match(
dns.rdataclass.IN, dns.rdatatype.NSEC, dns.rdatatype.NONE
)
assert len(rrs) != 0, "no NSEC3 records found in authority section"
def check_nsec3param(response, match, saltlen):
rrs = []
for rrset in response.answer:
if rrset.match(dns.rdataclass.IN, dns.rdatatype.NSEC3PARAM, dns.rdatatype.NONE):
assert match in rrset.to_text()
if saltlen == 0:
assert f"{match} -" in rrset.to_text()
else:
assert not f"{match} -" in rrset.to_text()
rrs.append(rrset)
else:
assert rrset.match(
dns.rdataclass.IN, dns.rdatatype.RRSIG, dns.rdatatype.NSEC3PARAM
)
assert len(rrs) != 0

104
bin/tests/system/nsec3/tests_nsec3_initial.py
View file

@ -9,12 +9,10 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
# pylint: disable=redefined-outer-name,unused-import
import shutil
import os
from datetime import timedelta
import dns
import dns.update
import pytest
@ -22,58 +20,16 @@ pytest.importorskip("dns", minversion="2.0.0")
import isctest
import isctest.mark
from isctest.vars.algorithms import RSASHA1
pytestmark = pytest.mark.extra_artifacts(
[
"*.axfr",
"*.created",
"dig.out.*",
"rndc.reload.*",
"rndc.signing.*",
"update.out.*",
"verify.out.*",
"ns*/dsset-**",
"ns*/K*",
"ns*/settime.out.*",
"ns*/*.db",
"ns*/*.jbk",
"ns*/*.jnl",
"ns*/*.signed",
"ns*/keygen.out.*",
"ns3/named-common.conf",
"ns3/named-fips.conf",
"ns3/named-rsasha0.conf",
"ns3/named-rsasha1.conf",
]
from nsec3.common import (
ALGORITHM,
SIZE,
default_config,
pytestmark,
check_auth_nsec,
check_auth_nsec3,
check_nsec3param,
)
ALGORITHM = os.environ["DEFAULT_ALGORITHM_NUMBER"]
SIZE = os.environ["DEFAULT_BITS"]
default_config = {
"dnskey-ttl": timedelta(hours=1),
"ds-ttl": timedelta(days=1),
"key-directory": "{keydir}",
"max-zone-ttl": timedelta(days=1),
"parent-propagation-delay": timedelta(hours=1),
"publish-safety": timedelta(hours=1),
"retire-safety": timedelta(hours=1),
"signatures-refresh": timedelta(days=5),
"signatures-validity": timedelta(days=14),
"zone-propagation-delay": timedelta(minutes=5),
}
def check_auth_nsec(response):
rrs = []
for rrset in response.authority:
if rrset.match(dns.rdataclass.IN, dns.rdatatype.NSEC, dns.rdatatype.NONE):
rrs.append(rrset)
assert not rrset.match(
dns.rdataclass.IN, dns.rdatatype.NSEC3, dns.rdatatype.NONE
)
assert len(rrs) != 0
@pytest.mark.parametrize(
"params",
@ -218,46 +174,6 @@ def wait_for_soa_update(server, fqdn):
return verified
def check_nsec3param(response, match, saltlen):
rrs = []
for rrset in response.answer:
if rrset.match(dns.rdataclass.IN, dns.rdatatype.NSEC3PARAM, dns.rdatatype.NONE):
assert match in rrset.to_text()
if saltlen == 0:
assert f"{match} -" in rrset.to_text()
else:
assert not f"{match} -" in rrset.to_text()
rrs.append(rrset)
else:
assert rrset.match(
dns.rdataclass.IN, dns.rdatatype.RRSIG, dns.rdatatype.NSEC3PARAM
)
assert len(rrs) != 0
def check_auth_nsec3(response, iterations=0, optout=0, saltlen=0):
match = f"IN NSEC3 1 {optout} {iterations}"
rrs = []
for rrset in response.authority:
if rrset.match(dns.rdataclass.IN, dns.rdatatype.NSEC3, dns.rdatatype.NONE):
assert match in rrset.to_text()
if saltlen == 0:
assert f"{match} -" in rrset.to_text()
else:
assert not f"{match} -" in rrset.to_text()
rrs.append(rrset)
assert not rrset.match(
dns.rdataclass.IN, dns.rdatatype.NSEC, dns.rdatatype.NONE
)
assert len(rrs) != 0
@pytest.mark.parametrize(
"params",
[