From fa3a59e70c97a24090a24d46135f672a004bf9ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicki=20K=C5=99=C3=AD=C5=BEek?= Date: Wed, 1 Apr 2026 17:04:22 +0200 Subject: [PATCH] Improve isctest.template dataclasses' defaults Extend the Nameserver to generate the default IPv4/IPv6 values, add NSX values for the predefined nameservers (there are 11 of them, as per bin/tests/system/ifconfig.sh.in max value). Add the missing ns11 fixture. Extend the Zone to derive the zone filename by default, unless specified. Adjust the existing uses of these classes to utilize the simplified defaults. --- bin/tests/system/conftest.py | 5 + bin/tests/system/isctest/template.py | 37 +++++- bin/tests/system/rollover/setup.py | 106 +++++++++--------- .../system/rollover/tests_rollover_manual.py | 4 +- 4 files changed, 93 insertions(+), 59 deletions(-) diff --git a/bin/tests/system/conftest.py b/bin/tests/system/conftest.py index ba89dc548a..35e9c1c30e 100644 --- a/bin/tests/system/conftest.py +++ b/bin/tests/system/conftest.py @@ -655,3 +655,8 @@ def ns9(servers): @pytest.fixture(scope="module") def ns10(servers): return servers["ns10"] + + +@pytest.fixture(scope="module") +def ns11(servers): + return servers["ns11"] diff --git a/bin/tests/system/isctest/template.py b/bin/tests/system/isctest/template.py index 118565e3f7..d25e2926d0 100644 --- a/bin/tests/system/isctest/template.py +++ b/bin/tests/system/isctest/template.py @@ -15,6 +15,8 @@ from dataclasses import dataclass from pathlib import Path from typing import Any +import re + import jinja2 from .log import debug @@ -84,16 +86,47 @@ class TemplateEngine: @dataclass class Nameserver: + name: str - ip: str + num: int | None = None + ip: str | None = None + ip6: str | None = None + + def __post_init__(self): + if self.num is None: + match = re.search(r"\d+", self.name) + assert match + self.num = int(match.group(0)) + if self.ip is None: + self.ip = f"10.53.0.{self.num}" + if self.ip6 is None: + self.ip6 = f"fd92:7065:b8e:ffff::{self.num}" + + +NS1 = Nameserver("ns1") +NS2 = Nameserver("ns2") +NS3 = Nameserver("ns3") +NS4 = Nameserver("ns4") +NS5 = Nameserver("ns5") +NS6 = Nameserver("ns6") +NS7 = Nameserver("ns7") +NS8 = Nameserver("ns8") +NS9 = Nameserver("ns9") +NS10 = Nameserver("ns10") +NS11 = Nameserver("ns11") @dataclass class Zone: + name: str - filename: str ns: Nameserver type: str = "primary" + filename: str | None = None + + def __post_init__(self): + if self.filename is None: + self.filename = f"{self.name}.db" @dataclass diff --git a/bin/tests/system/rollover/setup.py b/bin/tests/system/rollover/setup.py index 15bbee9a70..c1fc62b4e4 100644 --- a/bin/tests/system/rollover/setup.py +++ b/bin/tests/system/rollover/setup.py @@ -13,7 +13,7 @@ import shutil from isctest.kasp import SettimeOptions, private_type_record from isctest.run import EnvCmd -from isctest.template import Nameserver, TrustAnchor, Zone +from isctest.template import NS2, NS3, TrustAnchor, Zone from isctest.vars.algorithms import Algorithm import isctest @@ -50,7 +50,7 @@ def configure_tld(zonename: str, delegations: list[Zone]) -> Zone: templates.render(f"ns2/{outfile}", tdata, template=f"ns2/{template}") signer(f"-P -x -O full -o {zonename} -f {outfile}.signed {outfile}", cwd="ns2") - return Zone(zonename, f"{outfile}.signed", Nameserver("ns2", "10.53.0.2")) + return Zone(zonename, NS2, filename=f"{outfile}.signed") def configure_root(delegations: list[Zone]) -> TrustAnchor: @@ -150,7 +150,7 @@ def configure_algo_csk(tld: str, policy: str, reconfig: bool = False) -> list[Zo # Step 1: # Introduce the first key. This will immediately be active. zonename = f"step1.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") TactN = "now-7d" TsbmN = "now-161h" @@ -173,7 +173,7 @@ def configure_algo_csk(tld: str, policy: str, reconfig: bool = False) -> list[Zo # Step 2: # After the publication interval has passed the DNSKEY is OMNIPRESENT. zonename = f"step2.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # The time passed since the new algorithm keys have been introduced is 3 hours. TpubN1 = "now-3h" @@ -205,7 +205,7 @@ def configure_algo_csk(tld: str, policy: str, reconfig: bool = False) -> list[Zo # Step 3: # The zone signatures are also OMNIPRESENT. zonename = f"step3.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # The time passed since the new algorithm keys have been introduced is 7 hours. TpubN1 = "now-7h" @@ -238,7 +238,7 @@ def configure_algo_csk(tld: str, policy: str, reconfig: bool = False) -> list[Zo # Step 4: # The DS is swapped and can become OMNIPRESENT. zonename = f"step4.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # The time passed since the DS has been swapped is 3 hours. TpubN1 = "now-10h" @@ -273,7 +273,7 @@ def configure_algo_csk(tld: str, policy: str, reconfig: bool = False) -> list[Zo # Step 5: # The DNSKEY is removed long enough to be HIDDEN. zonename = f"step5.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # The time passed since the DNSKEY has been removed is 2 hours. TpubN1 = "now-12h" @@ -306,7 +306,7 @@ def configure_algo_csk(tld: str, policy: str, reconfig: bool = False) -> list[Zo # Step 6: # The RRSIGs have been removed long enough to be HIDDEN. zonename = f"step6.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # Additional time passed: 7h. TpubN1 = "now-19h" @@ -349,7 +349,7 @@ def configure_algo_ksk_zsk(tld: str, reconfig: bool = False) -> list[Zone]: # Step 1: # Introduce the first key. This will immediately be active. zonename = f"step1.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") TactN = "now-7d" TsbmN = "now-161h" @@ -380,7 +380,7 @@ def configure_algo_ksk_zsk(tld: str, reconfig: bool = False) -> list[Zone]: # Step 2: # After the publication interval has passed the DNSKEY is OMNIPRESENT. zonename = f"step2.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # The time passed since the new algorithm keys have been introduced is 3 hours. # Tsbm(N+1) = TpubN1 + Ipub = now + TTLsig + Dprp = now - 3h + 6h + 1h = now + 4h @@ -436,7 +436,7 @@ def configure_algo_ksk_zsk(tld: str, reconfig: bool = False) -> list[Zone]: # Step 3: # The zone signatures are also OMNIPRESENT. zonename = f"step3.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # The time passed since the new algorithm keys have been introduced is 7 hours. TpubN1 = "now-7h" @@ -491,7 +491,7 @@ def configure_algo_ksk_zsk(tld: str, reconfig: bool = False) -> list[Zone]: # Step 4: # The DS is swapped and can become OMNIPRESENT. zonename = f"step4.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # The time passed since the DS has been swapped is 3 hours. TpubN1 = "now-10h" @@ -548,7 +548,7 @@ def configure_algo_ksk_zsk(tld: str, reconfig: bool = False) -> list[Zone]: # Step 5: # The DNSKEY is removed long enough to be HIDDEN. zonename = f"step5.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # The time passed since the DNSKEY has been removed is 2 hours. TpubN1 = "now-12h" @@ -603,7 +603,7 @@ def configure_algo_ksk_zsk(tld: str, reconfig: bool = False) -> list[Zone]: # Step 6: # The RRSIGs have been removed long enough to be HIDDEN. zonename = f"step6.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # Additional time passed: 7h. TpubN1 = "now-19h" @@ -668,7 +668,7 @@ def configure_cskroll1(tld: str, policy: str) -> list[Zone]: # Step 1: # Introduce the first key. This will immediately be active. zonename = f"step1.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") TactN = "now-7d" keytimes = f"-P {TactN} -A {TactN}" @@ -689,7 +689,7 @@ def configure_cskroll1(tld: str, policy: str) -> list[Zone]: # Step 2: # It is time to introduce the new CSK. zonename = f"step2.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # According to RFC 7583: # KSK: Tpub(N+1) <= Tact(N) + Lksk - IpubC @@ -726,7 +726,7 @@ def configure_cskroll1(tld: str, policy: str) -> list[Zone]: # Step 3: # It is time to submit the DS and to roll signatures. zonename = f"step3.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # According to RFC 7583: # @@ -800,7 +800,7 @@ def configure_cskroll1(tld: str, policy: str) -> list[Zone]: # (which is 26d3h). The DS is swapped after Iret (which is 4h). # In other words, the DS is swapped before all zone signatures are replaced. zonename = f"step4.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # According to RFC 7583: # Trem(N) = Tret(N) - Iret + IretZ @@ -862,7 +862,7 @@ def configure_cskroll1(tld: str, policy: str) -> list[Zone]: # After the DS is swapped in step 4, also the KRRSIG records can be removed. # At this time these have all become hidden. zonename = f"step5.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # Subtract DNSKEY TTL plus zone propagation delay from all the times (2h). TpubN = "now-4470h" @@ -906,7 +906,7 @@ def configure_cskroll1(tld: str, policy: str) -> list[Zone]: # After the retire interval has passed the predecessor DNSKEY can be # removed from the zone. zonename = f"step6.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # According to RFC 7583: # Trem(N) = Tret(N) + IretZ @@ -965,7 +965,7 @@ def configure_cskroll1(tld: str, policy: str) -> list[Zone]: # Step 7: # Some time later the predecessor DNSKEY enters the HIDDEN state. zonename = f"step7.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # Subtract DNSKEY TTL plus zone propagation delay from all the times (2h). TpubN = "now-5093h" @@ -1008,7 +1008,7 @@ def configure_cskroll1(tld: str, policy: str) -> list[Zone]: # Step 8: # The predecessor DNSKEY can be purged. zonename = f"step8.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # Subtract purge-keys interval from all the times (1h). TpubN = "now-5094h" @@ -1064,7 +1064,7 @@ def configure_cskroll2(tld: str, policy: str) -> list[Zone]: # Step 1: # Introduce the first key. This will immediately be active. zonename = f"step1.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") TactN = "now-7d" keytimes = f"-P {TactN} -A {TactN}" @@ -1085,7 +1085,7 @@ def configure_cskroll2(tld: str, policy: str) -> list[Zone]: # Step 2: # It is time to introduce the new CSK. zonename = f"step2.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # According to RFC 7583: # KSK: Tpub(N+1) <= Tact(N) + Lksk - IpubC @@ -1122,7 +1122,7 @@ def configure_cskroll2(tld: str, policy: str) -> list[Zone]: # Step 3: # It is time to submit the DS and to roll signatures. zonename = f"step3.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # According to RFC 7583: # @@ -1196,7 +1196,7 @@ def configure_cskroll2(tld: str, policy: str) -> list[Zone]: # The DS is swapped after Dreg + Iret (1w3h). In other words, the zone # signatures are replaced before the DS is swapped. zonename = f"step4.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # According to RFC 7583: # Trem(N) = Tret(N) + IretZ @@ -1260,7 +1260,7 @@ def configure_cskroll2(tld: str, policy: str) -> list[Zone]: # Some time later the DS can be swapped and the old DNSKEY can be removed from # the zone. zonename = f"step5.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # Subtract Iret (170h) - IretZ (38h) = 132h. # @@ -1314,7 +1314,7 @@ def configure_cskroll2(tld: str, policy: str) -> list[Zone]: # Step 6: # Some time later the predecessor DNSKEY enters the HIDDEN state. zonename = f"step6.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # Subtract DNSKEY TTL plus zone propagation delay (2h). # @@ -1366,7 +1366,7 @@ def configure_cskroll2(tld: str, policy: str) -> list[Zone]: # Step 7: # The predecessor DNSKEY can be purged, but purge-keys is disabled. zonename = f"step7.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # Subtract 90 days (default, 2160h) from all the times. # @@ -1419,7 +1419,7 @@ def configure_cskroll2(tld: str, policy: str) -> list[Zone]: # Step 8: # The predecessor DNSKEY can be purged. zonename = f"step8.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # Subtract purge-keys interval from all the times (1h). TpubN = "now-5094h" @@ -1473,14 +1473,14 @@ def configure_enable_dnssec(tld: str, policy: str) -> list[Zone]: # This is an unsigned zone and named should perform the initial steps of # introducing the DNSSEC records in the right order. zonename = f"step1.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") render_and_sign_zone(zonename, [], signing=False) # Step 2: # The DNSKEY has been published long enough to become OMNIPRESENT. zonename = f"step2.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # DNSKEY TTL: 300 seconds # zone-propagation-delay: 5 minutes (300 seconds) @@ -1505,7 +1505,7 @@ def configure_enable_dnssec(tld: str, policy: str) -> list[Zone]: # Step 3: # The zone signatures have been published long enough to become OMNIPRESENT. zonename = f"step3.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # Passed time since publication: # max-zone-ttl: 12 hours (43200 seconds) @@ -1530,7 +1530,7 @@ def configure_enable_dnssec(tld: str, policy: str) -> list[Zone]: # Step 4: # The DS has been submitted long enough ago to become OMNIPRESENT. zonename = f"step4.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # DS TTL: 2 hour (7200 seconds) # parent-propagation-delay: 1 hour (3600 seconds) @@ -1568,7 +1568,7 @@ def configure_going_insecure(tld: str, reconfig: bool = False) -> list[Zone]: # Step 1: zonename = f"step1.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # Timing metadata. TpubN = "now-10d" @@ -1600,9 +1600,7 @@ def configure_going_insecure(tld: str, reconfig: bool = False) -> list[Zone]: if reconfig: # Step 2: zonename = f"step2.{zone}" - zones.append( - Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")) - ) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # The DS was withdrawn from the parent zone 26 hours ago. TremN = "now-26h" @@ -1647,7 +1645,7 @@ def configure_straight2none(tld: str) -> list[Zone]: keytimes = f"-P {TpubN} -A {TpubN} -P sync {TsbmN}" zonename = f"going-straight-to-none.{tld}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # Key generation. csk_name = keygen(f"-f KSK {keytimes} {zonename}", cwd="ns3").out.strip() @@ -1664,9 +1662,7 @@ def configure_straight2none(tld: str) -> list[Zone]: render_and_sign_zone(zonename, [csk_name], extra_options="-z") zonename = f"going-straight-to-none-dynamic.{tld}" - zones.append( - Zone(zonename, f"{zonename}.db.signed", Nameserver("ns3", "10.53.0.3")) - ) + zones.append(Zone(zonename, NS3, filename=f"{zonename}.db.signed")) isctest.log.info(f"setup {zonename}") # Key generation. csk_name = keygen(f"-f KSK {keytimes} {zonename}", cwd="ns3").out.strip() @@ -1696,7 +1692,7 @@ def configure_ksk_doubleksk(tld: str) -> list[Zone]: # Step 1: # Introduce the first key. This will immediately be active. zonename = f"step1.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # Timing metadata. TactN = "now-7d" @@ -1724,7 +1720,7 @@ def configure_ksk_doubleksk(tld: str) -> list[Zone]: # Step 2: # It is time to introduce the new KSK. zonename = f"step2.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # Lksk: 60d # Dreg: n/a @@ -1766,7 +1762,7 @@ def configure_ksk_doubleksk(tld: str) -> list[Zone]: # Step 3: # It is time to submit the DS. zonename = f"step3.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # According to RFC 7583: # Iret = DprpP + TTLds (+retire-safety) @@ -1829,7 +1825,7 @@ def configure_ksk_doubleksk(tld: str) -> list[Zone]: # Step 4: # The DS should be swapped now. zonename = f"step4.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # Tpub(N) = now - Lksk - Iret = now - 60d - 50h # = now - 1440h - 50h = now - 1490h @@ -1891,7 +1887,7 @@ def configure_ksk_doubleksk(tld: str) -> list[Zone]: # Step 5: # The predecessor DNSKEY is removed long enough that is has become HIDDEN. zonename = f"step5.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # Subtract DNSKEY TTL + zone-propagation-delay from all the times (3h). # Tpub(N) = now - 1490h - 3h = now - 1493h @@ -1950,7 +1946,7 @@ def configure_ksk_doubleksk(tld: str) -> list[Zone]: # Step 6: # The predecessor DNSKEY can be purged. zonename = f"step6.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # Subtract purge-keys interval from all the times (1h). TpubN = "now-1494h" @@ -2019,7 +2015,7 @@ def configure_ksk_3crowd(tld: str) -> list[Zone]: # Set up a zone that has a KSK (KEY1) and have the successor key (KEY2) # published as well. zonename = f"three-is-a-crowd.{tld}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # These times are the same as step3.ksk-doubleksk.autosign. TpubN = "now-60d" @@ -2080,7 +2076,7 @@ def configure_zsk_prepub(tld: str) -> list[Zone]: # Step 1: # Introduce the first key. This will immediately be active. zonename = f"step1.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # Timing metadata. TactN = "now-7d" @@ -2108,7 +2104,7 @@ def configure_zsk_prepub(tld: str) -> list[Zone]: # Step 2: # It is time to pre-publish the successor ZSK. zonename = f"step2.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # According to RFC 7583: # Tact(N) = now + Ipub - Lzsk = now + 26h - 30d @@ -2139,7 +2135,7 @@ def configure_zsk_prepub(tld: str) -> list[Zone]: # After the publication interval has passed the DNSKEY of the successor ZSK # is OMNIPRESENT and the zone can thus be signed with the successor ZSK. zonename = f"step3.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # According to RFC 7583: # Tpub(N+1) <= Tact(N) + Lzsk - Ipub @@ -2190,7 +2186,7 @@ def configure_zsk_prepub(tld: str) -> list[Zone]: # After the retire interval has passed the predecessor DNSKEY can be # removed from the zone. zonename = f"step4.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # Lzsk: 30d # Ipub: 26h @@ -2249,7 +2245,7 @@ def configure_zsk_prepub(tld: str) -> list[Zone]: # Step 5: # The predecessor DNSKEY is removed long enough that is has become HIDDEN. zonename = f"step5.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # Subtract DNSKEY TTL + zone-propagation-delay from all the times (2h). # Tact(N) = now - 961h - 2h = now - 963h @@ -2296,7 +2292,7 @@ def configure_zsk_prepub(tld: str) -> list[Zone]: # Step 6: # The predecessor DNSKEY can be purged. zonename = f"step6.{zone}" - zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + zones.append(Zone(zonename, NS3)) isctest.log.info(f"setup {zonename}") # Subtract purge-keys interval from all the times (1h). TactN = "now-964h" diff --git a/bin/tests/system/rollover/tests_rollover_manual.py b/bin/tests/system/rollover/tests_rollover_manual.py index 87b6a93f69..71907a0be5 100644 --- a/bin/tests/system/rollover/tests_rollover_manual.py +++ b/bin/tests/system/rollover/tests_rollover_manual.py @@ -19,7 +19,7 @@ from isctest.kasp import ( private_type_record, ) from isctest.run import EnvCmd -from isctest.template import Nameserver, Zone +from isctest.template import NS3, Zone from isctest.vars.algorithms import Algorithm from rollover.setup import configure_root, configure_tld, setkeytimes @@ -67,7 +67,7 @@ def setup_zone(zone, ksk_time, ksk_timings, zsk_time, zsk_timings) -> Zone: templates.render(f"ns3/{outfile}", tdata, template=f"ns3/{template}") signer(f"-P -x -O raw -o {zone} -f {outfile}.signed {outfile}", cwd="ns3") - return Zone(zone, outfile, Nameserver("ns3", "10.53.0.3")) + return Zone(zone, NS3) def bootstrap():