From 0de5a576c5ceb1c9494cc14d0d8de153cd5ccd55 Mon Sep 17 00:00:00 2001 From: Matthijs Mekking Date: Wed, 14 Apr 2021 15:23:41 +0200 Subject: [PATCH] Fix view-related issues in the "keymgr2kasp" test Due to the lack of "match-clients" clauses in ns4/named2.conf.in, the same view is incorrectly chosen for all queries received by ns4 in the "keymgr2kasp" system test. This causes only one version of the "view-rsasha256.kasp" zone to actually be checked. Add "match-clients" clauses to ns4/named2.conf.in to ensure the test really checks what it claims to. Use identical view names ("ext", "int") in ns4/named.conf.in and ns4/named2.conf.in so that it is easier to quickly identify the differences between these two files. Update tests.sh to account for the above changes. Also fix a copy-paste error in a comment to prevent confusion. --- .../system/keymgr2kasp/ns4/named.conf.in | 8 +++--- .../system/keymgr2kasp/ns4/named2.conf.in | 28 +++++++++++-------- bin/tests/system/keymgr2kasp/tests.sh | 6 ++-- 3 files changed, 23 insertions(+), 19 deletions(-) diff --git a/bin/tests/system/keymgr2kasp/ns4/named.conf.in b/bin/tests/system/keymgr2kasp/ns4/named.conf.in index c2751a321b..a74f3851cc 100644 --- a/bin/tests/system/keymgr2kasp/ns4/named.conf.in +++ b/bin/tests/system/keymgr2kasp/ns4/named.conf.in @@ -34,13 +34,13 @@ controls { }; key "external" { - algorithm "hmac-sha1"; - secret "YPfMoAk6h+3iN8MDRQC004iSNHY="; + algorithm "hmac-sha1"; + secret "YPfMoAk6h+3iN8MDRQC004iSNHY="; }; key "internal" { - algorithm "hmac-sha1"; - secret "4xILSZQnuO1UKubXHkYUsvBRPu8="; + algorithm "hmac-sha1"; + secret "4xILSZQnuO1UKubXHkYUsvBRPu8="; }; view "ext" { diff --git a/bin/tests/system/keymgr2kasp/ns4/named2.conf.in b/bin/tests/system/keymgr2kasp/ns4/named2.conf.in index c7e7cad2a9..d9a23f8657 100644 --- a/bin/tests/system/keymgr2kasp/ns4/named2.conf.in +++ b/bin/tests/system/keymgr2kasp/ns4/named2.conf.in @@ -33,16 +33,6 @@ controls { inet 10.53.0.4 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; -key "external" { - algorithm "hmac-sha1"; - secret "YPfMoAk6h+3iN8MDRQC004iSNHY="; -}; - -key "internal" { - algorithm "hmac-sha1"; - secret "4xILSZQnuO1UKubXHkYUsvBRPu8="; -}; - dnssec-policy "rsasha256" { keys { zsk key-directory lifetime P3M algorithm 8 1024; @@ -64,7 +54,19 @@ dnssec-policy "rsasha256" { parent-propagation-delay 3h; }; -view "external-view" { +key "external" { + algorithm "hmac-sha1"; + secret "YPfMoAk6h+3iN8MDRQC004iSNHY="; +}; + +key "internal" { + algorithm "hmac-sha1"; + secret "4xILSZQnuO1UKubXHkYUsvBRPu8="; +}; + +view "ext" { + match-clients { key "external"; }; + zone "view-rsasha256.kasp" { type master; file "view-rsasha256.kasp.ext.db"; @@ -72,7 +74,9 @@ view "external-view" { }; }; -view "internal-view" { +view "int" { + match-clients { key "internal"; }; + zone "view-rsasha256.kasp" { type master; file "view-rsasha256.kasp.int.db"; diff --git a/bin/tests/system/keymgr2kasp/tests.sh b/bin/tests/system/keymgr2kasp/tests.sh index cd4812da4b..342b000bdf 100644 --- a/bin/tests/system/keymgr2kasp/tests.sh +++ b/bin/tests/system/keymgr2kasp/tests.sh @@ -866,7 +866,7 @@ set_keystate "KEY3" "STATE_ZRRSIG" "hidden" TSIG="hmac-sha1:external:$VIEW1" check_keys wait_for_done_signing -check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" "external-view" +check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" "ext" set_keytimes_view_migration # Set expected key times: @@ -923,11 +923,11 @@ check_keytimes check_apex dnssec_verify -# Various signing policy checks (external). +# Various signing policy checks (internal). TSIG="hmac-sha1:internal:$VIEW2" check_keys wait_for_done_signing -check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" "internal-view" +check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" "int" set_keytimes_view_migration check_keytimes check_apex