Fix view-related issues in the "keymgr2kasp" test

Due to the lack of "match-clients" clauses in ns4/named2.conf.in, the same view is incorrectly chosen for all queries received by ns4 in the "keymgr2kasp" system test. This causes only one version of the "view-rsasha256.kasp" zone to actually be checked. Add "match-clients" clauses to ns4/named2.conf.in to ensure the test really checks what it claims to. Use identical view names ("ext", "int") in ns4/named.conf.in and ns4/named2.conf.in so that it is easier to quickly identify the differences between these two files. Update tests.sh to account for the above changes. Also fix a copy-paste error in a comment to prevent confusion.
2025-08-30 05:57:52 +00:00 · 2021-04-14 15:23:41 +02:00 · 2021-04-14 15:23:41 +02:00 · 0de5a576c5
commit 0de5a576c5
parent ee02453a2e
3 changed files with 23 additions and 19 deletions
--- a/bin/tests/system/keymgr2kasp/ns4/named.conf.in
+++ b/bin/tests/system/keymgr2kasp/ns4/named.conf.in
@ -34,13 +34,13 @@ controls {
 };

 key "external" {
-        algorithm "hmac-sha1";
-        secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
+	algorithm "hmac-sha1";
+	secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
 };

 key "internal" {
-        algorithm "hmac-sha1";
-        secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
+	algorithm "hmac-sha1";
+	secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
 };

 view "ext" {
--- a/bin/tests/system/keymgr2kasp/ns4/named2.conf.in
+++ b/bin/tests/system/keymgr2kasp/ns4/named2.conf.in
@ -33,16 +33,6 @@ controls {
 	inet 10.53.0.4 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
 };

-key "external" {
-	algorithm "hmac-sha1";
-	secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
-};
-
-key "internal" {
-	algorithm "hmac-sha1";
-	secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
-};
-
 dnssec-policy "rsasha256" {
 	keys {
 		zsk key-directory lifetime P3M algorithm 8 1024;
@ -64,7 +54,19 @@ dnssec-policy "rsasha256" {
 	parent-propagation-delay 3h;
 };

-view "external-view" {
+key "external" {
+	algorithm "hmac-sha1";
+	secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
+};
+
+key "internal" {
+	algorithm "hmac-sha1";
+	secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
+};
+
+view "ext" {
+        match-clients { key "external"; };
+
 	zone "view-rsasha256.kasp" {
 		type master;
 		file "view-rsasha256.kasp.ext.db";
@ -72,7 +74,9 @@ view "external-view" {
 	};
 };

-view "internal-view" {
+view "int" {
+        match-clients { key "internal"; };
+
 	zone "view-rsasha256.kasp" {
 		type master;
 		file "view-rsasha256.kasp.int.db";
--- a/bin/tests/system/keymgr2kasp/tests.sh
+++ b/bin/tests/system/keymgr2kasp/tests.sh
@ -866,7 +866,7 @@ set_keystate     "KEY3" "STATE_ZRRSIG" "hidden"
 TSIG="hmac-sha1:external:$VIEW1"
 check_keys
 wait_for_done_signing
-check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" "external-view"
+check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" "ext"
 set_keytimes_view_migration

 # Set expected key times:
@ -923,11 +923,11 @@ check_keytimes
 check_apex
 dnssec_verify

-# Various signing policy checks (external).
+# Various signing policy checks (internal).
 TSIG="hmac-sha1:internal:$VIEW2"
 check_keys
 wait_for_done_signing
-check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" "internal-view"
+check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" "int"
 set_keytimes_view_migration
 check_keytimes
 check_apex