Two more kasp test cases converted to pytest

The zone 'pregenerated.kasp' is a case where there already exist more keys than required. For this we set the 'pregenerated' setting. This will change the 'keydir_to_keylist' function behavior: Only keys in use are considered. A key is in use if all of the states are either undefined, or set to 'hidden'. The 'some-keys.kasp' zone is similar to 'pregenerated.kasp', except only some keys have been pregenerated. (cherry picked from commit 43ded45ae9)
2025-08-30 14:07:59 +00:00 · 2025-03-14 17:28:28 +01:00
parent 53f02790b1
commit 6f98c8e10b
2 changed files with 23 additions and 36 deletions
--- a/bin/tests/system/kasp/tests.sh
+++ b/bin/tests/system/kasp/tests.sh
@@ -487,40 +487,6 @@ set_keystate "KEY3" "STATE_ZRRSIG" "rumoured"
 # Three keys only.
 key_clear "KEY4"

-#
-# Zone: some-keys.kasp.
-#
-set_zone "some-keys.kasp"
-set_policy "rsasha256" "3" "1234"
-set_server "ns3" "10.53.0.3"
-# Key properties, timings and states same as above.
-
-check_keys
-check_dnssecstatus "$SERVER" "$POLICY" "$ZONE"
-set_keytimes_algorithm_policy "pregenerated"
-check_keytimes
-check_apex
-check_subdomain
-dnssec_verify
-
-#
-# Zone: pregenerated.kasp.
-#
-# There are more pregenerated keys than needed, hence the number of keys is
-# six, not three.
-set_zone "pregenerated.kasp"
-set_policy "rsasha256" "6" "1234"
-set_server "ns3" "10.53.0.3"
-# Key properties, timings and states same as above.
-
-check_keys
-check_dnssecstatus "$SERVER" "$POLICY" "$ZONE"
-set_keytimes_algorithm_policy "pregenerated"
-check_keytimes
-check_apex
-check_subdomain
-dnssec_verify
-
 #
 # Zone: rumoured.kasp.
 #
--- a/bin/tests/system/kasp/tests_kasp.py
+++ b/bin/tests/system/kasp/tests_kasp.py
@@ -174,6 +174,9 @@ def test_kasp_cases(servers):
        zone = test["zone"]
        policy = test["policy"]
        ttl = int(test["config"]["dnskey-ttl"].total_seconds())
+        pregenerated = False
+        if test.get("pregenerated"):
+            pregenerated = test["pregenerated"]

        isctest.log.info(f"check test case zone {zone} policy {policy}")

@@ -182,7 +185,9 @@ def test_kasp_cases(servers):
            ttl=ttl, keys=test["key-properties"]
        )
        # Key files.
-        keys = isctest.kasp.keydir_to_keylist(zone, test["config"]["key-directory"])
+        keys = isctest.kasp.keydir_to_keylist(
+            zone, test["config"]["key-directory"], in_use=pregenerated
+        )
        ksks = [k for k in keys if k.is_ksk()]
        zsks = [k for k in keys if not k.is_ksk()]

@@ -192,7 +197,9 @@ def test_kasp_cases(servers):
        offset = test["offset"] if "offset" in test else None

        for kp in expected:
-            kp.set_expected_keytimes(test["config"], offset=offset)
+            kp.set_expected_keytimes(
+                test["config"], offset=offset, pregenerated=pregenerated
+            )

        isctest.kasp.check_keytimes(keys, expected)

@@ -248,6 +255,13 @@ def test_kasp_cases(servers):
            "config": kasp_config,
            "key-properties": fips_properties(8),
        },
+        {
+            "zone": "pregenerated.kasp",
+            "policy": "rsasha256",
+            "config": kasp_config,
+            "pregenerated": True,
+            "key-properties": fips_properties(8),
+        },
        {
            "zone": "rsasha256.kasp",
            "policy": "rsasha256",
@@ -260,6 +274,13 @@ def test_kasp_cases(servers):
            "config": kasp_config,
            "key-properties": fips_properties(10),
        },
+        {
+            "zone": "some-keys.kasp",
+            "policy": "rsasha256",
+            "config": kasp_config,
+            "pregenerated": True,
+            "key-properties": fips_properties(8),
+        },
        {
            "zone": "unlimited.kasp",
            "policy": "unlimited",