diff --git a/bin/tests/system/rollover-lifetime/common.py b/bin/tests/system/rollover-lifetime/common.py new file mode 120000 index 0000000000..64b8084c5a --- /dev/null +++ b/bin/tests/system/rollover-lifetime/common.py @@ -0,0 +1 @@ +../rollover/common.py \ No newline at end of file diff --git a/bin/tests/system/rollover-lifetime/ns6/kasp.conf.j2 b/bin/tests/system/rollover-lifetime/ns6/kasp.conf.j2 new file mode 100644 index 0000000000..345ffabcdf --- /dev/null +++ b/bin/tests/system/rollover-lifetime/ns6/kasp.conf.j2 @@ -0,0 +1,29 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +dnssec-policy "unlimited-lifetime" { + keys { + csk lifetime unlimited algorithm @DEFAULT_ALGORITHM@; + }; +}; +dnssec-policy "short-lifetime" { + keys { + csk lifetime P6M algorithm @DEFAULT_ALGORITHM@; + }; +}; + +dnssec-policy "long-lifetime" { + keys { + csk lifetime P1Y algorithm @DEFAULT_ALGORITHM@; + }; +}; diff --git a/bin/tests/system/rollover-lifetime/ns6/limit-lifetime.db b/bin/tests/system/rollover-lifetime/ns6/limit-lifetime.db new file mode 120000 index 0000000000..21598660d1 --- /dev/null +++ b/bin/tests/system/rollover-lifetime/ns6/limit-lifetime.db @@ -0,0 +1 @@ +../../rollover-dynamic2inline/ns6/template.db.in \ No newline at end of file diff --git a/bin/tests/system/rollover-lifetime/ns6/longer-lifetime.db b/bin/tests/system/rollover-lifetime/ns6/longer-lifetime.db new file mode 120000 index 0000000000..21598660d1 --- /dev/null +++ b/bin/tests/system/rollover-lifetime/ns6/longer-lifetime.db @@ -0,0 +1 @@ +../../rollover-dynamic2inline/ns6/template.db.in \ No newline at end of file diff --git a/bin/tests/system/rollover-lifetime/ns6/named.common.conf.j2 b/bin/tests/system/rollover-lifetime/ns6/named.common.conf.j2 new file mode 120000 index 0000000000..6b841ab2ad --- /dev/null +++ b/bin/tests/system/rollover-lifetime/ns6/named.common.conf.j2 @@ -0,0 +1 @@ +../../rollover-dynamic2inline/ns6/named.common.conf.j2 \ No newline at end of file diff --git a/bin/tests/system/rollover-lifetime/ns6/named.conf.j2 b/bin/tests/system/rollover-lifetime/ns6/named.conf.j2 new file mode 100644 index 0000000000..75b38db728 --- /dev/null +++ b/bin/tests/system/rollover-lifetime/ns6/named.conf.j2 @@ -0,0 +1,45 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +{% set change_lifetime = change_lifetime | default(False) %} +{% set longer = "short-lifetime" if not change_lifetime else "long-lifetime" %} +{% set shorter = "long-lifetime" if not change_lifetime else "short-lifetime" %} +{% set limit = "unlimited-lifetime" if not change_lifetime else "short-lifetime" %} +{% set unlimit = "short-lifetime" if not change_lifetime else "unlimited-lifetime" %} + +include "kasp.conf"; +include "named.common.conf"; + +zone longer-lifetime { + type primary; + file "longer-lifetime.db"; + dnssec-policy @longer@; +}; + +zone shorter-lifetime { + type primary; + file "shorter-lifetime.db"; + dnssec-policy @shorter@; +}; + +zone limit-lifetime { + type primary; + file "limit-lifetime.db"; + dnssec-policy @limit@; +}; + +zone unlimit-lifetime { + type primary; + file "unlimit-lifetime.db"; + dnssec-policy @unlimit@; +}; diff --git a/bin/tests/system/rollover-lifetime/ns6/shorter-lifetime.db b/bin/tests/system/rollover-lifetime/ns6/shorter-lifetime.db new file mode 120000 index 0000000000..21598660d1 --- /dev/null +++ b/bin/tests/system/rollover-lifetime/ns6/shorter-lifetime.db @@ -0,0 +1 @@ +../../rollover-dynamic2inline/ns6/template.db.in \ No newline at end of file diff --git a/bin/tests/system/rollover-lifetime/ns6/unlimit-lifetime.db b/bin/tests/system/rollover-lifetime/ns6/unlimit-lifetime.db new file mode 120000 index 0000000000..21598660d1 --- /dev/null +++ b/bin/tests/system/rollover-lifetime/ns6/unlimit-lifetime.db @@ -0,0 +1 @@ +../../rollover-dynamic2inline/ns6/template.db.in \ No newline at end of file diff --git a/bin/tests/system/rollover-lifetime/tests_rollover_lifetime_initial.py b/bin/tests/system/rollover-lifetime/tests_rollover_lifetime_initial.py new file mode 100644 index 0000000000..29764dca17 --- /dev/null +++ b/bin/tests/system/rollover-lifetime/tests_rollover_lifetime_initial.py @@ -0,0 +1,48 @@ +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +# pylint: disable=redefined-outer-name,unused-import + +import pytest + +import isctest +from isctest.util import param +from common import ( + pytestmark, + alg, + size, + CDSS, + DEFAULT_CONFIG, + DURATION, +) + + +@pytest.mark.parametrize( + "zone, policy, lifetime", + [ + param("shorter-lifetime", "long-lifetime", "P1Y"), + param("longer-lifetime", "short-lifetime", "P6M"), + param("limit-lifetime", "unlimited-lifetime", 0), + param("unlimit-lifetime", "short-lifetime", "P6M"), + ], +) +def test_lifetime_initial(zone, policy, lifetime, alg, size, servers): + config = DEFAULT_CONFIG + + step = { + "zone": zone, + "cdss": CDSS, + "keyprops": [ + f"csk {DURATION[lifetime]} {alg} {size} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", + ], + "nextev": None, + } + isctest.kasp.check_rollover_step(servers["ns6"], config, policy, step) diff --git a/bin/tests/system/rollover-lifetime/tests_rollover_lifetime_reconfig.py b/bin/tests/system/rollover-lifetime/tests_rollover_lifetime_reconfig.py new file mode 100644 index 0000000000..6689721edc --- /dev/null +++ b/bin/tests/system/rollover-lifetime/tests_rollover_lifetime_reconfig.py @@ -0,0 +1,58 @@ +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +# pylint: disable=redefined-outer-name,unused-import + +import pytest + +import isctest +from isctest.util import param +from common import ( + pytestmark, + alg, + size, + CDSS, + DEFAULT_CONFIG, + DURATION, +) + + +@pytest.fixture(scope="module", autouse=True) +def reconfigure_policy(servers, templates): + templates.render("ns6/named.conf", {"change_lifetime": True}) + servers["ns6"].reconfigure() + + +@pytest.mark.parametrize( + "zone, policy, lifetime", + [ + param("shorter-lifetime", "short-lifetime", "P6M"), + param("longer-lifetime", "long-lifetime", "P1Y"), + param( + "limit-lifetime", + "short-lifetime", + "P6M", + ), + param("unlimit-lifetime", "unlimited-lifetime", 0), + ], +) +def test_lifetime_reconfig(zone, policy, lifetime, alg, size, servers): + config = DEFAULT_CONFIG + + step = { + "zone": zone, + "cdss": CDSS, + "keyprops": [ + f"csk {DURATION[lifetime]} {alg} {size} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", + ], + "nextev": None, + } + isctest.kasp.check_rollover_step(servers["ns6"], config, policy, step) diff --git a/bin/tests/system/rollover/common.py b/bin/tests/system/rollover/common.py index 543359e3d8..111ab6ac64 100644 --- a/bin/tests/system/rollover/common.py +++ b/bin/tests/system/rollover/common.py @@ -40,6 +40,7 @@ pytestmark = pytest.mark.extra_artifacts( TIMEDELTA = { + 0: timedelta(seconds=0), "PT5M": timedelta(minutes=5), "PT1H": timedelta(hours=1), "PT2H": timedelta(hours=2), diff --git a/bin/tests/system/rollover/ns6/kasp.conf.j2 b/bin/tests/system/rollover/ns6/kasp.conf.j2 index b2f36a9507..bb00e85311 100644 --- a/bin/tests/system/rollover/ns6/kasp.conf.j2 +++ b/bin/tests/system/rollover/ns6/kasp.conf.j2 @@ -11,23 +11,6 @@ * information regarding copyright ownership. */ -dnssec-policy "unlimited-lifetime" { - keys { - csk lifetime unlimited algorithm @DEFAULT_ALGORITHM@; - }; -}; -dnssec-policy "short-lifetime" { - keys { - csk lifetime P6M algorithm @DEFAULT_ALGORITHM@; - }; -}; - -dnssec-policy "long-lifetime" { - keys { - csk lifetime P1Y algorithm @DEFAULT_ALGORITHM@; - }; -}; - dnssec-policy "unsigning" { dnskey-ttl 7200; diff --git a/bin/tests/system/rollover/ns6/named.conf.j2 b/bin/tests/system/rollover/ns6/named.conf.j2 index c626875354..9c4886f6cc 100644 --- a/bin/tests/system/rollover/ns6/named.conf.j2 +++ b/bin/tests/system/rollover/ns6/named.conf.j2 @@ -21,35 +21,6 @@ include "@_csk_file@"; include "named.common.conf"; -/* Lifetime changes. */ -{% set _policy = "short-lifetime" if not csk_roll else "long-lifetime" %} -zone longer-lifetime { - type primary; - file "longer-lifetime.db"; - dnssec-policy @_policy@; -}; - -{% set _policy = "long-lifetime" if not csk_roll else "short-lifetime" %} -zone shorter-lifetime { - type primary; - file "shorter-lifetime.db"; - dnssec-policy @_policy@; -}; - -{% set _policy = "unlimited-lifetime" if not csk_roll else "short-lifetime" %} -zone limit-lifetime { - type primary; - file "limit-lifetime.db"; - dnssec-policy @_policy@; -}; - -{% set _policy = "short-lifetime" if not csk_roll else "unlimited-lifetime" %} -zone unlimit-lifetime { - type primary; - file "unlimit-lifetime.db"; - dnssec-policy @_policy@; -}; - {% set _policy = "default" if not csk_roll else "none" %} zone "step1.going-straight-to-none.kasp" { type primary; diff --git a/bin/tests/system/rollover/ns6/setup.sh b/bin/tests/system/rollover/ns6/setup.sh index 31023687fa..d03a27a552 100644 --- a/bin/tests/system/rollover/ns6/setup.sh +++ b/bin/tests/system/rollover/ns6/setup.sh @@ -29,12 +29,6 @@ R="RUMOURED" O="OMNIPRESENT" U="UNRETENTIVE" -for zn in shorter-lifetime longer-lifetime limit-lifetime \ - unlimit-lifetime; do - setup $zn - cp template.db.in $zonefile -done - # These zones are going straight to "none" policy. This is undefined behavior. T="now-10d" S="now-12955mi" diff --git a/bin/tests/system/rollover/tests_rollover.py b/bin/tests/system/rollover/tests_rollover.py index 6ac80d7247..feda32edc8 100644 --- a/bin/tests/system/rollover/tests_rollover.py +++ b/bin/tests/system/rollover/tests_rollover.py @@ -1161,48 +1161,6 @@ def test_rollover_policy_changes(servers, templates): start_time = KeyTimingMetadata.now() - # Test key lifetime changes. - isctest.log.info("check key lifetime changes are updated correctly") - lifetime = { - "P1Y": int(timedelta(days=365).total_seconds()), - "P6M": int(timedelta(days=31 * 6).total_seconds()), - "P60D": int(timedelta(days=60).total_seconds()), - } - lifetime_update_tests = [ - { - "zone": "shorter-lifetime", - "policy": "long-lifetime", - "lifetime": lifetime["P1Y"], - }, - { - "zone": "longer-lifetime", - "policy": "short-lifetime", - "lifetime": lifetime["P6M"], - }, - { - "zone": "limit-lifetime", - "policy": "unlimited-lifetime", - "lifetime": 0, - }, - { - "zone": "unlimit-lifetime", - "policy": "short-lifetime", - "lifetime": lifetime["P6M"], - }, - ] - for lut in lifetime_update_tests: - step = { - "zone": lut["zone"], - "cdss": cdss, - "config": default_config, - "policy": lut["policy"], - "keyprops": [ - f"csk {lut['lifetime']} {alg} {size} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", - ], - "nextev": None, - } - steps.append(step) - # Test going straight to none. isctest.log.info("check going straight to none") zones = [ @@ -1264,42 +1222,6 @@ def test_rollover_policy_changes(servers, templates): now = KeyTimingMetadata.now() time_passed = now.value - start_time.value - # Test key lifetime changes (after reconfig). - lifetime_update_tests = [ - { - "zone": "shorter-lifetime", - "policy": "short-lifetime", - "lifetime": lifetime["P6M"], - }, - { - "zone": "longer-lifetime", - "policy": "long-lifetime", - "lifetime": lifetime["P1Y"], - }, - { - "zone": "limit-lifetime", - "policy": "short-lifetime", - "lifetime": lifetime["P6M"], - }, - { - "zone": "unlimit-lifetime", - "policy": "unlimited-lifetime", - "lifetime": 0, - }, - ] - for lut in lifetime_update_tests: - step = { - "zone": lut["zone"], - "cdss": cdss, - "config": default_config, - "policy": lut["policy"], - "keyprops": [ - f"csk {lut['lifetime']} {alg} {size} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", - ], - "nextev": None, - } - steps.append(step) - # Test going straight to none. isctest.log.info("check going straight to none (after reconfig)") zones = [