mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 22:15:20 +00:00
Code Issues Releases Wiki Activity

Isolate rollover-lifetime test

Browse Source
This commit is contained in:
Nicki Křížek
2025-06-06 11:03:43 +02:00
parent 7001056eab
commit a9c70c3e26
15 changed files with 187 additions and 130 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
bin/tests/system/rollover-lifetime/common.py Symbolic link
View File

@@ -0,0 +1 @@
../rollover/common.py

29
bin/tests/system/rollover-lifetime/ns6/kasp.conf.j2 Normal file
View File

@@ -0,0 +1,29 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* SPDX-License-Identifier: MPL-2.0
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
dnssec-policy "unlimited-lifetime" {
keys {
csk lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
};
};
dnssec-policy "short-lifetime" {
keys {
csk lifetime P6M algorithm @DEFAULT_ALGORITHM@;
};
};
dnssec-policy "long-lifetime" {
keys {
csk lifetime P1Y algorithm @DEFAULT_ALGORITHM@;
};
};

1
bin/tests/system/rollover-lifetime/ns6/limit-lifetime.db Symbolic link
View File

@@ -0,0 +1 @@
../../rollover-dynamic2inline/ns6/template.db.in

1
bin/tests/system/rollover-lifetime/ns6/longer-lifetime.db Symbolic link
View File

@@ -0,0 +1 @@
../../rollover-dynamic2inline/ns6/template.db.in

1
bin/tests/system/rollover-lifetime/ns6/named.common.conf.j2 Symbolic link
View File

@@ -0,0 +1 @@
../../rollover-dynamic2inline/ns6/named.common.conf.j2

45
bin/tests/system/rollover-lifetime/ns6/named.conf.j2 Normal file
View File

@@ -0,0 +1,45 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* SPDX-License-Identifier: MPL-2.0
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
{% set change_lifetime = change_lifetime | default(False) %}
{% set longer = "short-lifetime" if not change_lifetime else "long-lifetime" %}
{% set shorter = "long-lifetime" if not change_lifetime else "short-lifetime" %}
{% set limit = "unlimited-lifetime" if not change_lifetime else "short-lifetime" %}
{% set unlimit = "short-lifetime" if not change_lifetime else "unlimited-lifetime" %}
include "kasp.conf";
include "named.common.conf";
zone longer-lifetime {
type primary;
file "longer-lifetime.db";
dnssec-policy @longer@;
};
zone shorter-lifetime {
type primary;
file "shorter-lifetime.db";
dnssec-policy @shorter@;
};
zone limit-lifetime {
type primary;
file "limit-lifetime.db";
dnssec-policy @limit@;
};
zone unlimit-lifetime {
type primary;
file "unlimit-lifetime.db";
dnssec-policy @unlimit@;
};

1
bin/tests/system/rollover-lifetime/ns6/shorter-lifetime.db Symbolic link
View File

@@ -0,0 +1 @@
../../rollover-dynamic2inline/ns6/template.db.in

1
bin/tests/system/rollover-lifetime/ns6/unlimit-lifetime.db Symbolic link
View File

@@ -0,0 +1 @@
../../rollover-dynamic2inline/ns6/template.db.in

48
bin/tests/system/rollover-lifetime/tests_rollover_lifetime_initial.py Normal file
View File

@@ -0,0 +1,48 @@
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# SPDX-License-Identifier: MPL-2.0
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
# pylint: disable=redefined-outer-name,unused-import
import pytest
import isctest
from isctest.util import param
from common import (
pytestmark,
alg,
size,
CDSS,
DEFAULT_CONFIG,
DURATION,
)
@pytest.mark.parametrize(
"zone, policy, lifetime",
[
param("shorter-lifetime", "long-lifetime", "P1Y"),
param("longer-lifetime", "short-lifetime", "P6M"),
param("limit-lifetime", "unlimited-lifetime", 0),
param("unlimit-lifetime", "short-lifetime", "P6M"),
],
)
def test_lifetime_initial(zone, policy, lifetime, alg, size, servers):
config = DEFAULT_CONFIG
step = {
"zone": zone,
"cdss": CDSS,
"keyprops": [
f"csk {DURATION[lifetime]} {alg} {size} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden",
],
"nextev": None,
}
isctest.kasp.check_rollover_step(servers["ns6"], config, policy, step)

58
bin/tests/system/rollover-lifetime/tests_rollover_lifetime_reconfig.py Normal file
View File

@@ -0,0 +1,58 @@
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# SPDX-License-Identifier: MPL-2.0
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
# pylint: disable=redefined-outer-name,unused-import
import pytest
import isctest
from isctest.util import param
from common import (
pytestmark,
alg,
size,
CDSS,
DEFAULT_CONFIG,
DURATION,
)
@pytest.fixture(scope="module", autouse=True)
def reconfigure_policy(servers, templates):
templates.render("ns6/named.conf", {"change_lifetime": True})
servers["ns6"].reconfigure()
@pytest.mark.parametrize(
"zone, policy, lifetime",
[
param("shorter-lifetime", "short-lifetime", "P6M"),
param("longer-lifetime", "long-lifetime", "P1Y"),
param(
"limit-lifetime",
"short-lifetime",
"P6M",
),
param("unlimit-lifetime", "unlimited-lifetime", 0),
],
)
def test_lifetime_reconfig(zone, policy, lifetime, alg, size, servers):
config = DEFAULT_CONFIG
step = {
"zone": zone,
"cdss": CDSS,
"keyprops": [
f"csk {DURATION[lifetime]} {alg} {size} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden",
],
"nextev": None,
}
isctest.kasp.check_rollover_step(servers["ns6"], config, policy, step)

1
bin/tests/system/rollover/common.py
View File

@@ -40,6 +40,7 @@ pytestmark = pytest.mark.extra_artifacts(
TIMEDELTA = { TIMEDELTA = {
0: timedelta(seconds=0),
"PT5M": timedelta(minutes=5), "PT5M": timedelta(minutes=5),
"PT1H": timedelta(hours=1), "PT1H": timedelta(hours=1),
"PT2H": timedelta(hours=2), "PT2H": timedelta(hours=2),

17
bin/tests/system/rollover/ns6/kasp.conf.j2
View File

@@ -11,23 +11,6 @@
* information regarding copyright ownership. * information regarding copyright ownership.
*/ */
dnssec-policy "unlimited-lifetime" {
keys {
csk lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
};
};
dnssec-policy "short-lifetime" {
keys {
csk lifetime P6M algorithm @DEFAULT_ALGORITHM@;
};
};
dnssec-policy "long-lifetime" {
keys {
csk lifetime P1Y algorithm @DEFAULT_ALGORITHM@;
};
};
dnssec-policy "unsigning" { dnssec-policy "unsigning" {
dnskey-ttl 7200; dnskey-ttl 7200;

29
bin/tests/system/rollover/ns6/named.conf.j2
View File

@@ -21,35 +21,6 @@ include "@_csk_file@";
include "named.common.conf"; include "named.common.conf";
/* Lifetime changes. */
{% set _policy = "short-lifetime" if not csk_roll else "long-lifetime" %}
zone longer-lifetime {
type primary;
file "longer-lifetime.db";
dnssec-policy @_policy@;
};
{% set _policy = "long-lifetime" if not csk_roll else "short-lifetime" %}
zone shorter-lifetime {
type primary;
file "shorter-lifetime.db";
dnssec-policy @_policy@;
};
{% set _policy = "unlimited-lifetime" if not csk_roll else "short-lifetime" %}
zone limit-lifetime {
type primary;
file "limit-lifetime.db";
dnssec-policy @_policy@;
};
{% set _policy = "short-lifetime" if not csk_roll else "unlimited-lifetime" %}
zone unlimit-lifetime {
type primary;
file "unlimit-lifetime.db";
dnssec-policy @_policy@;
};
{% set _policy = "default" if not csk_roll else "none" %} {% set _policy = "default" if not csk_roll else "none" %}
zone "step1.going-straight-to-none.kasp" { zone "step1.going-straight-to-none.kasp" {
type primary; type primary;

6
bin/tests/system/rollover/ns6/setup.sh
View File

@@ -29,12 +29,6 @@ R="RUMOURED"
O="OMNIPRESENT" O="OMNIPRESENT"
U="UNRETENTIVE" U="UNRETENTIVE"
for zn in shorter-lifetime longer-lifetime limit-lifetime \
unlimit-lifetime; do
setup $zn
cp template.db.in $zonefile
done
# These zones are going straight to "none" policy. This is undefined behavior. # These zones are going straight to "none" policy. This is undefined behavior.
T="now-10d" T="now-10d"
S="now-12955mi" S="now-12955mi"

78
bin/tests/system/rollover/tests_rollover.py
View File

@@ -1161,48 +1161,6 @@ def test_rollover_policy_changes(servers, templates):
start_time = KeyTimingMetadata.now() start_time = KeyTimingMetadata.now()
# Test key lifetime changes.
isctest.log.info("check key lifetime changes are updated correctly")
lifetime = {
"P1Y": int(timedelta(days=365).total_seconds()),
"P6M": int(timedelta(days=31 * 6).total_seconds()),
"P60D": int(timedelta(days=60).total_seconds()),
}
lifetime_update_tests = [
{
"zone": "shorter-lifetime",
"policy": "long-lifetime",
"lifetime": lifetime["P1Y"],
},
{
"zone": "longer-lifetime",
"policy": "short-lifetime",
"lifetime": lifetime["P6M"],
},
{
"zone": "limit-lifetime",
"policy": "unlimited-lifetime",
"lifetime": 0,
},
{
"zone": "unlimit-lifetime",
"policy": "short-lifetime",
"lifetime": lifetime["P6M"],
},
]
for lut in lifetime_update_tests:
step = {
"zone": lut["zone"],
"cdss": cdss,
"config": default_config,
"policy": lut["policy"],
"keyprops": [
f"csk {lut['lifetime']} {alg} {size} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden",
],
"nextev": None,
}
steps.append(step)
# Test going straight to none. # Test going straight to none.
isctest.log.info("check going straight to none") isctest.log.info("check going straight to none")
zones = [ zones = [
@@ -1264,42 +1222,6 @@ def test_rollover_policy_changes(servers, templates):
now = KeyTimingMetadata.now() now = KeyTimingMetadata.now()
time_passed = now.value - start_time.value time_passed = now.value - start_time.value
# Test key lifetime changes (after reconfig).
lifetime_update_tests = [
{
"zone": "shorter-lifetime",
"policy": "short-lifetime",
"lifetime": lifetime["P6M"],
},
{
"zone": "longer-lifetime",
"policy": "long-lifetime",
"lifetime": lifetime["P1Y"],
},
{
"zone": "limit-lifetime",
"policy": "short-lifetime",
"lifetime": lifetime["P6M"],
},
{
"zone": "unlimit-lifetime",
"policy": "unlimited-lifetime",
"lifetime": 0,
},
]
for lut in lifetime_update_tests:
step = {
"zone": lut["zone"],
"cdss": cdss,
"config": default_config,
"policy": lut["policy"],
"keyprops": [
f"csk {lut['lifetime']} {alg} {size} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden",
],
"nextev": None,
}
steps.append(step)
# Test going straight to none. # Test going straight to none.
isctest.log.info("check going straight to none (after reconfig)") isctest.log.info("check going straight to none (after reconfig)")
zones = [ zones = [