Isolate rollover-lifetime test

bin/tests/system/rollover-lifetime/common.py

@@ -0,0 +1 @@
+../rollover/common.py

bin/tests/system/rollover-lifetime/ns6/kasp.conf.j2

@@ -0,0 +1,29 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0.  If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+dnssec-policy "unlimited-lifetime" {
+	keys {
+		csk lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
+	};
+};
+dnssec-policy "short-lifetime" {
+	keys {
+		csk lifetime P6M algorithm @DEFAULT_ALGORITHM@;
+	};
+};
+
+dnssec-policy "long-lifetime" {
+	keys {
+		csk lifetime P1Y algorithm @DEFAULT_ALGORITHM@;
+	};
+};

bin/tests/system/rollover-lifetime/ns6/limit-lifetime.db

@@ -0,0 +1 @@
+../../rollover-dynamic2inline/ns6/template.db.in

bin/tests/system/rollover-lifetime/ns6/longer-lifetime.db

@@ -0,0 +1 @@
+../../rollover-dynamic2inline/ns6/template.db.in

bin/tests/system/rollover-lifetime/ns6/named.common.conf.j2

@@ -0,0 +1 @@
+../../rollover-dynamic2inline/ns6/named.common.conf.j2

bin/tests/system/rollover-lifetime/ns6/named.conf.j2

@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0.  If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+{% set change_lifetime = change_lifetime | default(False) %}
+{% set longer = "short-lifetime" if not change_lifetime else "long-lifetime" %}
+{% set shorter = "long-lifetime" if not change_lifetime else "short-lifetime" %}
+{% set limit = "unlimited-lifetime" if not change_lifetime else "short-lifetime" %}
+{% set unlimit = "short-lifetime" if not change_lifetime else "unlimited-lifetime" %}
+
+include "kasp.conf";
+include "named.common.conf";
+
+zone longer-lifetime {
+	type primary;
+	file "longer-lifetime.db";
+	dnssec-policy @longer@;
+};
+
+zone shorter-lifetime {
+	type primary;
+	file "shorter-lifetime.db";
+	dnssec-policy @shorter@;
+};
+
+zone limit-lifetime {
+	type primary;
+	file "limit-lifetime.db";
+	dnssec-policy @limit@;
+};
+
+zone unlimit-lifetime {
+	type primary;
+	file "unlimit-lifetime.db";
+	dnssec-policy @unlimit@;
+};

bin/tests/system/rollover-lifetime/ns6/shorter-lifetime.db

@@ -0,0 +1 @@
+../../rollover-dynamic2inline/ns6/template.db.in

bin/tests/system/rollover-lifetime/ns6/unlimit-lifetime.db

@@ -0,0 +1 @@
+../../rollover-dynamic2inline/ns6/template.db.in

bin/tests/system/rollover-lifetime/tests_rollover_lifetime_initial.py

@@ -0,0 +1,48 @@
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0.  If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+# pylint: disable=redefined-outer-name,unused-import
+
+import pytest
+
+import isctest
+from isctest.util import param
+from common import (
+    pytestmark,
+    alg,
+    size,
+    CDSS,
+    DEFAULT_CONFIG,
+    DURATION,
+)
+
+
+@pytest.mark.parametrize(
+    "zone, policy, lifetime",
+    [
+        param("shorter-lifetime", "long-lifetime", "P1Y"),
+        param("longer-lifetime", "short-lifetime", "P6M"),
+        param("limit-lifetime", "unlimited-lifetime", 0),
+        param("unlimit-lifetime", "short-lifetime", "P6M"),
+    ],
+)
+def test_lifetime_initial(zone, policy, lifetime, alg, size, servers):
+    config = DEFAULT_CONFIG
+
+    step = {
+        "zone": zone,
+        "cdss": CDSS,
+        "keyprops": [
+            f"csk {DURATION[lifetime]} {alg} {size} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden",
+        ],
+        "nextev": None,
+    }
+    isctest.kasp.check_rollover_step(servers["ns6"], config, policy, step)

bin/tests/system/rollover-lifetime/tests_rollover_lifetime_reconfig.py

@@ -0,0 +1,58 @@
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0.  If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+# pylint: disable=redefined-outer-name,unused-import
+
+import pytest
+
+import isctest
+from isctest.util import param
+from common import (
+    pytestmark,
+    alg,
+    size,
+    CDSS,
+    DEFAULT_CONFIG,
+    DURATION,
+)
+
+
+@pytest.fixture(scope="module", autouse=True)
+def reconfigure_policy(servers, templates):
+    templates.render("ns6/named.conf", {"change_lifetime": True})
+    servers["ns6"].reconfigure()
+
+
+@pytest.mark.parametrize(
+    "zone, policy, lifetime",
+    [
+        param("shorter-lifetime", "short-lifetime", "P6M"),
+        param("longer-lifetime", "long-lifetime", "P1Y"),
+        param(
+            "limit-lifetime",
+            "short-lifetime",
+            "P6M",
+        ),
+        param("unlimit-lifetime", "unlimited-lifetime", 0),
+    ],
+)
+def test_lifetime_reconfig(zone, policy, lifetime, alg, size, servers):
+    config = DEFAULT_CONFIG
+
+    step = {
+        "zone": zone,
+        "cdss": CDSS,
+        "keyprops": [
+            f"csk {DURATION[lifetime]} {alg} {size} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden",
+        ],
+        "nextev": None,
+    }
+    isctest.kasp.check_rollover_step(servers["ns6"], config, policy, step)

bin/tests/system/rollover/common.py

@@ -40,6 +40,7 @@ pytestmark = pytest.mark.extra_artifacts(
 
 
 TIMEDELTA = {
+    0: timedelta(seconds=0),
     "PT5M": timedelta(minutes=5),
     "PT1H": timedelta(hours=1),
     "PT2H": timedelta(hours=2),

bin/tests/system/rollover/ns6/kasp.conf.j2

@@ -11,23 +11,6 @@
  * information regarding copyright ownership.
  */
 
-dnssec-policy "unlimited-lifetime" {
-	keys {
-		csk lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
-	};
-};
-dnssec-policy "short-lifetime" {
-	keys {
-		csk lifetime P6M algorithm @DEFAULT_ALGORITHM@;
-	};
-};
-
-dnssec-policy "long-lifetime" {
-	keys {
-		csk lifetime P1Y algorithm @DEFAULT_ALGORITHM@;
-	};
-};
-
 dnssec-policy "unsigning" {
 	dnskey-ttl 7200;
 

bin/tests/system/rollover/ns6/named.conf.j2

@@ -21,35 +21,6 @@ include "@_csk_file@";
 
 include "named.common.conf";
 
-/* Lifetime changes. */
-{% set _policy = "short-lifetime" if not csk_roll else "long-lifetime" %}
-zone longer-lifetime {
-	type primary;
-	file "longer-lifetime.db";
-	dnssec-policy @_policy@;
-};
-
-{% set _policy = "long-lifetime" if not csk_roll else "short-lifetime" %}
-zone shorter-lifetime {
-	type primary;
-	file "shorter-lifetime.db";
-	dnssec-policy @_policy@;
-};
-
-{% set _policy = "unlimited-lifetime" if not csk_roll else "short-lifetime" %}
-zone limit-lifetime {
-	type primary;
-	file "limit-lifetime.db";
-	dnssec-policy @_policy@;
-};
-
-{% set _policy = "short-lifetime" if not csk_roll else "unlimited-lifetime" %}
-zone unlimit-lifetime {
-	type primary;
-	file "unlimit-lifetime.db";
-	dnssec-policy @_policy@;
-};
-
 {% set _policy = "default" if not csk_roll else "none" %}
 zone "step1.going-straight-to-none.kasp" {
 	type primary;

bin/tests/system/rollover/ns6/setup.sh

@@ -29,12 +29,6 @@ R="RUMOURED"
 O="OMNIPRESENT"
 U="UNRETENTIVE"
 
-for zn in shorter-lifetime longer-lifetime limit-lifetime \
-  unlimit-lifetime; do
-  setup $zn
-  cp template.db.in $zonefile
-done
-
 # These zones are going straight to "none" policy. This is undefined behavior.
 T="now-10d"
 S="now-12955mi"

bin/tests/system/rollover/tests_rollover.py

@@ -1161,48 +1161,6 @@ def test_rollover_policy_changes(servers, templates):
 
     start_time = KeyTimingMetadata.now()
 
-    # Test key lifetime changes.
-    isctest.log.info("check key lifetime changes are updated correctly")
-    lifetime = {
-        "P1Y": int(timedelta(days=365).total_seconds()),
-        "P6M": int(timedelta(days=31 * 6).total_seconds()),
-        "P60D": int(timedelta(days=60).total_seconds()),
-    }
-    lifetime_update_tests = [
-        {
-            "zone": "shorter-lifetime",
-            "policy": "long-lifetime",
-            "lifetime": lifetime["P1Y"],
-        },
-        {
-            "zone": "longer-lifetime",
-            "policy": "short-lifetime",
-            "lifetime": lifetime["P6M"],
-        },
-        {
-            "zone": "limit-lifetime",
-            "policy": "unlimited-lifetime",
-            "lifetime": 0,
-        },
-        {
-            "zone": "unlimit-lifetime",
-            "policy": "short-lifetime",
-            "lifetime": lifetime["P6M"],
-        },
-    ]
-    for lut in lifetime_update_tests:
-        step = {
-            "zone": lut["zone"],
-            "cdss": cdss,
-            "config": default_config,
-            "policy": lut["policy"],
-            "keyprops": [
-                f"csk {lut['lifetime']} {alg} {size} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden",
-            ],
-            "nextev": None,
-        }
-        steps.append(step)
-
     # Test going straight to none.
     isctest.log.info("check going straight to none")
     zones = [
@@ -1264,42 +1222,6 @@ def test_rollover_policy_changes(servers, templates):
     now = KeyTimingMetadata.now()
     time_passed = now.value - start_time.value
 
-    # Test key lifetime changes (after reconfig).
-    lifetime_update_tests = [
-        {
-            "zone": "shorter-lifetime",
-            "policy": "short-lifetime",
-            "lifetime": lifetime["P6M"],
-        },
-        {
-            "zone": "longer-lifetime",
-            "policy": "long-lifetime",
-            "lifetime": lifetime["P1Y"],
-        },
-        {
-            "zone": "limit-lifetime",
-            "policy": "short-lifetime",
-            "lifetime": lifetime["P6M"],
-        },
-        {
-            "zone": "unlimit-lifetime",
-            "policy": "unlimited-lifetime",
-            "lifetime": 0,
-        },
-    ]
-    for lut in lifetime_update_tests:
-        step = {
-            "zone": lut["zone"],
-            "cdss": cdss,
-            "config": default_config,
-            "policy": lut["policy"],
-            "keyprops": [
-                f"csk {lut['lifetime']} {alg} {size} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden",
-            ],
-            "nextev": None,
-        }
-        steps.append(step)
-
     # Test going straight to none.
     isctest.log.info("check going straight to none (after reconfig)")
     zones = [