mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-08-22 01:59:26 +00:00
02460a009f
For the algorithm, CSK, KSK, ZSK rollovers, enabling DNSSEC and going insecure, add new zones to be tested in manual-mode.
49 lines
1.3 KiB
Python
49 lines
1.3 KiB
Python
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
#
|
|
# SPDX-License-Identifier: MPL-2.0
|
|
#
|
|
# This Source Code Form is subject to the terms of the Mozilla Public
|
|
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
|
#
|
|
# See the COPYRIGHT file distributed with this work for additional
|
|
# information regarding copyright ownership.
|
|
|
|
# pylint: disable=redefined-outer-name,unused-import
|
|
|
|
import pytest
|
|
|
|
import isctest
|
|
from isctest.util import param
|
|
from rollover.common import (
|
|
pytestmark,
|
|
CDSS,
|
|
DURATION,
|
|
TIMEDELTA,
|
|
ALGOROLL_CONFIG,
|
|
)
|
|
|
|
|
|
@pytest.mark.parametrize(
|
|
"tld, policy",
|
|
[
|
|
param("kasp", "csk-algoroll"),
|
|
param("manual", "csk-algoroll-manual"),
|
|
],
|
|
)
|
|
def test_algoroll_csk_initial(ns6, tld, policy):
|
|
config = ALGOROLL_CONFIG
|
|
zone = f"step1.csk-algorithm-roll.{tld}"
|
|
|
|
isctest.kasp.wait_keymgr_done(ns6, zone)
|
|
|
|
step = {
|
|
"zone": zone,
|
|
"cdss": CDSS,
|
|
"keyprops": [
|
|
f"csk 0 8 2048 goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{-DURATION['P7D']}",
|
|
],
|
|
"nextev": TIMEDELTA["PT1H"],
|
|
}
|
|
isctest.kasp.check_rollover_step(ns6, config, policy, step)
|