convert delv tests to python

move all dnssec tests using delv from the shell test to tests_delv.py,
and remove tests.sh and tests_sh_dnssec.py.

diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh
deleted file mode 100644 (file)
index 89fcf1c..0000000
--- a/bin/tests/system/dnssec/tests.sh
+++ /dev/null
@@ -1,238 +0,0 @@
-#!/bin/sh
-
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-#
-# SPDX-License-Identifier: MPL-2.0
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0.  If a copy of the MPL was not distributed with this
-# file, you can obtain one at https://mozilla.org/MPL/2.0/.
-#
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
-
-set -e
-
-# shellcheck source=conf.sh
-. ../conf.sh
-
-status=0
-n=1
-
-delv_with_opts() {
-  "$DELV" -a ns1/trusted.conf -p "$PORT" "$@"
-}
-
-if [ -x "${DELV}" ]; then
-  ret=0
-  echo_i "checking positive validation NSEC using dns_client ($n)"
-  delv_with_opts @10.53.0.4 a a.example >delv.out$n || ret=1
-  grep "a.example..*10.0.0.1" delv.out$n >/dev/null || ret=1
-  grep "a.example..*.RRSIG.A [0-9][0-9]* 2 3600 .*" delv.out$n >/dev/null || ret=1
-  n=$((n + 1))
-  test "$ret" -eq 0 || echo_i "failed"
-  status=$((status + ret))
-
-  ret=0
-  echo_i "checking positive validation NSEC using dns_client (trusted-keys) ($n)"
-  "$DELV" -a ns1/trusted.keys -p "$PORT" @10.53.0.4 a a.example >delv.out$n || ret=1
-  grep "a.example..*10.0.0.1" delv.out$n >/dev/null || ret=1
-  grep "a.example..*.RRSIG.A [0-9][0-9]* 2 3600 .*" delv.out$n >/dev/null || ret=1
-  n=$((n + 1))
-  test "$ret" -eq 0 || echo_i "failed"
-  status=$((status + ret))
-
-  ret=0
-  echo_i "checking positive validation NSEC3 using dns_client ($n)"
-  delv_with_opts @10.53.0.4 a a.nsec3.example >delv.out$n || ret=1
-  grep "a.nsec3.example..*10.0.0.1" delv.out$n >/dev/null || ret=1
-  grep "a.nsec3.example..*RRSIG.A [0-9][0-9]* 3 300 .*" delv.out$n >/dev/null || ret=1
-  n=$((n + 1))
-  test "$ret" -eq 0 || echo_i "failed"
-  status=$((status + ret))
-
-  SP="[[:space:]]+"
-
-  ret=0
-  echo_i "checking positive validation OPTOUT using dns_client ($n)"
-  delv_with_opts @10.53.0.4 a a.optout.example >delv.out$n || ret=1
-  grep -Eq "^a\\.optout\\.example\\.""$SP""[0-9]+""$SP""IN""$SP""A""$SP""10.0.0.1" delv.out$n || ret=1
-  grep -Eq "^a\\.optout\\.example\\.""$SP""[0-9]+""$SP""IN""$SP""RRSIG""$SP""A""$SP""$DEFAULT_ALGORITHM_NUMBER""$SP""3""$SP""300" delv.out$n || ret=1
-  n=$((n + 1))
-  test "$ret" -eq 0 || echo_i "failed"
-  status=$((status + ret))
-
-  ret=0
-  echo_i "checking positive wildcard validation NSEC using dns_client ($n)"
-  delv_with_opts @10.53.0.4 a a.wild.example >delv.out$n || ret=1
-  grep "a.wild.example..*10.0.0.27" delv.out$n >/dev/null || ret=1
-  grep -E "a.wild.example..*RRSIG.A [0-9]+ 2 3600 .*" delv.out$n >/dev/null || ret=1
-  n=$((n + 1))
-  test "$ret" -eq 0 || echo_i "failed"
-  status=$((status + ret))
-
-  ret=0
-  echo_i "checking positive wildcard validation NSEC3 using dns_client ($n)"
-  delv_with_opts @10.53.0.4 a a.wild.nsec3.example >delv.out$n || ret=1
-  grep -E "a.wild.nsec3.example..*10.0.0.6" delv.out$n >/dev/null || ret=1
-  grep -E "a.wild.nsec3.example..*RRSIG.A [0-9][0-9]* 3 300.*" delv.out$n >/dev/null || ret=1
-  n=$((n + 1))
-  test "$ret" -eq 0 || echo_i "failed"
-  status=$((status + ret))
-
-  ret=0
-  echo_i "checking positive wildcard validation OPTOUT using dns_client ($n)"
-  delv_with_opts @10.53.0.4 a a.wild.optout.example >delv.out$n || ret=1
-  grep "a.wild.optout.example..*10.0.0.6" delv.out$n >/dev/null || ret=1
-  grep "a.wild.optout.example..*RRSIG.A [0-9][0-9]* 3 300.*" delv.out$n >/dev/null || ret=1
-  n=$((n + 1))
-  test "$ret" -eq 0 || echo_i "failed"
-  status=$((status + ret))
-
-  ret=0
-  echo_i "checking negative validation NXDOMAIN NSEC using dns_client ($n)"
-  delv_with_opts @10.53.0.4 a q.example >delv.out$n 2>&1 || ret=1
-  grep "resolution failed: ncache nxdomain" delv.out$n >/dev/null || ret=1
-  n=$((n + 1))
-  test "$ret" -eq 0 || echo_i "failed"
-  status=$((status + ret))
-
-  ret=0
-  echo_i "checking negative validation NXDOMAIN NSEC3 using dns_client ($n)"
-  delv_with_opts @10.53.0.4 a q.nsec3.example >delv.out$n 2>&1 || ret=1
-  grep "resolution failed: ncache nxdomain" delv.out$n >/dev/null || ret=1
-  n=$((n + 1))
-  test "$ret" -eq 0 || echo_i "failed"
-  status=$((status + ret))
-
-  ret=0
-  echo_i "checking negative validation NXDOMAIN OPTOUT using dns_client ($n)"
-  delv_with_opts @10.53.0.4 a q.optout.example >delv.out$n 2>&1 || ret=1
-  grep "resolution failed: ncache nxdomain" delv.out$n >/dev/null || ret=1
-  n=$((n + 1))
-  test "$ret" -eq 0 || echo_i "failed"
-  status=$((status + ret))
-
-  ret=0
-  echo_i "checking negative validation NODATA OPTOUT using dns_client ($n)"
-  delv_with_opts @10.53.0.4 txt a.example >delv.out$n 2>&1 || ret=1
-  grep "resolution failed: ncache nxrrset" delv.out$n >/dev/null || ret=1
-  n=$((n + 1))
-  test "$ret" -eq 0 || echo_i "failed"
-  status=$((status + ret))
-
-  ret=0
-  echo_i "checking negative validation NODATA NSEC3 using dns_client ($n)"
-  delv_with_opts @10.53.0.4 txt a.nsec3.example >delv.out$n 2>&1 || ret=1
-  grep "resolution failed: ncache nxrrset" delv.out$n >/dev/null || ret=1
-  n=$((n + 1))
-  test "$ret" -eq 0 || echo_i "failed"
-  status=$((status + ret))
-
-  ret=0
-  echo_i "checking negative validation NODATA OPTOUT using dns_client ($n)"
-  delv_with_opts @10.53.0.4 txt a.optout.example >delv.out$n 2>&1 || ret=1
-  grep "resolution failed: ncache nxrrset" delv.out$n >/dev/null || ret=1
-  n=$((n + 1))
-  test "$ret" -eq 0 || echo_i "failed"
-  status=$((status + ret))
-
-  ret=0
-  echo_i "checking negative wildcard validation NSEC using dns_client ($n)"
-  delv_with_opts @10.53.0.4 txt b.wild.example >delv.out$n 2>&1 || ret=1
-  grep "resolution failed: ncache nxrrset" delv.out$n >/dev/null || ret=1
-  n=$((n + 1))
-  test "$ret" -eq 0 || echo_i "failed"
-  status=$((status + ret))
-
-  ret=0
-  echo_i "checking negative wildcard validation NSEC3 using dns_client ($n)"
-  delv_with_opts @10.53.0.4 txt b.wild.nsec3.example >delv.out$n 2>&1 || ret=1
-  grep "resolution failed: ncache nxrrset" delv.out$n >/dev/null || ret=1
-  n=$((n + 1))
-  test "$ret" -eq 0 || echo_i "failed"
-  status=$((status + ret))
-
-  ret=0
-  echo_i "checking negative wildcard validation OPTOUT using dns_client ($n)"
-  delv_with_opts @10.53.0.4 txt b.optout.nsec3.example >delv.out$n 2>&1 || ret=1
-  grep "resolution failed: ncache nxrrset" delv.out$n >/dev/null || ret=1
-  n=$((n + 1))
-  test "$ret" -eq 0 || echo_i "failed"
-  status=$((status + ret))
-
-  ret=0
-  echo_i "checking 1-server insecurity proof NSEC using dns_client ($n)"
-  delv_with_opts @10.53.0.4 a a.insecure.example >delv.out$n || ret=1
-  grep "a.insecure.example..*10.0.0.1" delv.out$n >/dev/null || ret=1
-  n=$((n + 1))
-  test "$ret" -eq 0 || echo_i "failed"
-  status=$((status + ret))
-
-  ret=0
-  echo_i "checking 1-server insecurity proof NSEC3 using dns_client ($n)"
-  delv_with_opts @10.53.0.4 a a.insecure.nsec3.example >delv.out$n || ret=1
-  grep "a.insecure.nsec3.example..*10.0.0.1" delv.out$n >/dev/null || ret=1
-  n=$((n + 1))
-  test "$ret" -eq 0 || echo_i "failed"
-  status=$((status + ret))
-
-  ret=0
-  echo_i "checking 1-server insecurity proof OPTOUT using dns_client ($n)"
-  delv_with_opts @10.53.0.4 a a.insecure.optout.example >delv.out$n || ret=1
-  grep "a.insecure.optout.example..*10.0.0.1" delv.out$n >/dev/null || ret=1
-  n=$((n + 1))
-  test "$ret" -eq 0 || echo_i "failed"
-  status=$((status + ret))
-
-  ret=0
-  echo_i "checking 1-server negative insecurity proof NSEC using dns_client ($n)"
-  delv_with_opts @10.53.0.4 a q.insecure.example >delv.out$n 2>&1 || ret=1
-  grep "resolution failed: ncache nxdomain" delv.out$n >/dev/null || ret=1
-  n=$((n + 1))
-  test "$ret" -eq 0 || echo_i "failed"
-  status=$((status + ret))
-
-  ret=0
-  echo_i "checking 1-server negative insecurity proof NSEC3 using dns_client ($n)"
-  delv_with_opts @10.53.0.4 a q.insecure.nsec3.example >delv.out$n 2>&1 || ret=1
-  grep "resolution failed: ncache nxdomain" delv.out$n >/dev/null || ret=1
-  n=$((n + 1))
-  test "$ret" -eq 0 || echo_i "failed"
-  status=$((status + ret))
-
-  ret=0
-  echo_i "checking 1-server negative insecurity proof OPTOUT using dns_client ($n)"
-  delv_with_opts @10.53.0.4 a q.insecure.optout.example >delv.out$n 2>&1 || ret=1
-  grep "resolution failed: ncache nxdomain" delv.out$n >/dev/null || ret=1
-  n=$((n + 1))
-  test "$ret" -eq 0 || echo_i "failed"
-  status=$((status + ret))
-
-  ret=0
-  echo_i "checking failed validation using dns_client ($n)"
-  delv_with_opts +cd @10.53.0.4 a a.bogus.example >delv.out$n 2>&1 || ret=1
-  grep "resolution failed: RRSIG failed to verify" delv.out$n >/dev/null || ret=1
-  n=$((n + 1))
-  test "$ret" -eq 0 || echo_i "failed"
-  status=$((status + ret))
-
-  ret=0
-  echo_i "checking that validation fails when key record is missing using dns_client ($n)"
-  delv_with_opts +cd @10.53.0.4 a a.b.keyless.example >delv.out$n 2>&1 || ret=1
-  grep "resolution failed: insecurity proof failed" delv.out$n >/dev/null || ret=1
-  n=$((n + 1))
-  test "$ret" -eq 0 || echo_i "failed"
-  status=$((status + ret))
-
-  ret=0
-  echo_i "checking that validation succeeds when a revoked key is encountered using dns_client ($n)"
-  delv_with_opts +cd @10.53.0.4 soa revkey.example >delv.out$n 2>&1 || ret=1
-  grep "fully validated" delv.out$n >/dev/null || ret=1
-  n=$((n + 1))
-  test "$ret" -eq 0 || echo_i "failed"
-  status=$((status + ret))
-fi
-
-echo_i "exit status: $status"
-[ $status -eq 0 ] || exit 1

diff --git a/bin/tests/system/dnssec/tests_delv.py b/bin/tests/system/dnssec/tests_delv.py
new file mode 100644 (file)
index 0000000..5e5f375
--- /dev/null
+++ b/bin/tests/system/dnssec/tests_delv.py
@@ -0,0 +1,160 @@
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0.  If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+import os
+import re
+import subprocess
+
+import pytest
+
+import isctest
+
+
+pytestmark = pytest.mark.skipif(bool(os.getenv("TSAN_OPTIONS", "")), reason="TSAN")
+
+
+# helper functions
+def grep_c(regex, data):
+    blob = data.splitlines()
+    results = [x for x in blob if re.search(regex, x)]
+    return len(results)
+
+
+# run delv
+def delv(*args, tkeys=False):
+    delv_cmd = [os.environ.get("DELV")]
+
+    tfile = "ns1/trusted.keys" if tkeys else "ns1/trusted.conf"
+    delv_cmd.extend(["@10.53.0.4", "-a", tfile, "-p", os.environ["PORT"]])
+    delv_cmd.extend(args)
+
+    return (
+        isctest.run.cmd(delv_cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+        .stdout.decode("utf-8")
+        .strip()
+    )
+
+
+def test_positive_validation_delv():
+    # check positive validation NSEC
+    response = delv("a", "a.example")
+    assert grep_c("a.example..*10.0.0.1", response)
+    assert grep_c("a.example..*.RRSIG.A [0-9][0-9]* 2 3600 .*", response)
+
+    # check positive validation NSEC (trsuted-keys)
+    response = delv("a", "a.example", tkeys=True)
+    assert grep_c("a.example..*10.0.0.1", response)
+    assert grep_c("a.example..*.RRSIG.A [0-9][0-9]* 2 3600 .*", response)
+
+    # check positive validation NSEC3
+    response = delv("a", "a.nsec3.example")
+    assert grep_c("a.nsec3.example..*10.0.0.1", response)
+    assert grep_c("a.nsec3.example..*.RRSIG.A [0-9][0-9]* 3 300 .*", response)
+
+    # check positive validation OPTOUT
+    response = delv("a", "a.optout.example")
+    assert grep_c("a.optout.example..*10.0.0.1", response)
+    assert grep_c("a.optout.example..*.RRSIG.A [0-9][0-9]* 3 300 .*", response)
+
+    # check positive wildcard validation NSEC
+    response = delv("a", "a.wild.example")
+    assert grep_c("a.wild.example..*10.0.0.27", response)
+    assert grep_c("a.wild.example..*.RRSIG.A [0-9][0-9]* 2 3600 .*", response)
+
+    # check positive wildcard validation NSEC3
+    response = delv("a", "a.wild.nsec3.example")
+    assert grep_c("a.wild.nsec3.example..*10.0.0.6", response)
+    assert grep_c("a.wild.nsec3.example..*.RRSIG.A [0-9][0-9]* 3 300 .*", response)
+
+    # check positive wildcard validation OPTOUT
+    response = delv("a", "a.wild.optout.example")
+    assert grep_c("a.wild.optout.example..*10.0.0.6", response)
+    assert grep_c("a.wild.optout.example..*.RRSIG.A [0-9][0-9]* 3 300 .*", response)
+
+
+def test_negative_validation_delv():
+    # checking negative validation NXDOMAIN NSEC
+    response = delv("a", "q.example")
+    assert grep_c("resolution failed: ncache nxdomain", response)
+
+    # checking negative validation NODATA NSEC
+    response = delv("txt", "a.example")
+    assert grep_c("resolution failed: ncache nxrrset", response)
+
+    # checking negative validation NXDOMAIN NSEC3
+    response = delv("a", "q.nsec3.example")
+    assert grep_c("resolution failed: ncache nxdomain", response)
+
+    # checking negative validation NODATA NSEC3
+    response = delv("txt", "a.nsec3.example")
+    assert grep_c("resolution failed: ncache nxrrset", response)
+
+    # checking negative validation NXDOMAIN OPTOUT
+    response = delv("a", "q.optout.example")
+    assert grep_c("resolution failed: ncache nxdomain", response)
+
+    # checking negative validation NODATA OPTOUT
+    response = delv("txt", "a.optout.example")
+    assert grep_c("resolution failed: ncache nxrrset", response)
+
+    # checking negative wildcard validation NSEC
+    response = delv("txt", "b.wild.example")
+    assert grep_c("resolution failed: ncache nxrrset", response)
+
+    # checking negative wildcard validation NSEC3
+    response = delv("txt", "b.wild.nsec3.example")
+    assert grep_c("resolution failed: ncache nxrrset", response)
+
+    # checking negative wildcard validation OPTOUT
+    response = delv("txt", "b.wild.optout.example")
+    assert grep_c("resolution failed: ncache nxrrset", response)
+
+
+def test_insecure_validation_delv():
+    # check 1-server insecurity proof NSEC
+    response = delv("a", "a.insecure.example")
+    assert grep_c("a.insecure.example..*10.0.0.1", response)
+
+    # check 1-server insecurity proof NSEC3
+    response = delv("a", "a.insecure.nsec3.example")
+    assert grep_c("a.insecure.nsec3.example..*10.0.0.1", response)
+
+    # check 1-server insecurity proof NSEC3
+    response = delv("a", "a.insecure.optout.example")
+    assert grep_c("a.insecure.optout.example..*10.0.0.1", response)
+
+    # check 1-server negative insecurity proof NSEC
+    response = delv("a", "q.insecure.example")
+    assert grep_c("resolution failed: ncache nxdomain", response)
+
+    # check 1-server negative insecurity proof NSEC3
+    response = delv("a", "q.insecure.nsec3.example")
+    assert grep_c("resolution failed: ncache nxdomain", response)
+
+    # check 1-server negative insecurity proof OPTOUT
+    response = delv("a", "q.insecure.optout.example")
+    assert grep_c("resolution failed: ncache nxdomain", response)
+
+
+def test_validation_failure_delv():
+    # check failed validation due to bogus data
+    response = delv("+cd", "a", "a.bogus.example")
+    assert grep_c("resolution failed: RRSIG failed to verify", response)
+
+    # check failed validation due to missing key record
+    response = delv("+cd", "a", "a.b.keyless.example")
+    assert grep_c("resolution failed: insecurity proof failed", response)
+
+
+def test_revoked_key_delv():
+    # check failed validation succeeds when a revoked key is encountered
+    response = delv("+cd", "soa", "revkey.example")
+    assert grep_c("fully validated", response)

diff --git a/bin/tests/system/dnssec/tests_sh_dnssec.py b/bin/tests/system/dnssec/tests_sh_dnssec.py
deleted file mode 100644 (file)
index 8448082..0000000
--- a/bin/tests/system/dnssec/tests_sh_dnssec.py
+++ /dev/null
@@ -1,180 +0,0 @@
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-#
-# SPDX-License-Identifier: MPL-2.0
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0.  If a copy of the MPL was not distributed with this
-# file, you can obtain one at https://mozilla.org/MPL/2.0/.
-#
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
-
-import pytest
-
-pytestmark = pytest.mark.extra_artifacts(
-    [
-        ".hypothesis/examples/*",
-        "K*",
-        "canonical*",
-        "delv.out*",
-        "dig.out.*",
-        "dsfromkey.out.*",
-        "named.secroots.*",
-        "nsupdate.out.*",
-        "python.out.*",
-        "rndc.out.*",
-        "signing.out.*",
-        "*/K*",
-        "*/dsset-*",
-        "*/managed.conf",
-        "*/trusted.conf",
-        "*/*.bk",
-        "*/*.jnl",
-        "*/*.jbk",
-        "*/*.signed",
-        "*/*.mkeys*",
-        "*/managed-keys.bind",
-        "ans*/ans.run",
-        "ans*/query.log",
-        "ns1/managed.key.id",
-        "ns1/root.db",
-        "ns1/trusted.keys",
-        "ns2/algroll.db",
-        "ns2/badparam.db",
-        "ns2/badparam.db.bad",
-        "ns2/cdnskey-update.secure.db",
-        "ns2/cdnskey-update.secure.id",
-        "ns2/cdnskey-x.secure.db",
-        "ns2/cdnskey.secure.db",
-        "ns2/cds-update.secure.db",
-        "ns2/cds-update.secure.id",
-        "ns2/cds-x.secure.db",
-        "ns2/cds.secure.db",
-        "ns2/dnskey-rrsigs-stripped.db",
-        "ns2/dnskey-rrsigs-stripped.db.next",
-        "ns2/dnskey-rrsigs-stripped.db.stripped",
-        "ns2/child.ds-rrsigs-stripped.db",
-        "ns2/ds-rrsigs-stripped.db",
-        "ns2/ds-rrsigs-stripped.db.next",
-        "ns2/ds-rrsigs-stripped.db.stripped",
-        "ns2/example.db",
-        "ns2/in-addr.arpa.db",
-        "ns2/lazy-ksk.db",
-        "ns2/managed.db",
-        "ns2/nsec3chain-test.db",
-        "ns2/peer-ns-spoof.db",
-        "ns2/peer.peer-ns-spoof.db",
-        "ns2/peer.peer-ns-spoof.db.next",
-        "ns2/peer.peer-ns-spoof.db.stripped",
-        "ns2/settime.out.updatecheck-kskonly.secure.ksk",
-        "ns2/settime.out.updatecheck-kskonly.secure.zsk",
-        "ns2/single-nsec3.db",
-        "ns2/too-many-iterations.db",
-        "ns2/inconsistent.db",
-        "ns2/trusted.db",
-        "ns2/updatecheck-kskonly.secure.db",
-        "ns2/updatecheck-kskonly.secure.ksk.id",
-        "ns2/updatecheck-kskonly.secure.ksk.key",
-        "ns2/updatecheck-kskonly.secure.zsk.id",
-        "ns2/updatecheck-kskonly.secure.zsk.id2",
-        "ns2/updatecheck-kskonly.secure.zsk.id3",
-        "ns2/updatecheck-kskonly.secure.zsk.key",
-        "ns3/NSEC",
-        "ns3/NSEC3",
-        "ns3/auto-nsec.example.db",
-        "ns3/auto-nsec3.example.db",
-        "ns3/badds.example.db",
-        "ns3/bogus.example.db",
-        "ns3/digest-alg-unsupported.example.db",
-        "ns3/disabled.managed.db",
-        "ns3/disabled.trusted.db",
-        "ns3/dname-at-apex-nsec3.example.db",
-        "ns3/dnskey-nsec3-unknown.example.db",
-        "ns3/dnskey-nsec3-unknown.example.db.tmp",
-        "ns3/dnskey-unknown.example.db",
-        "ns3/dnskey-unknown.example.db.tmp",
-        "ns3/dnskey-unsupported-2.example.db",
-        "ns3/dnskey-unsupported.example.db",
-        "ns3/dnskey-unsupported.example.db.tmp",
-        "ns3/ds-unsupported.example.db",
-        "ns3/dynamic.example.db",
-        "ns3/enabled.managed.db",
-        "ns3/enabled.trusted.db",
-        "ns3/example.bk",
-        "ns3/expired.example.db",
-        "ns3/expiring.example.db",
-        "ns3/extended-ds-unknown-oid.example.db",
-        "ns3/extended-ds-unknown-oid.example.db.stage1",
-        "ns3/extended-ds-unknown-oid.example.db.stage2",
-        "ns3/extradsoid.example.db",
-        "ns3/extradsunknownoid.example.db",
-        "ns3/extradsunknownoid.example.db.stage1",
-        "ns3/extradsunknownoid.example.db.stage2",
-        "ns3/future.example.db",
-        "ns3/keyless.example.db",
-        "ns3/kskonly.example.db",
-        "ns3/localkey.example.db",
-        "ns3/lower.example.db",
-        "ns3/managed-future.example.db",
-        "ns3/multiple.example.db",
-        "ns3/nsec3-unknown.example.db",
-        "ns3/nsec3.example.db",
-        "ns3/nsec3.nsec3.example.db",
-        "ns3/nsec3.optout.example.db",
-        "ns3/nsec3chain-test.bk",
-        "ns3/occluded.example.db",
-        "ns3/optout-unknown.example.db",
-        "ns3/optout.example.db",
-        "ns3/optout.nsec3.example.db",
-        "ns3/optout.optout.example.db",
-        "ns3/revkey.example.db",
-        "ns3/revoked.managed.db",
-        "ns3/revoked.trusted.db",
-        "ns3/rfc2335.example.bk",
-        "ns3/rsasha256.example.db",
-        "ns3/rsasha256oid.example.db",
-        "ns3/rsasha512.example.db",
-        "ns3/rsasha512oid.example.db",
-        "ns3/secure.below-cname.example.db",
-        "ns3/secure.example.db",
-        "ns3/secure.managed.db",
-        "ns3/secure.nsec3.example.db",
-        "ns3/secure.optout.example.db",
-        "ns3/secure.trusted.db",
-        "ns3/siginterval.conf",
-        "ns3/siginterval.example.db",
-        "ns3/split-dnssec.example.db",
-        "ns3/split-smart.example.db",
-        "ns3/target.peer-ns-spoof.db",
-        "ns3/trusted-future.key",
-        "ns3/ttlpatch.example.db",
-        "ns3/ttlpatch.example.db.patched",
-        "ns3/unknownoid.example.db",
-        "ns3/unknownoid.example.db.stage1",
-        "ns3/unknownoid.example.db.stage2",
-        "ns3/unsupported.managed.db",
-        "ns3/unsupported.managed.db.tmp",
-        "ns3/unsupported.trusted.db",
-        "ns3/unsupported.trusted.db.tmp",
-        "ns3/update-nsec3.example.db",
-        "ns3/update-nsec3.example.db.signed",
-        "ns3/upper.example.db",
-        "ns3/upper.example.db.lower",
-        "ns4/managed.conf",
-        "ns4/named.secroots",
-        "ns4/named_dump.db",
-        "ns4/named_dump.db.*",
-        "ns5/broken.conf",
-        "ns5/revoked.conf",
-        "ns5/many-trusted.conf",
-        "ns5/many-managed.conf",
-        "ns6/optout-tld.db",
-        "ns6/split-rrsig.db",
-        "ns6/split-rrsig.db.unsplit",
-        "ns9/trusted-localkey.conf",
-    ]
-)
-
-
-def test_dnssec(run_tests_sh):
-    run_tests_sh()