distro/tests: add tests for new DoH implementation

* one test unsing curl and sha256sum (get_url can't do HTTP/2)
* one test using kdig when correct version is present

diff --git a/.travis.yml b/.travis.yml
index 1cf142d1b740d5392ba276075898c2ff0858c0a1..5b7cd0a85eadf578202d377502206bf6bb461fd6 100644 (file)
--- a/.travis.yml
+++ b/.travis.yml
@@ -12,6 +12,7 @@ addons:
             - libuv
             - lmdb
             - meson
+            - nghttp2
         update: true
 compiler:
     - clang

diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh2.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh2.yaml
new file mode 100644 (file)
index 0000000..eebca20
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh2.yaml
@@ -0,0 +1,8 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: doh2_config set up kresd.conf
+  blockinfile:
+    marker: -- {mark} ANSIBLE MANAGED BLOCK
+    block: |
+      net.listen('127.0.0.1', 44354, { kind = 'doh2' })
+    path: /etc/knot-resolver/kresd.conf

diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/main.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/main.yaml
index a14125a00773873be6ef238aa44b92f8a58f4edb..d99ff3c53bbf69193aa34dcfb7fc77620c15ccdf 100644 (file)
--- a/distro/tests/ansible-roles/knot_resolver/tasks/main.yaml
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/main.yaml
@@ -26,7 +26,13 @@
 
     - include: test_kres_cache_gc.yaml
 
-    - name: Test DoH
+    - name: Test DoH (new implementation)
+      block:
+        - include: configure_doh2.yaml
+        - include: restart_kresd.yaml
+        - include: test_doh2.yaml
+
+    - name: Test DoH (legacy)
       block:
         - name: Install knot-resolver-module-http
           package:

diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_doh2.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_doh2.yaml
new file mode 100644 (file)
index 0000000..115872a
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_doh2.yaml
@@ -0,0 +1,23 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: doh2_test check kdig https support
+  shell: kdig --help | grep -q '+\S*https'
+  register: kdig_https
+  ignore_errors: true
+
+- name: doh2_test query localhost. A
+  # use curl instead of ansible builtins (get_url/uri)
+  # because they currently use unsupported HTTP/1.1
+  shell: |
+    curl -k -o /tmp/doh_test https://127.0.0.1:44354/doh?dns=1Y0BAAABAAAAAAAACWxvY2FsaG9zdAAAAQAB
+    echo "e5c2710e6ecb78c089ab608ad5861b87be0d1c623c4d58b4eee3b21c06aa2008  /tmp/doh_test" > /tmp/doh_test.sha256
+    sha256sum --check /tmp/doh_test.sha256
+  args:
+    # disable warning about using curl - we know what we're doing
+    warn: false
+
+- name: doh2_test kdig localhost. A
+  shell: |
+    kdig @127.0.0.1 -p 44354 +https nic.cz || exit 1
+    kdig @127.0.0.1 -p 44354 +https-get nic.cz || exit 2
+  when: kdig_https is succeeded