Test ZoneAnalyzer utility class

I've considered writing hypothesis test for this but I would have to
reimplement the same thing, which would probably have the same logic
bugs, so I will leave it as an exercise for someone else.

diff --git a/bin/tests/system/selftest/analyzer.db b/bin/tests/system/selftest/analyzer.db
new file mode 100644 (file)
index 0000000..298de3a
--- /dev/null
+++ b/bin/tests/system/selftest/analyzer.db
@@ -0,0 +1,46 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0.  If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 300       ; 5 minutes
+@                      IN SOA  mname1. . (
+                               2000042407 ; serial
+                               20         ; refresh (20 seconds)
+                               20         ; retry (20 seconds)
+                               1814400    ; expire (3 weeks)
+                               3600       ; minimum (1 hour)
+                               )
+                       NS      ns
+ns                     A       10.53.0.3
+
+a                      A       10.0.0.1
+b                      A       10.0.0.2
+d                      A       10.0.0.4
+z                      A       10.0.0.26
+a.a.a.a                        A       10.0.0.3
+*.wild                 A       10.0.0.6
+underwild.wild         TXT     "not occluded"
+insecure               NS      ns.insecure
+secondns.insecure      NS      ns.insecure
+insecure               NS      ns.insecure2
+belowcut.insecure      TXT     "occluded"
+belowcut2.insecure     TXT     "occluded"  ; two RRs, just in case
+dname.insecure         DNAME   occluded.
+ns.insecure            A       10.53.0.3
+02HC3EM7BDD011A0GMS3HKKJT2IF5VP8 A 10.0.0.17
+dname                  DNAME   elsewhere.
+*.dname                        TXT     "occluded"
+occluded.dname         TXT     "occluded"
+occluded2.dname                TXT     "occluded"
+nsunder.occluded.dname NS      ns
+nsunder.dname          NS      ns
+*.nsunder.dname                TXT     "occluded"
+
+test. TXT "out of zone"

diff --git a/bin/tests/system/selftest/tests_zone_analyzer.py b/bin/tests/system/selftest/tests_zone_analyzer.py
new file mode 100755 (executable)
index 0000000..1808cd4
--- /dev/null
+++ b/bin/tests/system/selftest/tests_zone_analyzer.py
@@ -0,0 +1,134 @@
+#!/usr/bin/python3
+
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0.  If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+import os
+from pathlib import Path
+
+import pytest
+
+pytest.importorskip("dns", minversion="2.5.0")
+import dns.name
+
+import isctest
+
+from typing import List
+
+
+SUFFIX = dns.name.from_text("nsec3.example.")
+ZONE = isctest.name.ZoneAnalyzer.read_path(
+    Path(os.environ["builddir"]) / "selftest/analyzer.db", origin=SUFFIX
+)
+
+
+def text_to_names(texts: List[str]):
+    return frozenset(dns.name.from_text(text, origin=SUFFIX) for text in texts)
+
+
+def test_analyzer_delegations():
+    assert ZONE.delegations == text_to_names(
+        [
+            "nsunder.dname",
+            "nsunder.occluded.dname",
+            "insecure",
+            "secondns.insecure",
+        ]
+    )
+
+
+def test_analyzer_dnames():
+    assert ZONE.dnames == text_to_names(
+        [
+            "dname",
+            "dname.insecure",
+        ]
+    )
+
+
+def test_analyzer_ents():
+    assert ZONE.ents == text_to_names(
+        [
+            "a.a",
+            "a.a.a",
+            "wild",
+        ]
+    )
+
+
+def test_analyzer_occluded():
+    assert ZONE.occluded == text_to_names(
+        [
+            "*.dname",
+            "nsunder.dname",
+            "*.nsunder.dname",
+            "occluded.dname",
+            "nsunder.occluded.dname",
+            "occluded2.dname",
+            "belowcut.insecure",
+            "belowcut2.insecure",
+            "dname.insecure",
+            "ns.insecure",
+            "secondns.insecure",
+        ]
+    )
+
+
+def test_analyzer_reachable():
+    assert ZONE.reachable == text_to_names(
+        [
+            "@",
+            "02HC3EM7BDD011A0GMS3HKKJT2IF5VP8",
+            "a",
+            "a.a.a.a",
+            "b",
+            "d",
+            "dname",
+            "ns",
+            "*.wild",
+            "underwild.wild",
+            "z",
+        ]
+    )
+
+
+def test_analyzer_reachable_delegations():
+    assert ZONE.reachable_delegations == text_to_names(
+        [
+            "insecure",
+        ]
+    )
+
+
+def test_analyzer_reachable_dnames():
+    assert ZONE.reachable_dnames == text_to_names(
+        [
+            "dname",
+        ]
+    )
+
+
+def test_analyzer_reachable_wildcards():
+    assert ZONE.reachable_wildcards == text_to_names(
+        [
+            "*.wild",
+        ]
+    )
+
+
+def test_analyzer_wildcards():
+    assert ZONE.wildcards == text_to_names(
+        [
+            "*.dname",
+            "*.nsunder.dname",
+            "*.wild",
+        ]
+    )