--- /dev/null
+../../rollover/ns3/named.common.conf.j2
\ No newline at end of file
--- /dev/null
+../../rollover/ns3/template.db.in
\ No newline at end of file
+++ /dev/null
-../../rollover-dynamic2inline/ns6/named.common.conf.j2
\ No newline at end of file
+++ /dev/null
-../../rollover-dynamic2inline/ns6/template.db.in
\ No newline at end of file
# shellcheck source=conf.sh
. ../conf.sh
-cd "ns6"
+cd "ns3"
setup() {
zone="$1"
param("manual", "csk-algoroll-manual"),
],
)
-def test_algoroll_csk_initial(ns6, tld, policy):
+def test_algoroll_csk_initial(ns3, tld, policy):
config = ALGOROLL_CONFIG
zone = f"step1.csk-algorithm-roll.{tld}"
- isctest.kasp.wait_keymgr_done(ns6, zone)
+ isctest.kasp.wait_keymgr_done(ns3, zone)
step = {
"zone": zone,
],
"nextev": TIMEDELTA["PT1H"],
}
- isctest.kasp.check_rollover_step(ns6, config, policy, step)
+ isctest.kasp.check_rollover_step(ns3, config, policy, step)
@pytest.fixture(scope="module", autouse=True)
-def after_servers_start(ns6, templates):
+def after_servers_start(ns3, templates):
global TIME_PASSED # pylint: disable=global-statement
- isctest.kasp.wait_keymgr_done(ns6, "step1.csk-algorithm-roll.kasp")
+ isctest.kasp.wait_keymgr_done(ns3, "step1.csk-algorithm-roll.kasp")
- templates.render("ns6/named.conf", {"csk_roll": True})
+ templates.render("ns3/named.conf", {"csk_roll": True})
start_time = KeyTimingMetadata.now()
- ns6.reconfigure()
+ ns3.reconfigure()
# Calculate time passed to correctly check for next key events.
TIME_PASSED = KeyTimingMetadata.now().value - start_time.value
param("manual"),
],
)
-def test_algoroll_csk_reconfig_step1(tld, ns6, alg, size):
+def test_algoroll_csk_reconfig_step1(tld, ns3, alg, size):
zone = f"step1.csk-algorithm-roll.{tld}"
policy = f"{POLICY}-{tld}"
- isctest.kasp.wait_keymgr_done(ns6, zone, reconfig=True)
+ isctest.kasp.wait_keymgr_done(ns3, zone, reconfig=True)
if tld == "manual":
# Same as initial.
"manual-mode": True,
"nextev": None,
}
- keys = isctest.kasp.check_rollover_step(ns6, CONFIG, policy, step)
+ keys = isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
# Check logs.
tag = keys[0].key.tag
msg1 = f"keymgr-manual-mode: block retire DNSKEY {zone}/RSASHA256/{tag} (CSK)"
msg2 = f"keymgr-manual-mode: block new key generation for zone {zone} (policy {policy})"
- assert msg1 in ns6.log
- assert msg2 in ns6.log
+ assert msg1 in ns3.log
+ assert msg2 in ns3.log
# Force step.
- with ns6.watch_log_from_here() as watcher:
- ns6.rndc(f"dnssec -step {zone}")
+ with ns3.watch_log_from_here() as watcher:
+ ns3.rndc(f"dnssec -step {zone}")
watcher.wait_for_line(
f"zone {zone}/IN (signed): zone_rekey done: key {tag}/RSASHA256"
)
# Next key event is when the ecdsa256 keys have been propagated.
"nextev": ALGOROLL_IPUB,
}
- isctest.kasp.check_rollover_step(ns6, CONFIG, policy, step)
+ isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
@pytest.mark.parametrize(
param("manual"),
],
)
-def test_algoroll_csk_reconfig_step2(tld, ns6, alg, size):
+def test_algoroll_csk_reconfig_step2(tld, ns3, alg, size):
zone = f"step2.csk-algorithm-roll.{tld}"
policy = f"{POLICY}-{tld}"
- isctest.kasp.wait_keymgr_done(ns6, zone, reconfig=True)
+ isctest.kasp.wait_keymgr_done(ns3, zone, reconfig=True)
# manual-mode: Nothing changing in the zone, no 'dnssec -step' required.
# the time passed between key creation and invoking 'rndc reconfig'.
"nextev": ALGOROLL_IPUBC - ALGOROLL_IPUB - TIME_PASSED,
}
- isctest.kasp.check_rollover_step(ns6, CONFIG, policy, step)
+ isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
@pytest.mark.parametrize(
param("manual"),
],
)
-def test_algoroll_csk_reconfig_step3(tld, ns6, alg, size):
+def test_algoroll_csk_reconfig_step3(tld, ns3, alg, size):
zone = f"step3.csk-algorithm-roll.{tld}"
policy = f"{POLICY}-{tld}"
- isctest.kasp.wait_keymgr_done(ns6, zone, reconfig=True)
+ isctest.kasp.wait_keymgr_done(ns3, zone, reconfig=True)
if tld == "manual":
# Same as step 2, but the zone signatures have become OMNIPRESENT.
"manual-mode": True,
"nextev": None,
}
- keys = isctest.kasp.check_rollover_step(ns6, CONFIG, policy, step)
+ keys = isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
# Check logs.
tag = keys[1].key.tag
msg = f"keymgr-manual-mode: block transition CSK {zone}/ECDSAP256SHA256/{tag} type DS state HIDDEN to state RUMOURED"
- assert msg in ns6.log
+ assert msg in ns3.log
# Force step.
- with ns6.watch_log_from_here() as watcher:
- ns6.rndc(f"dnssec -step {zone}")
+ with ns3.watch_log_from_here() as watcher:
+ ns3.rndc(f"dnssec -step {zone}")
watcher.wait_for_line(
f"zone {zone}/IN (signed): zone_rekey done: key {tag}/ECDSAP256SHA256"
)
# Check logs.
tag = keys[0].key.tag
msg = f"keymgr-manual-mode: block transition CSK {zone}/RSASHA256/{tag} type DS state OMNIPRESENT to state UNRETENTIVE"
- if msg in ns6.log:
+ if msg in ns3.log:
# Force step.
isctest.log.debug(
f"keymgr-manual-mode blocking transition CSK {zone}/RSASHA256/{tag} type DS state OMNIPRESENT to state UNRETENTIVE, step again"
)
tag = keys[1].key.tag
- with ns6.watch_log_from_here() as watcher:
- ns6.rndc(f"dnssec -step {zone}")
+ with ns3.watch_log_from_here() as watcher:
+ ns3.rndc(f"dnssec -step {zone}")
watcher.wait_for_line(
f"zone {zone}/IN (signed): zone_rekey done: key {tag}/ECDSAP256SHA256"
)
# after the publication interval of the parent side.
"nextev": ALGOROLL_IRETKSK - TIME_PASSED,
}
- isctest.kasp.check_rollover_step(ns6, CONFIG, policy, step)
+ isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
@pytest.mark.parametrize(
param("manual"),
],
)
-def test_algoroll_csk_reconfig_step4(tld, ns6, alg, size):
+def test_algoroll_csk_reconfig_step4(tld, ns3, alg, size):
zone = f"step4.csk-algorithm-roll.{tld}"
policy = f"{POLICY}-{tld}"
- isctest.kasp.wait_keymgr_done(ns6, zone, reconfig=True)
+ isctest.kasp.wait_keymgr_done(ns3, zone, reconfig=True)
if tld == "manual":
# Same as step 3, but the DS has become HIDDEN/OMNIPRESENT.
"manual-mode": True,
"nextev": None,
}
- keys = isctest.kasp.check_rollover_step(ns6, CONFIG, policy, step)
+ keys = isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
# Check logs.
tag = keys[0].key.tag
msg = f"keymgr-manual-mode: block transition CSK {zone}/RSASHA256/{tag} type DNSKEY state OMNIPRESENT to state UNRETENTIVE"
- assert msg in ns6.log
+ assert msg in ns3.log
# Force step.
tag = keys[1].key.tag
- with ns6.watch_log_from_here() as watcher:
- ns6.rndc(f"dnssec -step {zone}")
+ with ns3.watch_log_from_here() as watcher:
+ ns3.rndc(f"dnssec -step {zone}")
watcher.wait_for_line(
f"zone {zone}/IN (signed): zone_rekey done: key {tag}/ECDSAP256SHA256"
)
# This happens after the DNSKEY TTL plus zone propagation delay.
"nextev": ALGOROLL_KEYTTLPROP,
}
- isctest.kasp.check_rollover_step(ns6, CONFIG, policy, step)
+ isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
@pytest.mark.parametrize(
param("manual"),
],
)
-def test_algoroll_csk_reconfig_step5(tld, ns6, alg, size):
+def test_algoroll_csk_reconfig_step5(tld, ns3, alg, size):
zone = f"step5.csk-algorithm-roll.{tld}"
policy = f"{POLICY}-{tld}"
- isctest.kasp.wait_keymgr_done(ns6, zone, reconfig=True)
+ isctest.kasp.wait_keymgr_done(ns3, zone, reconfig=True)
# manual-mode: Nothing changing in the zone, no 'dnssec -step' required.
# between key creation and invoking 'rndc reconfig'.
"nextev": ALGOROLL_IRET - ALGOROLL_IRETKSK - ALGOROLL_KEYTTLPROP - TIME_PASSED,
}
- isctest.kasp.check_rollover_step(ns6, CONFIG, policy, step)
+ isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
@pytest.mark.parametrize(
param("manual"),
],
)
-def test_algoroll_csk_reconfig_step6(tld, ns6, alg, size):
+def test_algoroll_csk_reconfig_step6(tld, ns3, alg, size):
zone = f"step6.csk-algorithm-roll.{tld}"
policy = f"{POLICY}-{tld}"
- isctest.kasp.wait_keymgr_done(ns6, zone, reconfig=True)
+ isctest.kasp.wait_keymgr_done(ns3, zone, reconfig=True)
# manual-mode: Nothing changing in the zone, no 'dnssec -step' required.
# Include hidden keys in output.
"verbose": True,
}
- isctest.kasp.check_rollover_step(ns6, CONFIG, policy, step)
+ isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
--- /dev/null
+../../rollover/ns3/named.common.conf.j2
\ No newline at end of file
--- /dev/null
+../../rollover/ns3/template.db.in
\ No newline at end of file
+++ /dev/null
-../../rollover-dynamic2inline/ns6/named.common.conf.j2
\ No newline at end of file
+++ /dev/null
-../../rollover-dynamic2inline/ns6/template.db.in
\ No newline at end of file
# shellcheck source=conf.sh
. ../conf.sh
-cd "ns6"
+cd "ns3"
setup() {
zone="$1"
param("manual"),
],
)
-def test_algoroll_ksk_zsk_initial(ns6, tld):
+def test_algoroll_ksk_zsk_initial(ns3, tld):
config = ALGOROLL_CONFIG
policy = f"rsasha256-{tld}"
zone = f"step1.algorithm-roll.{tld}"
- isctest.kasp.wait_keymgr_done(ns6, zone)
+ isctest.kasp.wait_keymgr_done(ns3, zone)
step = {
"zone": zone,
],
"nextev": TIMEDELTA["PT1H"],
}
- isctest.kasp.check_rollover_step(ns6, config, policy, step)
+ isctest.kasp.check_rollover_step(ns3, config, policy, step)
@pytest.fixture(scope="module", autouse=True)
-def after_servers_start(ns6, templates):
+def after_servers_start(ns3, templates):
global TIME_PASSED # pylint: disable=global-statement
- isctest.kasp.wait_keymgr_done(ns6, "step1.algorithm-roll.kasp")
+ isctest.kasp.wait_keymgr_done(ns3, "step1.algorithm-roll.kasp")
- templates.render("ns6/named.conf", {"alg_roll": True})
+ templates.render("ns3/named.conf", {"alg_roll": True})
start_time = KeyTimingMetadata.now()
- ns6.reconfigure()
+ ns3.reconfigure()
# Calculate time passed to correctly check for next key events.
TIME_PASSED = KeyTimingMetadata.now().value - start_time.value
param("manual"),
],
)
-def test_algoroll_ksk_zsk_reconfig_step1(tld, ns6, alg, size):
+def test_algoroll_ksk_zsk_reconfig_step1(tld, ns3, alg, size):
zone = f"step1.algorithm-roll.{tld}"
policy = f"{POLICY}-{tld}"
- isctest.kasp.wait_keymgr_done(ns6, zone, reconfig=True)
+ isctest.kasp.wait_keymgr_done(ns3, zone, reconfig=True)
if tld == "manual":
# Same as initial.
"manual-mode": True,
"nextev": None,
}
- keys = isctest.kasp.check_rollover_step(ns6, CONFIG, policy, step)
+ keys = isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
# Check logs.
ktag = keys[0].key.tag
msg1 = f"keymgr-manual-mode: block retire DNSKEY {zone}/RSASHA256/{ktag} (KSK)"
msg2 = f"keymgr-manual-mode: block retire DNSKEY {zone}/RSASHA256/{ztag} (ZSK)"
msg3 = f"keymgr-manual-mode: block new key generation for zone {zone} (policy {policy})" # twice
- assert msg1 in ns6.log
- assert msg2 in ns6.log
- assert len(ns6.log.grep(msg3)) >= 2
+ assert msg1 in ns3.log
+ assert msg2 in ns3.log
+ assert len(ns3.log.grep(msg3)) == 2
# Force step.
- with ns6.watch_log_from_here() as watcher:
- ns6.rndc(f"dnssec -step {zone}")
+ with ns3.watch_log_from_here() as watcher:
+ ns3.rndc(f"dnssec -step {zone}")
watcher.wait_for_line(
f"zone {zone}/IN (signed): zone_rekey done: key {ktag}/RSASHA256"
)
# Next key event is when the ecdsa256 keys have been propagated.
"nextev": ALGOROLL_IPUB,
}
- isctest.kasp.check_rollover_step(ns6, CONFIG, policy, step)
+ isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
@pytest.mark.parametrize(
param("manual"),
],
)
-def test_algoroll_ksk_zsk_reconfig_step2(tld, ns6, alg, size):
+def test_algoroll_ksk_zsk_reconfig_step2(tld, ns3, alg, size):
zone = f"step2.algorithm-roll.{tld}"
policy = f"{POLICY}-{tld}"
- isctest.kasp.wait_keymgr_done(ns6, zone, reconfig=True)
+ isctest.kasp.wait_keymgr_done(ns3, zone, reconfig=True)
# manual-mode: Nothing changing in the zone, no 'dnssec -step' required.
# key creation and invoking 'rndc reconfig'.
"nextev": ALGOROLL_IPUBC - ALGOROLL_IPUB - TIME_PASSED,
}
- isctest.kasp.check_rollover_step(ns6, CONFIG, policy, step)
+ isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
@pytest.mark.parametrize(
param("manual"),
],
)
-def test_algoroll_ksk_zsk_reconfig_step3(tld, ns6, alg, size):
+def test_algoroll_ksk_zsk_reconfig_step3(tld, ns3, alg, size):
zone = f"step3.algorithm-roll.{tld}"
policy = f"{POLICY}-{tld}"
- isctest.kasp.wait_keymgr_done(ns6, zone, reconfig=True)
+ isctest.kasp.wait_keymgr_done(ns3, zone, reconfig=True)
if tld == "manual":
# Same as step 2, but the zone signatures have become OMNIPRESENT.
"manual-mode": True,
"nextev": None,
}
- keys = isctest.kasp.check_rollover_step(ns6, CONFIG, policy, step)
+ keys = isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
# Check logs.
tag = keys[2].key.tag
msg = f"keymgr-manual-mode: block transition KSK {zone}/ECDSAP256SHA256/{tag} type DS state HIDDEN to state RUMOURED"
- assert msg in ns6.log
+ assert msg in ns3.log
# Force step.
- with ns6.watch_log_from_here() as watcher:
- ns6.rndc(f"dnssec -step {zone}")
+ with ns3.watch_log_from_here() as watcher:
+ ns3.rndc(f"dnssec -step {zone}")
watcher.wait_for_line(
f"zone {zone}/IN (signed): zone_rekey done: key {tag}/ECDSAP256SHA256"
)
# Check logs.
tag = keys[0].key.tag
msg = f"keymgr-manual-mode: block transition KSK {zone}/RSASHA256/{tag} type DS state OMNIPRESENT to state UNRETENTIVE"
- if msg in ns6.log:
+ if msg in ns3.log:
# Force step.
isctest.log.debug(
f"keymgr-manual-mode blocking transition CSK {zone}/RSASHA256/{tag} type DS state OMNIPRESENT to state UNRETENTIVE, step again"
)
tag = keys[2].key.tag
- with ns6.watch_log_from_here() as watcher:
- ns6.rndc(f"dnssec -step {zone}")
+ with ns3.watch_log_from_here() as watcher:
+ ns3.rndc(f"dnssec -step {zone}")
watcher.wait_for_line(
f"zone {zone}/IN (signed): zone_rekey done: key {tag}/ECDSAP256SHA256"
)
# after the retire interval.
"nextev": ALGOROLL_IRETKSK - TIME_PASSED,
}
- isctest.kasp.check_rollover_step(ns6, CONFIG, policy, step)
+ isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
@pytest.mark.parametrize(
param("manual"),
],
)
-def test_algoroll_ksk_zsk_reconfig_step4(tld, ns6, alg, size):
+def test_algoroll_ksk_zsk_reconfig_step4(tld, ns3, alg, size):
zone = f"step4.algorithm-roll.{tld}"
policy = f"{POLICY}-{tld}"
- isctest.kasp.wait_keymgr_done(ns6, zone, reconfig=True)
+ isctest.kasp.wait_keymgr_done(ns3, zone, reconfig=True)
if tld == "manual":
# Same as step 3, but the DS has become HIDDEN/OMNIPRESENT.
"manual-mode": True,
"nextev": None,
}
- keys = isctest.kasp.check_rollover_step(ns6, CONFIG, policy, step)
+ keys = isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
# Check logs.
ktag = keys[0].key.tag
ztag = keys[1].key.tag
msg1 = f"keymgr-manual-mode: block transition KSK {zone}/RSASHA256/{ktag} type DNSKEY state OMNIPRESENT to state UNRETENTIVE"
msg2 = f"keymgr-manual-mode: block transition ZSK {zone}/RSASHA256/{ztag} type DNSKEY state OMNIPRESENT to state UNRETENTIVE"
- assert msg1 in ns6.log
- assert msg2 in ns6.log
+ assert msg1 in ns3.log
+ assert msg2 in ns3.log
# Force step.
ktag = keys[3].key.tag
- with ns6.watch_log_from_here() as watcher:
- ns6.rndc(f"dnssec -step {zone}")
+ with ns3.watch_log_from_here() as watcher:
+ ns3.rndc(f"dnssec -step {zone}")
watcher.wait_for_line(
f"zone {zone}/IN (signed): zone_rekey done: key {ktag}/ECDSAP256SHA256"
)
# This happens after the DNSKEY TTL plus zone propagation delay.
"nextev": ALGOROLL_KEYTTLPROP,
}
- isctest.kasp.check_rollover_step(ns6, CONFIG, policy, step)
+ isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
@pytest.mark.parametrize(
param("manual"),
],
)
-def test_algoroll_ksk_zsk_reconfig_step5(tld, ns6, alg, size):
+def test_algoroll_ksk_zsk_reconfig_step5(tld, ns3, alg, size):
zone = f"step5.algorithm-roll.{tld}"
policy = f"{POLICY}-{tld}"
- isctest.kasp.wait_keymgr_done(ns6, zone, reconfig=True)
+ isctest.kasp.wait_keymgr_done(ns3, zone, reconfig=True)
# manual-mode: Nothing changing in the zone, no 'dnssec -step' required.
# Include hidden keys in output.
"verbose": True,
}
- isctest.kasp.check_rollover_step(ns6, CONFIG, policy, step)
+ isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
@pytest.mark.parametrize(
param("manual"),
],
)
-def test_algoroll_ksk_zsk_reconfig_step6(tld, ns6, alg, size):
+def test_algoroll_ksk_zsk_reconfig_step6(tld, ns3, alg, size):
zone = f"step6.algorithm-roll.{tld}"
policy = f"{POLICY}-{tld}"
- isctest.kasp.wait_keymgr_done(ns6, zone, reconfig=True)
+ isctest.kasp.wait_keymgr_done(ns3, zone, reconfig=True)
# manual-mode: Nothing changing in the zone, no 'dnssec -step' required.
# Include hidden keys in output.
"verbose": True,
}
- isctest.kasp.check_rollover_step(ns6, CONFIG, policy, step)
+ isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
--- /dev/null
+../../rollover/ns3/named.common.conf.j2
\ No newline at end of file
--- /dev/null
+../../rollover/ns3/template.db.in
\ No newline at end of file
+++ /dev/null
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * SPDX-License-Identifier: MPL-2.0
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-options {
- query-source address 10.53.0.6;
- notify-source 10.53.0.6;
- transfer-source 10.53.0.6;
- port @PORT@;
- pid-file "named.pid";
- listen-on { 10.53.0.6; };
- listen-on-v6 { none; };
- allow-transfer { any; };
- recursion no;
- key-directory ".";
- dnssec-validation no;
-};
-
-key rndc_key {
- secret "1234abcd8765";
- algorithm @DEFAULT_HMAC@;
-};
-
-controls {
- inet 10.53.0.6 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
-};
+++ /dev/null
-; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-;
-; SPDX-License-Identifier: MPL-2.0
-;
-; This Source Code Form is subject to the terms of the Mozilla Public
-; License, v. 2.0. If a copy of the MPL was not distributed with this
-; file, you can obtain one at https://mozilla.org/MPL/2.0/.
-;
-; See the COPYRIGHT file distributed with this work for additional
-; information regarding copyright ownership.
-
-$TTL 300
-@ IN SOA mname1. . (
- 1 ; serial
- 20 ; refresh (20 seconds)
- 20 ; retry (20 seconds)
- 1814400 ; expire (3 weeks)
- 3600 ; minimum (1 hour)
- )
-
- NS ns6
-ns6 A 10.53.0.6
-
-a A 10.0.0.1
-b A 10.0.0.2
-c A 10.0.0.3
-
)
-def test_dynamic2inline(alg, size, ns6, templates):
+def test_dynamic2inline(alg, size, ns3, templates):
config = DEFAULT_CONFIG
policy = "default"
zone = "dynamic2inline.kasp"
- isctest.kasp.wait_keymgr_done(ns6, zone)
+ isctest.kasp.wait_keymgr_done(ns3, zone)
step = {
"zone": zone,
"nextev": None,
}
- isctest.kasp.check_rollover_step(ns6, config, policy, step)
+ isctest.kasp.check_rollover_step(ns3, config, policy, step)
- templates.render("ns6/named.conf", {"change_lifetime": True})
- ns6.reconfigure()
- isctest.kasp.wait_keymgr_done(ns6, zone, reconfig=True)
+ templates.render("ns3/named.conf", {"change_lifetime": True})
+ ns3.reconfigure()
+ isctest.kasp.wait_keymgr_done(ns3, zone, reconfig=True)
- isctest.kasp.check_rollover_step(ns6, config, policy, step)
+ isctest.kasp.check_rollover_step(ns3, config, policy, step)
--- /dev/null
+../../rollover/ns3/named.common.conf.j2
\ No newline at end of file
--- /dev/null
+../../rollover/ns3/template.db.in
\ No newline at end of file
+++ /dev/null
-../../rollover-dynamic2inline/ns6/named.common.conf.j2
\ No newline at end of file
+++ /dev/null
-../../rollover-dynamic2inline/ns6/template.db.in
\ No newline at end of file
# shellcheck source=conf.sh
. ../conf.sh
-cd "ns6"
+cd "ns3"
setup() {
zone="$1"
"going-insecure-dynamic.kasp",
],
)
-def test_going_insecure_initial(zone, ns6, alg, size):
+def test_going_insecure_initial(zone, ns3, alg, size):
config = UNSIGNING_CONFIG
policy = "unsigning"
zone = f"step1.{zone}"
- isctest.kasp.wait_keymgr_done(ns6, zone)
+ isctest.kasp.wait_keymgr_done(ns3, zone)
step = {
"zone": zone,
],
"nextev": None,
}
- isctest.kasp.check_rollover_step(ns6, config, policy, step)
+ isctest.kasp.check_rollover_step(ns3, config, policy, step)
@pytest.fixture(scope="module", autouse=True)
-def after_servers_start(ns6, templates):
- templates.render("ns6/named.conf", {"policy": "insecure"})
- ns6.reconfigure() # move from "unsigning" to "insecure"
+def after_servers_start(ns3, templates):
+ templates.render("ns3/named.conf", {"policy": "insecure"})
+ ns3.reconfigure() # move from "unsigning" to "insecure"
@pytest.mark.parametrize(
"going-insecure-dynamic.kasp",
],
)
-def test_going_insecure_reconfig_step1(zone, alg, size, ns6):
+def test_going_insecure_reconfig_step1(zone, alg, size, ns3):
config = DEFAULT_CONFIG
policy = "insecure"
zone = f"step1.{zone}"
- isctest.kasp.wait_keymgr_done(ns6, zone, reconfig=True)
+ isctest.kasp.wait_keymgr_done(ns3, zone, reconfig=True)
# Key goal states should be HIDDEN.
# The DS may be removed if we are going insecure.
"cds-delete": True,
"check-keytimes": False,
}
- isctest.kasp.check_rollover_step(ns6, config, policy, step)
+ isctest.kasp.check_rollover_step(ns3, config, policy, step)
@pytest.mark.parametrize(
"going-insecure-dynamic.kasp",
],
)
-def test_going_insecure_reconfig_step2(zone, alg, size, ns6):
+def test_going_insecure_reconfig_step2(zone, alg, size, ns3):
config = DEFAULT_CONFIG
policy = "insecure"
zone = f"step2.{zone}"
- isctest.kasp.wait_keymgr_done(ns6, zone, reconfig=True)
+ isctest.kasp.wait_keymgr_done(ns3, zone, reconfig=True)
# The DS is long enough removed from the zone to be considered
# HIDDEN. This means the DNSKEY and the KSK signatures can be
"zone-signed": False,
"check-keytimes": False,
}
- isctest.kasp.check_rollover_step(ns6, config, policy, step)
+ isctest.kasp.check_rollover_step(ns3, config, policy, step)
--- /dev/null
+../../rollover/ns3/template.db.in
\ No newline at end of file
--- /dev/null
+../../rollover/ns3/template.db.in
\ No newline at end of file
--- /dev/null
+../../rollover/ns3/named.common.conf.j2
\ No newline at end of file
include "kasp.conf";
include "named.common.conf";
-zone longer-lifetime {
+zone longer-lifetime.kasp {
type primary;
file "longer-lifetime.db";
dnssec-policy @longer@;
};
-zone shorter-lifetime {
+zone shorter-lifetime.kasp {
type primary;
file "shorter-lifetime.db";
dnssec-policy @shorter@;
};
-zone limit-lifetime {
+zone limit-lifetime.kasp {
type primary;
file "limit-lifetime.db";
dnssec-policy @limit@;
};
-zone unlimit-lifetime {
+zone unlimit-lifetime.kasp {
type primary;
file "unlimit-lifetime.db";
dnssec-policy @unlimit@;
--- /dev/null
+../../rollover/ns3/template.db.in
\ No newline at end of file
--- /dev/null
+../../rollover/ns3/template.db.in
\ No newline at end of file
+++ /dev/null
-../../rollover-dynamic2inline/ns6/template.db.in
\ No newline at end of file
+++ /dev/null
-../../rollover-dynamic2inline/ns6/template.db.in
\ No newline at end of file
+++ /dev/null
-../../rollover-dynamic2inline/ns6/named.common.conf.j2
\ No newline at end of file
+++ /dev/null
-../../rollover-dynamic2inline/ns6/template.db.in
\ No newline at end of file
+++ /dev/null
-../../rollover-dynamic2inline/ns6/template.db.in
\ No newline at end of file
param("unlimit-lifetime", "short-lifetime", "P6M"),
],
)
-def test_lifetime_initial(zone, policy, lifetime, alg, size, ns6):
+def test_lifetime_initial(zone, policy, lifetime, alg, size, ns3):
config = DEFAULT_CONFIG
- isctest.kasp.wait_keymgr_done(ns6, zone)
+ isctest.kasp.wait_keymgr_done(ns3, f"{zone}.kasp")
step = {
- "zone": zone,
+ "zone": f"{zone}.kasp",
"cdss": CDSS,
"keyprops": [
f"csk {DURATION[lifetime]} {alg} {size} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden",
],
"nextev": None,
}
- isctest.kasp.check_rollover_step(ns6, config, policy, step)
+ isctest.kasp.check_rollover_step(ns3, config, policy, step)
@pytest.fixture(scope="module", autouse=True)
-def after_servers_start(ns6, templates):
- isctest.kasp.wait_keymgr_done(ns6, "shorter-lifetime")
- isctest.kasp.wait_keymgr_done(ns6, "longer-lifetime")
- isctest.kasp.wait_keymgr_done(ns6, "limit-lifetime")
- isctest.kasp.wait_keymgr_done(ns6, "unlimit-lifetime")
+def after_servers_start(ns3, templates):
+ isctest.kasp.wait_keymgr_done(ns3, "shorter-lifetime.kasp")
+ isctest.kasp.wait_keymgr_done(ns3, "longer-lifetime.kasp")
+ isctest.kasp.wait_keymgr_done(ns3, "limit-lifetime.kasp")
+ isctest.kasp.wait_keymgr_done(ns3, "unlimit-lifetime.kasp")
- templates.render("ns6/named.conf", {"change_lifetime": True})
- ns6.reconfigure()
+ templates.render("ns3/named.conf", {"change_lifetime": True})
+ ns3.reconfigure()
@pytest.mark.parametrize(
param("unlimit-lifetime", "unlimited-lifetime", 0),
],
)
-def test_lifetime_reconfig(zone, policy, lifetime, alg, size, ns6):
+def test_lifetime_reconfig(zone, policy, lifetime, alg, size, ns3):
config = DEFAULT_CONFIG
- isctest.kasp.wait_keymgr_done(ns6, zone, reconfig=True)
+ isctest.kasp.wait_keymgr_done(ns3, f"{zone}.kasp", reconfig=True)
step = {
- "zone": zone,
+ "zone": f"{zone}.kasp",
"cdss": CDSS,
"keyprops": [
f"csk {DURATION[lifetime]} {alg} {size} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden",
],
"nextev": None,
}
- isctest.kasp.check_rollover_step(ns6, config, policy, step)
+ isctest.kasp.check_rollover_step(ns3, config, policy, step)
--- /dev/null
+../../rollover-going-insecure/ns3/kasp.conf.j2
\ No newline at end of file
--- /dev/null
+../../rollover/ns3/named.common.conf.j2
\ No newline at end of file
--- /dev/null
+../../rollover/ns3/template.db.in
\ No newline at end of file
+++ /dev/null
-../../rollover-going-insecure/ns6/kasp.conf.j2
\ No newline at end of file
+++ /dev/null
-../../rollover-dynamic2inline/ns6/named.common.conf.j2
\ No newline at end of file
+++ /dev/null
-../../rollover-dynamic2inline/ns6/template.db.in
\ No newline at end of file
# shellcheck source=conf.sh
. ../conf.sh
-cd "ns6"
+cd "ns3"
setup() {
zone="$1"
"going-straight-to-none-dynamic.kasp",
],
)
-def test_straight2none_initial(zone, ns6, alg, size):
+def test_straight2none_initial(zone, ns3, alg, size):
config = DEFAULT_CONFIG
policy = "default"
- isctest.kasp.wait_keymgr_done(ns6, zone)
+ isctest.kasp.wait_keymgr_done(ns3, zone)
step = {
"zone": zone,
],
"nextev": None,
}
- isctest.kasp.check_rollover_step(ns6, config, policy, step)
+ isctest.kasp.check_rollover_step(ns3, config, policy, step)
@pytest.fixture(scope="module", autouse=True)
-def after_servers_start(ns6, templates):
- isctest.kasp.wait_keymgr_done(ns6, "going-straight-to-none.kasp")
- isctest.kasp.wait_keymgr_done(ns6, "going-straight-to-none-dynamic.kasp")
+def after_servers_start(ns3, templates):
+ isctest.kasp.wait_keymgr_done(ns3, "going-straight-to-none.kasp")
+ isctest.kasp.wait_keymgr_done(ns3, "going-straight-to-none-dynamic.kasp")
- templates.render("ns6/named.conf", {"policy": "none"})
- ns6.reconfigure()
+ templates.render("ns3/named.conf", {"policy": "none"})
+ ns3.reconfigure()
@pytest.mark.parametrize(
"going-straight-to-none-dynamic.kasp",
],
)
-def test_straight2none_reconfig(zone, ns6, alg, size):
+def test_straight2none_reconfig(zone, ns3, alg, size):
config = DEFAULT_CONFIG
policy = None
],
"nextev": None,
}
- isctest.kasp.check_rollover_step(ns6, config, policy, step)
+ isctest.kasp.check_rollover_step(ns3, config, policy, step)
projects / thirdparty / bind9.git / commitdiff
