From: Nicki Křížek Date: Fri, 25 Jul 2025 16:29:55 +0000 (+0200) Subject: Use nsX fixtures rather than servers X-Git-Tag: v9.21.11~13^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=53be3af05cb020693ddba32f594a6a078e1e1086;p=thirdparty%2Fbind9.git Use nsX fixtures rather than servers Rather than using servers["nsX"] syntax, utilize the nsX fixtures to make the test code a bit more concise. See fe5534291699572e67ad4a854b412e40c524307a --- diff --git a/bin/tests/system/dnssec/tests_badkey_broken.py b/bin/tests/system/dnssec/tests_badkey_broken.py index 5d09a862ea8..8b27e19110a 100644 --- a/bin/tests/system/dnssec/tests_badkey_broken.py +++ b/bin/tests/system/dnssec/tests_badkey_broken.py @@ -17,19 +17,16 @@ import isctest @pytest.fixture(scope="module", autouse=True) -def reconfigure(servers, templates): - ns5 = servers["ns5"] +def reconfigure(ns5, ns9, templates): templates.render("ns5/named.conf", {"broken_key": True}) ns5.reconfigure(log=False) - ns9 = servers["ns9"] templates.render("ns9/named.conf", {"forward_badkey": True}) ns9.reconfigure(log=False) -def test_broken_forwarding(servers): +def test_broken_forwarding(ns9): # check forwarder CD behavior (forward server with bad trust anchor) - ns9 = servers["ns9"] # confirm invalid trust anchor produces SERVFAIL in resolver msg = isctest.query.create("a.secure.example.", "A") diff --git a/bin/tests/system/dnssec/tests_badkey_revoked.py b/bin/tests/system/dnssec/tests_badkey_revoked.py index eba2eaba02e..bc9a422dca3 100644 --- a/bin/tests/system/dnssec/tests_badkey_revoked.py +++ b/bin/tests/system/dnssec/tests_badkey_revoked.py @@ -15,8 +15,7 @@ import isctest @pytest.fixture(scope="module", autouse=True) -def reconfigure(servers, templates): - ns5 = servers["ns5"] +def reconfigure(ns5, templates): templates.render("ns5/named.conf", {"revoked_key": True}) ns5.reconfigure(log=False) diff --git a/bin/tests/system/dnssec/tests_policy.py b/bin/tests/system/dnssec/tests_policy.py index d76a0ed5f0a..f32406def42 100644 --- a/bin/tests/system/dnssec/tests_policy.py +++ b/bin/tests/system/dnssec/tests_policy.py @@ -51,13 +51,12 @@ def is_rrsig_soa(rrset): return rrset.rdtype == rdatatype.RRSIG and rrset.covers == rdatatype.SOA -def test_signatures_validity(servers, templates): +def test_signatures_validity(ns3, templates): # check that increasing signatures-validity triggers resigning msg = isctest.query.create("siginterval.example.", "AXFR") res = isctest.query.tcp(msg, "10.53.0.3") before = next(filter(is_rrsig_soa, res.answer)) - ns3 = servers["ns3"] templates.render("ns3/named.conf", {"long_sigs": True}) with ns3.watch_log_from_here() as watcher: ns3.reconfigure(log=False) diff --git a/bin/tests/system/dnssec/tests_signing.py b/bin/tests/system/dnssec/tests_signing.py index 617c62234f0..2ff3e0e063e 100644 --- a/bin/tests/system/dnssec/tests_signing.py +++ b/bin/tests/system/dnssec/tests_signing.py @@ -387,24 +387,19 @@ def test_cdnskey_signing(): "signing -clear all", # without zone ], ) -def test_rndc_signing_except(cmd, servers): - ns3 = servers["ns3"] - +def test_rndc_signing_except(cmd, ns3): # check that 'rndc signing' errors are handled with pytest.raises(isctest.rndc.RNDCException): ns3.rndc(cmd, log=False) ns3.rndc("status", log=False) -def test_rndc_signing_output(servers): - ns3 = servers["ns3"] - +def test_rndc_signing_output(ns3): response = ns3.rndc("signing -list dynamic.example", log=False) assert "No signing records found" in response -def test_zonestatus_signing(servers): - ns3 = servers["ns3"] +def test_zonestatus_signing(ns3): # check that the correct resigning time is reported in zonestatus. # zonestatus reports a name/type and expecting resigning time; # we convert the time to seconds since epoch, look up the RRSIG @@ -430,7 +425,7 @@ def test_zonestatus_signing(servers): assert when < sigs[0].expiration -def test_offline_ksk_signing(servers): +def test_offline_ksk_signing(ns2): def getfrom(file): with open(file, encoding="utf-8") as f: return f.read().strip() @@ -487,7 +482,6 @@ def test_offline_ksk_signing(servers): ksk_only_types = ["DNSKEY", "CDNSKEY", "CDS"] - ns2 = servers["ns2"] zone = "updatecheck-kskonly.secure" KSK = getfrom(f"ns2/{zone}.ksk.key") ZSK = getfrom(f"ns2/{zone}.zsk.key") diff --git a/bin/tests/system/dnssec/tests_tat.py b/bin/tests/system/dnssec/tests_tat.py index 97b5a253f38..48e7891ca34 100644 --- a/bin/tests/system/dnssec/tests_tat.py +++ b/bin/tests/system/dnssec/tests_tat.py @@ -47,10 +47,7 @@ pytestmark = pytest.mark.extra_artifacts( ) -def test_tat_queries(servers): - ns1 = servers["ns1"] - ns6 = servers["ns6"] - +def test_tat_queries(ns1, ns6): # check that trust-anchor-telemetry queries are logged with ns6.watch_log_from_start() as watcher: watcher.wait_for_line("sending trust-anchor-telemetry query '_ta-") diff --git a/bin/tests/system/dnssec/tests_validation.py b/bin/tests/system/dnssec/tests_validation.py index 0e923a3440c..36c743f6a04 100644 --- a/bin/tests/system/dnssec/tests_validation.py +++ b/bin/tests/system/dnssec/tests_validation.py @@ -116,7 +116,7 @@ def test_adflag(): isctest.check.noadflag(res2) -def test_secure_root(servers): +def test_secure_root(ns4): # check that a query for a secure root validates msg = isctest.query.create(".", "KEY") res = isctest.query.tcp(msg, "10.53.0.4") @@ -124,7 +124,6 @@ def test_secure_root(servers): isctest.check.adflag(res) # check that "rndc secroots" dumps the trusted keys - ns4 = servers["ns4"] key = int(getfrom("ns1/managed.key.id")) alg = os.environ["DEFAULT_ALGORITHM"] expected = f"./{alg}/{key} ; static" @@ -375,7 +374,7 @@ def test_signing_algorithms(): isctest.check.adflag(res2) -def test_private_algorithms(servers): +def test_private_algorithms(ns4): # positive answer, private algorithm msg = isctest.query.create("a.rsasha256oid.example", "A") res1 = isctest.query.tcp(msg, "10.53.0.3") @@ -398,7 +397,6 @@ def test_private_algorithms(servers): isctest.check.adflag(res2) # positive anwer, extra ds for unknown private algorithm - ns4 = servers["ns4"] with ns4.watch_log_from_here() as watcher: msg = isctest.query.create("a.extradsunknownoid.example", "A") res1 = isctest.query.tcp(msg, "10.53.0.3") @@ -704,9 +702,7 @@ def test_negative_validation_optout(): isctest.check.servfail(res2) -def test_cache(servers): - ns4 = servers["ns4"] - +def test_cache(ns4): # check that key id's are logged when dumping the cache ns4.rndc("dumpdb -cache", log=False) assert grep_q("; key id = ", "ns4/named_dump.db") @@ -755,7 +751,7 @@ def test_cache(servers): assert res1.authority[0].ttl != res2.authority[0].ttl -def test_insecure_proof_nsec(servers): +def test_insecure_proof_nsec(ns4): # 1-server positive msg = isctest.query.create("a.insecure.example", "A") res1 = isctest.query.tcp(msg, "10.53.0.3") @@ -806,7 +802,6 @@ def test_insecure_proof_nsec(servers): isctest.check.noadflag(res2) # insecurity proof using negative cache - ns4 = servers["ns4"] ns4.rndc("flush", log=False) msg = isctest.query.create("insecure.example", "DS", cd=True) isctest.query.tcp(msg, "10.53.0.4") @@ -931,10 +926,7 @@ def test_positive_validation_multistage(qname): isctest.check.adflag(res2) -def test_validation_recovery(servers): - ns2 = servers["ns2"] - ns4 = servers["ns4"] - +def test_validation_recovery(ns2, ns4): # check recovery from spoofed server address. # prime cache with spoofed address records... msg = isctest.query.create("target.peer-ns-spoof", "A", cd=True) @@ -1070,10 +1062,7 @@ def test_transitions(): assert str(a[0]) == "10.53.0.10" -def test_validating_forwarder(servers): - ns9 = servers["ns9"] - ns4 = servers["ns4"] - +def test_validating_forwarder(ns4, ns9): # check validating forwarder behavior with mismatching NS ns4.rndc("flush", log=False) msg = isctest.query.create("inconsistent", "NS", dnssec=False, cd=True) @@ -1111,7 +1100,7 @@ def test_validating_forwarder(servers): watcher.wait_for_line("status: SERVFAIL") -def test_expired_signatures(servers): +def test_expired_signatures(ns4): # check expired signatures do not validate msg = isctest.query.create("expired.example", "SOA") res = isctest.query.tcp(msg, "10.53.0.3") @@ -1148,8 +1137,6 @@ def test_expired_signatures(servers): isctest.check.adflag(res) isctest.check.noerror(res) - ns4 = servers["ns4"] - # test TTL is capped at RRSIG expiry time ns4.rndc("flush", log=False) msg = isctest.query.create("expiring.example", "SOA", cd=True) @@ -1256,12 +1243,11 @@ def test_broken_servers(): isctest.check.noadflag(res) -def test_pending_ds(servers): +def test_pending_ds(ns4): # check that a query against a validating resolver succeeds when there is # a negative cache entry with trust level "pending" for the DS. prime # with a +cd DS query to produce the negative cache entry, then send a # query that uses that entry as part of the validation process. - ns4 = servers["ns4"] ns4.rndc("flush", log=False) msg = isctest.query.create("insecure.example", "DS", cd=True) res = isctest.query.tcp(msg, "10.53.0.4") diff --git a/bin/tests/system/dnssec/tests_validation_accept_expired.py b/bin/tests/system/dnssec/tests_validation_accept_expired.py index 207fba1d00d..43b44d8cff5 100644 --- a/bin/tests/system/dnssec/tests_validation_accept_expired.py +++ b/bin/tests/system/dnssec/tests_validation_accept_expired.py @@ -17,15 +17,12 @@ import isctest @pytest.fixture(scope="module", autouse=True) -def reconfigure(servers, templates): - ns4 = servers["ns4"] +def reconfigure(ns4, templates): templates.render("ns4/named.conf", {"accept_expired": True}) ns4.reconfigure(log=False) -def test_accept_expired(servers): - ns4 = servers["ns4"] - +def test_accept_expired(ns4): # test TTL of about-to-expire rrsets with accept-expired ns4.rndc("flush", log=False) msg = isctest.query.create("expiring.example", "SOA") diff --git a/bin/tests/system/dnssec/tests_validation_managed_keys.py b/bin/tests/system/dnssec/tests_validation_managed_keys.py index 7195818d4bf..a72c35ea44f 100644 --- a/bin/tests/system/dnssec/tests_validation_managed_keys.py +++ b/bin/tests/system/dnssec/tests_validation_managed_keys.py @@ -18,8 +18,7 @@ import isctest @pytest.fixture(scope="module", autouse=True) -def reconfigure(servers, templates): - ns4 = servers["ns4"] +def reconfigure(ns4, templates): assert os.path.exists("ns4/managed-keys.bind.jnl") is False shutil.copyfile("ns4/managed-keys.bind.in", "ns4/managed-keys.bind") templates.render("ns4/named.conf", {"managed_key": True}) @@ -32,7 +31,7 @@ def getfrom(file): return f.read().strip() -def test_secure_root_managed(servers): +def test_secure_root_managed(ns4): # check that a query for a secure root validates msg = isctest.query.create(".", "KEY") res = isctest.query.tcp(msg, "10.53.0.4") @@ -40,7 +39,6 @@ def test_secure_root_managed(servers): isctest.check.adflag(res) # check that "rndc secroots" dumps the trusted keys - ns4 = servers["ns4"] key = int(getfrom("ns1/managed.key.id")) alg = os.environ["DEFAULT_ALGORITHM"] expected = f"./{alg}/{key} ; managed" @@ -101,8 +99,7 @@ def test_ds_managed(): isctest.check.noerror(res2) -def test_keydata_storage(servers): - ns4 = servers["ns4"] +def test_keydata_storage(ns4): ns4.rndc("managed-keys sync", log=False) with isctest.log.WatchLogFromStart("ns4/managed-keys.bind") as watcher: watcher.wait_for_line(["KEYDATA", "next refresh:"]) diff --git a/bin/tests/system/dnssec/tests_validation_many_anchors.py b/bin/tests/system/dnssec/tests_validation_many_anchors.py index 47c3277ca5f..fd6e10eb16c 100644 --- a/bin/tests/system/dnssec/tests_validation_many_anchors.py +++ b/bin/tests/system/dnssec/tests_validation_many_anchors.py @@ -16,8 +16,7 @@ import isctest @pytest.fixture(scope="module", autouse=True) -def reconfigure(servers, templates): - ns5 = servers["ns5"] +def reconfigure(ns5, templates): templates.render("ns5/named.conf", {"many_anchors": True}) with ns5.watch_log_from_here() as watcher: ns5.reconfigure(log=False) diff --git a/bin/tests/system/dnssec/tests_validation_multiview.py b/bin/tests/system/dnssec/tests_validation_multiview.py index e8d21681f4d..a1edf64be09 100644 --- a/bin/tests/system/dnssec/tests_validation_multiview.py +++ b/bin/tests/system/dnssec/tests_validation_multiview.py @@ -18,8 +18,7 @@ import isctest @pytest.fixture(scope="module", autouse=True) -def reconfigure(servers, templates): - ns4 = servers["ns4"] +def reconfigure(ns4, templates): templates.render("ns4/named.conf", {"multi_view": True}) ns4.reconfigure(log=False)