From: Matthijs Mekking <matthijs@isc.org>
Date: Tue, 30 Sep 2025 09:48:30 +0000 (+0200)
Subject: Move parts into a common module
X-Git-Tag: v9.21.16~38^2~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=85eea3db371a97e04f647489dc1e01d8c2e70b98;p=thirdparty%2Fbind9.git

Move parts into a common module

Some constants and test functionality are the same for test cases
prior and after reconfiguration. Move these into a common module.
---

diff --git a/bin/tests/system/nsec3/common.py b/bin/tests/system/nsec3/common.py
new file mode 100644
index 00000000000..78c7aabe8f9
--- /dev/null
+++ b/bin/tests/system/nsec3/common.py
@@ -0,0 +1,106 @@
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0.  If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+import os
+
+from datetime import timedelta
+
+import dns
+import pytest
+
+pytestmark = pytest.mark.extra_artifacts(
+    [
+        "*.axfr",
+        "*.created",
+        "dig.out.*",
+        "rndc.reload.*",
+        "rndc.signing.*",
+        "update.out.*",
+        "verify.out.*",
+        "ns*/dsset-**",
+        "ns*/K*",
+        "ns*/settime.out.*",
+        "ns*/*.db",
+        "ns*/*.jbk",
+        "ns*/*.jnl",
+        "ns*/*.signed",
+        "ns*/keygen.out.*",
+        "ns3/named-common.conf",
+        "ns3/named-fips.conf",
+        "ns3/named-rsasha1.conf",
+    ]
+)
+
+ALGORITHM = os.environ["DEFAULT_ALGORITHM_NUMBER"]
+SIZE = os.environ["DEFAULT_BITS"]
+
+default_config = {
+    "dnskey-ttl": timedelta(hours=1),
+    "ds-ttl": timedelta(days=1),
+    "max-zone-ttl": timedelta(days=1),
+    "parent-propagation-delay": timedelta(hours=1),
+    "publish-safety": timedelta(hours=1),
+    "retire-safety": timedelta(hours=1),
+    "signatures-refresh": timedelta(days=5),
+    "signatures-validity": timedelta(days=14),
+    "zone-propagation-delay": timedelta(minutes=5),
+}
+
+
+def check_auth_nsec(response):
+    rrs = []
+    for rrset in response.authority:
+        if rrset.match(dns.rdataclass.IN, dns.rdatatype.NSEC, dns.rdatatype.NONE):
+            rrs.append(rrset)
+        assert not rrset.match(
+            dns.rdataclass.IN, dns.rdatatype.NSEC3, dns.rdatatype.NONE
+        )
+    assert len(rrs) != 0, "no NSEC records found in authority section"
+
+
+def check_auth_nsec3(response, iterations=0, optout=0, saltlen=0):
+    match = f"IN NSEC3 1 {optout} {iterations}"
+    rrs = []
+
+    for rrset in response.authority:
+        if rrset.match(dns.rdataclass.IN, dns.rdatatype.NSEC3, dns.rdatatype.NONE):
+            assert match in rrset.to_text()
+            if saltlen == 0:
+                assert f"{match} -" in rrset.to_text()
+            else:
+                assert not f"{match} -" in rrset.to_text()
+
+            rrs.append(rrset)
+        assert not rrset.match(
+            dns.rdataclass.IN, dns.rdatatype.NSEC, dns.rdatatype.NONE
+        )
+
+    assert len(rrs) != 0, "no NSEC3 records found in authority section"
+
+
+def check_nsec3param(response, match, saltlen):
+    rrs = []
+
+    for rrset in response.answer:
+        if rrset.match(dns.rdataclass.IN, dns.rdatatype.NSEC3PARAM, dns.rdatatype.NONE):
+            assert match in rrset.to_text()
+            if saltlen == 0:
+                assert f"{match} -" in rrset.to_text()
+            else:
+                assert not f"{match} -" in rrset.to_text()
+
+            rrs.append(rrset)
+        else:
+            assert rrset.match(
+                dns.rdataclass.IN, dns.rdatatype.RRSIG, dns.rdatatype.NSEC3PARAM
+            )
+
+    assert len(rrs) != 0
diff --git a/bin/tests/system/nsec3/tests_nsec3_initial.py b/bin/tests/system/nsec3/tests_nsec3_initial.py
index 7f8b3e2fb9f..25a30704350 100644
--- a/bin/tests/system/nsec3/tests_nsec3_initial.py
+++ b/bin/tests/system/nsec3/tests_nsec3_initial.py
@@ -9,12 +9,10 @@
 # See the COPYRIGHT file distributed with this work for additional
 # information regarding copyright ownership.
 
-import shutil
-import os
+# pylint: disable=redefined-outer-name,unused-import
 
-from datetime import timedelta
+import shutil
 
-import dns
 import dns.update
 import pytest
 
@@ -22,58 +20,16 @@ pytest.importorskip("dns", minversion="2.0.0")
 import isctest
 import isctest.mark
 from isctest.vars.algorithms import RSASHA1
-
-pytestmark = pytest.mark.extra_artifacts(
-    [
-        "*.axfr",
-        "*.created",
-        "dig.out.*",
-        "rndc.reload.*",
-        "rndc.signing.*",
-        "update.out.*",
-        "verify.out.*",
-        "ns*/dsset-**",
-        "ns*/K*",
-        "ns*/settime.out.*",
-        "ns*/*.db",
-        "ns*/*.jbk",
-        "ns*/*.jnl",
-        "ns*/*.signed",
-        "ns*/keygen.out.*",
-        "ns3/named-common.conf",
-        "ns3/named-fips.conf",
-        "ns3/named-rsasha0.conf",
-        "ns3/named-rsasha1.conf",
-    ]
+from nsec3.common import (
+    ALGORITHM,
+    SIZE,
+    default_config,
+    pytestmark,
+    check_auth_nsec,
+    check_auth_nsec3,
+    check_nsec3param,
 )
 
-ALGORITHM = os.environ["DEFAULT_ALGORITHM_NUMBER"]
-SIZE = os.environ["DEFAULT_BITS"]
-
-default_config = {
-    "dnskey-ttl": timedelta(hours=1),
-    "ds-ttl": timedelta(days=1),
-    "key-directory": "{keydir}",
-    "max-zone-ttl": timedelta(days=1),
-    "parent-propagation-delay": timedelta(hours=1),
-    "publish-safety": timedelta(hours=1),
-    "retire-safety": timedelta(hours=1),
-    "signatures-refresh": timedelta(days=5),
-    "signatures-validity": timedelta(days=14),
-    "zone-propagation-delay": timedelta(minutes=5),
-}
-
-
-def check_auth_nsec(response):
-    rrs = []
-    for rrset in response.authority:
-        if rrset.match(dns.rdataclass.IN, dns.rdatatype.NSEC, dns.rdatatype.NONE):
-            rrs.append(rrset)
-        assert not rrset.match(
-            dns.rdataclass.IN, dns.rdatatype.NSEC3, dns.rdatatype.NONE
-        )
-    assert len(rrs) != 0
-
 
 @pytest.mark.parametrize(
     "params",
@@ -218,46 +174,6 @@ def wait_for_soa_update(server, fqdn):
     return verified
 
 
-def check_nsec3param(response, match, saltlen):
-    rrs = []
-
-    for rrset in response.answer:
-        if rrset.match(dns.rdataclass.IN, dns.rdatatype.NSEC3PARAM, dns.rdatatype.NONE):
-            assert match in rrset.to_text()
-            if saltlen == 0:
-                assert f"{match} -" in rrset.to_text()
-            else:
-                assert not f"{match} -" in rrset.to_text()
-
-            rrs.append(rrset)
-        else:
-            assert rrset.match(
-                dns.rdataclass.IN, dns.rdatatype.RRSIG, dns.rdatatype.NSEC3PARAM
-            )
-
-    assert len(rrs) != 0
-
-
-def check_auth_nsec3(response, iterations=0, optout=0, saltlen=0):
-    match = f"IN NSEC3 1 {optout} {iterations}"
-    rrs = []
-
-    for rrset in response.authority:
-        if rrset.match(dns.rdataclass.IN, dns.rdatatype.NSEC3, dns.rdatatype.NONE):
-            assert match in rrset.to_text()
-            if saltlen == 0:
-                assert f"{match} -" in rrset.to_text()
-            else:
-                assert not f"{match} -" in rrset.to_text()
-
-            rrs.append(rrset)
-        assert not rrset.match(
-            dns.rdataclass.IN, dns.rdatatype.NSEC, dns.rdatatype.NONE
-        )
-
-    assert len(rrs) != 0
-
-
 @pytest.mark.parametrize(
     "params",
     [