From: Jakub Ružička <jakub.ruzicka@nic.cz>
Date: Fri, 11 Sep 2020 17:33:20 +0000 (+0200)
Subject: distro/tests: add tests for new DoH implementation
X-Git-Tag: v5.2.0~15^2~16
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bc4e962fbbd88888a7b384dd1805a55e30d15c2f;p=thirdparty%2Fknot-resolver.git

distro/tests: add tests for new DoH implementation

* one test unsing curl and sha256sum (get_url can't do HTTP/2)
* one test using kdig when correct version is present
---

diff --git a/.travis.yml b/.travis.yml
index 1cf142d1b..5b7cd0a85 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -12,6 +12,7 @@ addons:
             - libuv
             - lmdb
             - meson
+            - nghttp2
         update: true
 compiler:
     - clang
diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh2.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh2.yaml
new file mode 100644
index 000000000..eebca2040
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh2.yaml
@@ -0,0 +1,8 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: doh2_config set up kresd.conf
+  blockinfile:
+    marker: -- {mark} ANSIBLE MANAGED BLOCK
+    block: |
+      net.listen('127.0.0.1', 44354, { kind = 'doh2' })
+    path: /etc/knot-resolver/kresd.conf
diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/main.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/main.yaml
index a14125a00..d99ff3c53 100644
--- a/distro/tests/ansible-roles/knot_resolver/tasks/main.yaml
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/main.yaml
@@ -26,7 +26,13 @@
 
     - include: test_kres_cache_gc.yaml
 
-    - name: Test DoH
+    - name: Test DoH (new implementation)
+      block:
+        - include: configure_doh2.yaml
+        - include: restart_kresd.yaml
+        - include: test_doh2.yaml
+
+    - name: Test DoH (legacy)
       block:
         - name: Install knot-resolver-module-http
           package:
diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_doh2.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_doh2.yaml
new file mode 100644
index 000000000..115872a58
--- /dev/null
+++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_doh2.yaml
@@ -0,0 +1,23 @@
+---
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: doh2_test check kdig https support
+  shell: kdig --help | grep -q '+\S*https'
+  register: kdig_https
+  ignore_errors: true
+
+- name: doh2_test query localhost. A
+  # use curl instead of ansible builtins (get_url/uri)
+  # because they currently use unsupported HTTP/1.1
+  shell: |
+    curl -k -o /tmp/doh_test https://127.0.0.1:44354/doh?dns=1Y0BAAABAAAAAAAACWxvY2FsaG9zdAAAAQAB
+    echo "e5c2710e6ecb78c089ab608ad5861b87be0d1c623c4d58b4eee3b21c06aa2008  /tmp/doh_test" > /tmp/doh_test.sha256
+    sha256sum --check /tmp/doh_test.sha256
+  args:
+    # disable warning about using curl - we know what we're doing
+    warn: false
+
+- name: doh2_test kdig localhost. A
+  shell: |
+    kdig @127.0.0.1 -p 44354 +https nic.cz || exit 1
+    kdig @127.0.0.1 -p 44354 +https-get nic.cz || exit 2
+  when: kdig_https is succeeded