From: Nicki Křížek Date: Mon, 1 Dec 2025 15:25:16 +0000 (+0100) Subject: Use jinja2 templates in kasp test X-Git-Tag: v9.21.17~46^2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bf694d06280e0ef1741412104e08d1bcf2a974d3;p=thirdparty%2Fbind9.git Use jinja2 templates in kasp test - ns3 had fips/rsasha1 config variants. These were refactored similarly to the way they're handled in nsec3 test. - ns3 special character zone contains @, which is interpreted by jinja2. To avoid, {% raw %} directive was added - ns6 contained unused policies and named2.conf, these were removed --- diff --git a/bin/tests/system/kasp/ns2/named.conf.in b/bin/tests/system/kasp/ns2/named.conf.j2 similarity index 100% rename from bin/tests/system/kasp/ns2/named.conf.in rename to bin/tests/system/kasp/ns2/named.conf.j2 diff --git a/bin/tests/system/kasp/ns6/named2.conf.in b/bin/tests/system/kasp/ns3/named-common.conf.j2 similarity index 63% rename from bin/tests/system/kasp/ns6/named2.conf.in rename to bin/tests/system/kasp/ns3/named-common.conf.j2 index 85af830a3c2..99d97296fd5 100644 --- a/bin/tests/system/kasp/ns6/named2.conf.in +++ b/bin/tests/system/kasp/ns3/named-common.conf.j2 @@ -11,40 +11,32 @@ * information regarding copyright ownership. */ -// NS6 - -include "policies/kasp.conf"; -include "policies/csk2.conf"; +// NS3 options { - query-source address 10.53.0.6; - notify-source 10.53.0.6; - transfer-source 10.53.0.6; + query-source address 10.53.0.3; + notify-source 10.53.0.3; + transfer-source 10.53.0.3; port @PORT@; pid-file "named.pid"; - listen-on { 10.53.0.6; }; + listen-on { 10.53.0.3; }; listen-on-v6 { none; }; allow-transfer { any; }; recursion no; + dnssec-policy "rsasha256"; dnssec-validation no; }; key rndc_key { - secret "1234abcd8765"; - algorithm @DEFAULT_HMAC@; + secret "1234abcd8765"; + algorithm @DEFAULT_HMAC@; }; controls { - inet 10.53.0.6 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; + inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; zone "." { type hint; file "../../_common/root.hint.blackhole"; }; - -zone example { - type primary; - file "example.db"; - dnssec-policy modified; -}; diff --git a/bin/tests/system/kasp/ns3/named-fips.conf.in b/bin/tests/system/kasp/ns3/named-fips.conf.j2 similarity index 89% rename from bin/tests/system/kasp/ns3/named-fips.conf.in rename to bin/tests/system/kasp/ns3/named-fips.conf.j2 index 665b37821ef..92557791750 100644 --- a/bin/tests/system/kasp/ns3/named-fips.conf.in +++ b/bin/tests/system/kasp/ns3/named-fips.conf.j2 @@ -11,39 +11,6 @@ * information regarding copyright ownership. */ -// NS3 - -include "policies/kasp.conf"; -include "policies/autosign.conf"; - -options { - query-source address 10.53.0.3; - notify-source 10.53.0.3; - transfer-source 10.53.0.3; - port @PORT@; - pid-file "named.pid"; - listen-on { 10.53.0.3; }; - listen-on-v6 { none; }; - allow-transfer { any; }; - recursion no; - dnssec-policy "rsasha256"; - dnssec-validation no; -}; - -key rndc_key { - secret "1234abcd8765"; - algorithm @DEFAULT_HMAC@; -}; - -controls { - inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; -}; - -zone "." { - type hint; - file "../../_common/root.hint.blackhole"; -}; - /* Zones that are getting initially signed */ /* The default case: No keys created, using default policy. */ @@ -54,7 +21,7 @@ zone "default.kasp" { }; /* A zone with special characters. */ -zone "i-am.\":\;?&[]\@!\$*+,|=\.\(\)special.kasp." { +zone {% raw %}"i-am.\":\;?&[]\@!\$*+,|=\.\(\)special.kasp."{% endraw %} { type primary; file "i-am.special.kasp.db"; check-names ignore; diff --git a/bin/tests/system/kasp/ns3/named.conf.in b/bin/tests/system/kasp/ns3/named-rsasha1.conf.j2 similarity index 94% rename from bin/tests/system/kasp/ns3/named.conf.in rename to bin/tests/system/kasp/ns3/named-rsasha1.conf.j2 index 921ecc89d17..51a72619713 100644 --- a/bin/tests/system/kasp/ns3/named.conf.in +++ b/bin/tests/system/kasp/ns3/named-rsasha1.conf.j2 @@ -11,10 +11,6 @@ * information regarding copyright ownership. */ -// NS3 - -include "named-fips.conf"; - zone "rsasha1.kasp" { type primary; file "rsasha1.kasp.db"; diff --git a/bin/tests/system/kasp/ns6/policies/kasp.conf.in b/bin/tests/system/kasp/ns3/named.conf.j2 similarity index 55% rename from bin/tests/system/kasp/ns6/policies/kasp.conf.in rename to bin/tests/system/kasp/ns3/named.conf.j2 index d634b76ffe7..0974e1d2703 100644 --- a/bin/tests/system/kasp/ns6/policies/kasp.conf.in +++ b/bin/tests/system/kasp/ns3/named.conf.j2 @@ -11,23 +11,12 @@ * information regarding copyright ownership. */ +include "policies/autosign.conf"; include "policies/kasp-fips.conf"; +include "named-common.conf"; +include "named-fips.conf"; -dnssec-policy "rsasha1" { - signatures-refresh P5D; - signatures-validity 30d; - signatures-validity-dnskey 30d; - - keys { - ksk lifetime unlimited algorithm rsasha1; - zsk lifetime unlimited algorithm rsasha1; - }; - - dnskey-ttl 1h; - publish-safety PT1H; - retire-safety 2h; - zone-propagation-delay 3600; - max-zone-ttl 6h; - parent-propagation-delay pt1h; - parent-ds-ttl 7200; -}; +{% if RSASHA1_SUPPORTED == "1" %} +include "policies/kasp-rsasha1.conf"; +include "named-rsasha1.conf"; +{% endif %} diff --git a/bin/tests/system/kasp/ns3/policies/autosign.conf.in b/bin/tests/system/kasp/ns3/policies/autosign.conf.j2 similarity index 100% rename from bin/tests/system/kasp/ns3/policies/autosign.conf.in rename to bin/tests/system/kasp/ns3/policies/autosign.conf.j2 diff --git a/bin/tests/system/kasp/ns3/policies/kasp-fips.conf.in b/bin/tests/system/kasp/ns3/policies/kasp-fips.conf.j2 similarity index 100% rename from bin/tests/system/kasp/ns3/policies/kasp-fips.conf.in rename to bin/tests/system/kasp/ns3/policies/kasp-fips.conf.j2 diff --git a/bin/tests/system/kasp/ns3/policies/kasp.conf.in b/bin/tests/system/kasp/ns3/policies/kasp-rsasha1.conf.j2 similarity index 95% rename from bin/tests/system/kasp/ns3/policies/kasp.conf.in rename to bin/tests/system/kasp/ns3/policies/kasp-rsasha1.conf.j2 index cb045bcb07a..246b99a65b8 100644 --- a/bin/tests/system/kasp/ns3/policies/kasp.conf.in +++ b/bin/tests/system/kasp/ns3/policies/kasp-rsasha1.conf.j2 @@ -11,8 +11,6 @@ * information regarding copyright ownership. */ -include "policies/kasp-fips.conf"; - dnssec-policy "rsasha1" { dnskey-ttl 1234; diff --git a/bin/tests/system/kasp/ns4/named.conf.in b/bin/tests/system/kasp/ns4/named.conf.j2 similarity index 100% rename from bin/tests/system/kasp/ns4/named.conf.in rename to bin/tests/system/kasp/ns4/named.conf.j2 diff --git a/bin/tests/system/kasp/ns5/named.conf.in b/bin/tests/system/kasp/ns5/named.conf.j2 similarity index 100% rename from bin/tests/system/kasp/ns5/named.conf.in rename to bin/tests/system/kasp/ns5/named.conf.j2 diff --git a/bin/tests/system/kasp/ns6/named.conf.in b/bin/tests/system/kasp/ns6/named.conf.j2 similarity index 100% rename from bin/tests/system/kasp/ns6/named.conf.in rename to bin/tests/system/kasp/ns6/named.conf.j2 diff --git a/bin/tests/system/kasp/ns6/policies/csk1.conf.in b/bin/tests/system/kasp/ns6/policies/csk1.conf.j2 similarity index 100% rename from bin/tests/system/kasp/ns6/policies/csk1.conf.in rename to bin/tests/system/kasp/ns6/policies/csk1.conf.j2 diff --git a/bin/tests/system/kasp/ns6/policies/csk2.conf.in b/bin/tests/system/kasp/ns6/policies/csk2.conf.in deleted file mode 100644 index 6d290c3c322..00000000000 --- a/bin/tests/system/kasp/ns6/policies/csk2.conf.in +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * SPDX-License-Identifier: MPL-2.0 - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, you can obtain one at https://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -dnssec-policy "csk-algoroll" { - signatures-refresh P5D; - signatures-validity 30d; - signatures-validity-dnskey 30d; - - keys { - csk lifetime unlimited algorithm @DEFAULT_ALGORITHM@; - }; - - dnskey-ttl 1h; - publish-safety PT1H; - retire-safety 2h; - zone-propagation-delay 3600; - max-zone-ttl 6h; - parent-propagation-delay pt1h; - parent-ds-ttl 7200; -}; diff --git a/bin/tests/system/kasp/ns6/policies/kasp-fips.conf.in b/bin/tests/system/kasp/ns6/policies/kasp.conf.j2 similarity index 57% rename from bin/tests/system/kasp/ns6/policies/kasp-fips.conf.in rename to bin/tests/system/kasp/ns6/policies/kasp.conf.j2 index b217aa68cc0..cd366c826c9 100644 --- a/bin/tests/system/kasp/ns6/policies/kasp-fips.conf.in +++ b/bin/tests/system/kasp/ns6/policies/kasp.conf.j2 @@ -11,29 +11,8 @@ * information regarding copyright ownership. */ -dnssec-policy "nsec3" { - nsec3param iterations 0 optout no salt-length 0; -}; - dnssec-policy "modified" { keys { csk lifetime unlimited algorithm rsasha256 2048; }; }; - -dnssec-policy "unlimited-lifetime" { - keys { - csk lifetime unlimited algorithm @DEFAULT_ALGORITHM@; - }; -}; -dnssec-policy "short-lifetime" { - keys { - csk lifetime P6M algorithm @DEFAULT_ALGORITHM@; - }; -}; - -dnssec-policy "long-lifetime" { - keys { - csk lifetime P1Y algorithm @DEFAULT_ALGORITHM@; - }; -}; diff --git a/bin/tests/system/kasp/setup.sh b/bin/tests/system/kasp/setup.sh index ccc45334d97..2b8cf6b4d86 100644 --- a/bin/tests/system/kasp/setup.sh +++ b/bin/tests/system/kasp/setup.sh @@ -19,32 +19,6 @@ set -e mkdir keys mkdir ns3/keys -copy_setports ns2/named.conf.in ns2/named.conf -if [ $RSASHA1_SUPPORTED = 0 ]; then - copy_setports ns3/named-fips.conf.in ns3/named.conf -else - copy_setports ns3/named-fips.conf.in ns3/named-fips.conf - copy_setports ns3/named.conf.in ns3/named.conf -fi -copy_setports ns4/named.conf.in ns4/named.conf -copy_setports ns5/named.conf.in ns5/named.conf -copy_setports ns6/named.conf.in ns6/named.conf - -copy_setports ns3/policies/autosign.conf.in ns3/policies/autosign.conf -copy_setports ns3/policies/kasp-fips.conf.in ns3/policies/kasp-fips.conf -copy_setports ns3/policies/kasp.conf.in ns3/policies/kasp.conf -if [ $RSASHA1_SUPPORTED = 0 ]; then - cp ns3/policies/kasp-fips.conf ns3/policies/kasp.conf -fi - -copy_setports ns6/policies/csk1.conf.in ns6/policies/csk1.conf -copy_setports ns6/policies/csk2.conf.in ns6/policies/csk2.conf -copy_setports ns6/policies/kasp-fips.conf.in ns6/policies/kasp-fips.conf -copy_setports ns6/policies/kasp.conf.in ns6/policies/kasp.conf -if [ $RSASHA1_SUPPORTED = 0 ]; then - cp ns6/policies/kasp-fips.conf ns6/policies/kasp.conf -fi - # Setup zones ( cd ns2 diff --git a/bin/tests/system/kasp/tests_kasp.py b/bin/tests/system/kasp/tests_kasp.py index 6b9fd9d228f..353bd9aa01c 100644 --- a/bin/tests/system/kasp/tests_kasp.py +++ b/bin/tests/system/kasp/tests_kasp.py @@ -73,7 +73,7 @@ pytestmark = pytest.mark.extra_artifacts( "ns*/zsk", "ns*/zsk", "ns*/zsk/K*", - "ns*/named-fips.conf", + "ns*/named*.conf", "ns*/settime.out.*", "ns*/signer.out.*", "ns*/zones",