From: Štěpán Balážik Date: Wed, 4 Feb 2026 17:17:17 +0000 (+0100) Subject: Make default_algorithm accessible through a fixture and method X-Git-Tag: v9.21.19~15^2~11 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ef21b779124e2edea914b75a1f7bbf963fbaafb4;p=thirdparty%2Fbind9.git Make default_algorithm accessible through a fixture and method Importing pytest fixture trips up static analysis tools, so move default_algorithm to conftest.py and use it instead of os.environ accesses in various system tests. For use outside test function, use Algorithm.default(). --- diff --git a/bin/tests/system/conftest.py b/bin/tests/system/conftest.py index 089d5ed52cb..4e7a1d7b1a1 100644 --- a/bin/tests/system/conftest.py +++ b/bin/tests/system/conftest.py @@ -233,6 +233,11 @@ def control_port(): return int(os.environ["CONTROLPORT"]) +@pytest.fixture(scope="module") +def default_algorithm(): + return isctest.vars.algorithms.Algorithm.default() + + @pytest.fixture(scope="module") def system_test_name(request): """Name of the system test directory.""" diff --git a/bin/tests/system/dnssec/tests_signing.py b/bin/tests/system/dnssec/tests_signing.py index 949c0de8189..42932b1afe3 100644 --- a/bin/tests/system/dnssec/tests_signing.py +++ b/bin/tests/system/dnssec/tests_signing.py @@ -136,12 +136,12 @@ def test_expiring_rrsig(ns3): assert sigs -def test_apex_signing(): +def test_apex_signing(default_algorithm): # check that DNAME at apex with NSEC3 is correctly signed msg = isctest.query.create("dname-at-apex-nsec3.example.", "TXT") res = isctest.query.tcp(msg, "10.53.0.3") sigs = [str(a) for a in res.authority if a.rdtype == rdatatype.RRSIG] - alg = os.environ.get("DEFAULT_ALGORITHM_NUMBER") + alg = default_algorithm.number assert any(f"NSEC3 {alg} 3 600" in a for a in sigs) @@ -171,7 +171,7 @@ def test_occluded_data(): isctest.check.rr_count_eq(res.answer, 4) # A+RRSIG, NSEC+RRSIG -def test_update_signing(): +def test_update_signing(default_algorithm): # minimal update test: add and delete a single record up = update.UpdateMessage("dynamic.example.") up.add("a.dynamic.example.", 300, "A", "73.80.65.49") @@ -191,7 +191,7 @@ def test_update_signing(): # check that the NSEC3 record for the apex is properly signed # when a DNSKEY is added via UPDATE key = keygen( - "-Kns3", "-q3fk", "-a", os.environ["DEFAULT_ALGORITHM"], "update-nsec3.example." + "-Kns3", "-q3fk", "-a", default_algorithm.name, "update-nsec3.example." ) with open(f"ns3/{key}.key", "r", encoding="utf-8") as f: @@ -416,7 +416,7 @@ def test_zonestatus_signing(ns3): assert when < sigs[0].expiration -def test_offline_ksk_signing(ns2): +def test_offline_ksk_signing(ns2, default_algorithm): def getfrom(file): with open(file, encoding="utf-8") as f: return f.read().strip() @@ -498,9 +498,9 @@ def test_offline_ksk_signing(ns2): "-Pnone", "-Anone", "-a", - os.environ["DEFAULT_ALGORITHM"], + default_algorithm.name, "-b", - os.environ["DEFAULT_BITS"], + f"{default_algorithm.bits}", zone, ) zsk_2_id = getkeyid(zsk_2) @@ -557,9 +557,9 @@ def test_offline_ksk_signing(ns2): "-Pnone", "-Anone", "-a", - os.environ["DEFAULT_ALGORITHM"], + default_algorithm.name, "-b", - os.environ["DEFAULT_BITS"], + f"{default_algorithm.bits}", zone, ) zsk_3_id = getkeyid(zsk_3) diff --git a/bin/tests/system/dnssec/tests_validation.py b/bin/tests/system/dnssec/tests_validation.py index 2c79f584f43..777bb693b1d 100644 --- a/bin/tests/system/dnssec/tests_validation.py +++ b/bin/tests/system/dnssec/tests_validation.py @@ -11,7 +11,6 @@ from re import compile as Re -import os import shutil import time @@ -123,7 +122,7 @@ def test_adflag(): isctest.check.noadflag(res2) -def test_secure_root(ns4): +def test_secure_root(ns4, default_algorithm): # check that a query for a secure root validates msg = isctest.query.create(".", "KEY") res = isctest.query.tcp(msg, "10.53.0.4") @@ -132,9 +131,8 @@ def test_secure_root(ns4): # check that "rndc secroots" dumps the trusted keys key = int(getfrom("ns1/managed.key.id")) - alg = os.environ["DEFAULT_ALGORITHM"] response = ns4.rndc("secroots -") - assert f"./{alg}/{key} ; static" in response.out + assert f"./{default_algorithm.name}/{key} ; static" in response.out assert len(response.out.splitlines()) == 10 diff --git a/bin/tests/system/dnssec/tests_validation_managed_keys.py b/bin/tests/system/dnssec/tests_validation_managed_keys.py index 082400b0001..54253df0aae 100644 --- a/bin/tests/system/dnssec/tests_validation_managed_keys.py +++ b/bin/tests/system/dnssec/tests_validation_managed_keys.py @@ -29,7 +29,7 @@ def getfrom(file): return f.read().strip() -def test_secure_root_managed(ns4): +def test_secure_root_managed(ns4, default_algorithm): # check that a query for a secure root validates msg = isctest.query.create(".", "KEY") res = isctest.query.tcp(msg, "10.53.0.4") @@ -38,9 +38,8 @@ def test_secure_root_managed(ns4): # check that "rndc secroots" dumps the trusted keys key = int(getfrom("ns1/managed.key.id")) - alg = os.environ["DEFAULT_ALGORITHM"] response = ns4.rndc("secroots -") - assert f"./{alg}/{key} ; managed" in response.out + assert f"./{default_algorithm.name}/{key} ; managed" in response.out assert len(response.out.splitlines()) == 10 diff --git a/bin/tests/system/dnssec/tests_validation_multiview.py b/bin/tests/system/dnssec/tests_validation_multiview.py index d3ea9e300bd..b1cac381123 100644 --- a/bin/tests/system/dnssec/tests_validation_multiview.py +++ b/bin/tests/system/dnssec/tests_validation_multiview.py @@ -11,8 +11,6 @@ from re import compile as Re -import os - import isctest @@ -50,10 +48,9 @@ def test_validator_logging(ns4): watcher.wait_for_line(pattern) -def test_secure_roots(ns4): +def test_secure_roots(ns4, default_algorithm): # check that "rndc secroots" dumps the trusted keys with multiple views key = int(getfrom("ns1/managed.key.id")) - alg = os.environ["DEFAULT_ALGORITHM"] response = ns4.rndc("secroots -") - assert f"./{alg}/{key} ; static" in response.out + assert f"./{default_algorithm.name}/{key} ; static" in response.out assert len(response.out.splitlines()) == 17 diff --git a/bin/tests/system/isctest/vars/algorithms.py b/bin/tests/system/isctest/vars/algorithms.py index 5be34ff7d78..c0a2eed5c1b 100644 --- a/bin/tests/system/isctest/vars/algorithms.py +++ b/bin/tests/system/isctest/vars/algorithms.py @@ -61,6 +61,15 @@ class Algorithm(NamedTuple): dst: int bits: int + @classmethod + def default(cls): + return cls( + os.environ["DEFAULT_ALGORITHM"], + int(os.environ["DEFAULT_ALGORITHM_NUMBER"]), + int(os.environ["DEFAULT_ALGORITHM_DST_NUMBER"]), + int(os.environ["DEFAULT_BITS"]), + ) + class AlgorithmSet(NamedTuple): """Collection of DEFAULT, ALTERNATIVE and DISABLED algorithms""" diff --git a/bin/tests/system/kasp/tests_kasp.py b/bin/tests/system/kasp/tests_kasp.py index 87ecbcab240..cc041dff86c 100644 --- a/bin/tests/system/kasp/tests_kasp.py +++ b/bin/tests/system/kasp/tests_kasp.py @@ -22,7 +22,7 @@ import pytest from isctest.kasp import KeyProperties, KeyTimingMetadata, SettimeOptions from isctest.util import param -from isctest.vars.algorithms import ECDSAP256SHA256, ECDSAP384SHA384 +from isctest.vars.algorithms import ECDSAP256SHA256, ECDSAP384SHA384, Algorithm import isctest import isctest.mark @@ -129,10 +129,10 @@ KASP_INHERIT_TSIG_SECRET = { } -def autosign_properties(alg, size): +def autosign_properties(algorithm: Algorithm): return [ - f"ksk {lifetime['P2Y']} {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent", - f"zsk {lifetime['P1Y']} {alg} {size} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent", + f"ksk {lifetime['P2Y']} {algorithm.number} {algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent", + f"zsk {lifetime['P1Y']} {algorithm.number} {algorithm.bits} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent", ] @@ -353,9 +353,7 @@ def cb_remove_keyfiles(params, ksks=None, zsks=None): "policy": "autosign", "config": autosign_config, "offset": -timedelta(days=30 * 6), - "key-properties": autosign_properties( - os.environ["DEFAULT_ALGORITHM_NUMBER"], os.environ["DEFAULT_BITS"] - ), + "key-properties": autosign_properties(Algorithm.default()), }, id="dnskey-ttl-mismatch.autosign", ), @@ -365,9 +363,7 @@ def cb_remove_keyfiles(params, ksks=None, zsks=None): "policy": "autosign", "config": autosign_config, "offset": -timedelta(days=30 * 6), - "key-properties": autosign_properties( - os.environ["DEFAULT_ALGORITHM_NUMBER"], os.environ["DEFAULT_BITS"] - ), + "key-properties": autosign_properties(Algorithm.default()), "additional-tests": [ { "callback": cb_rrsig_refresh, @@ -383,9 +379,7 @@ def cb_remove_keyfiles(params, ksks=None, zsks=None): "policy": "autosign", "config": autosign_config, "offset": -timedelta(days=30 * 6), - "key-properties": autosign_properties( - os.environ["DEFAULT_ALGORITHM_NUMBER"], os.environ["DEFAULT_BITS"] - ), + "key-properties": autosign_properties(Algorithm.default()), "additional-tests": [ { "callback": cb_rrsig_reuse, @@ -401,9 +395,7 @@ def cb_remove_keyfiles(params, ksks=None, zsks=None): "policy": "autosign", "config": autosign_config, "offset": -timedelta(days=30 * 6), - "key-properties": autosign_properties( - os.environ["DEFAULT_ALGORITHM_NUMBER"], os.environ["DEFAULT_BITS"] - ), + "key-properties": autosign_properties(Algorithm.default()), "additional-tests": [ { "callback": cb_rrsig_refresh, @@ -419,9 +411,7 @@ def cb_remove_keyfiles(params, ksks=None, zsks=None): "policy": "autosign", "config": autosign_config, "offset": -timedelta(days=30 * 6), - "key-properties": autosign_properties( - os.environ["DEFAULT_ALGORITHM_NUMBER"], os.environ["DEFAULT_BITS"] - ), + "key-properties": autosign_properties(Algorithm.default()), "additional-tests": [ { "callback": cb_remove_keyfiles, @@ -438,8 +428,8 @@ def cb_remove_keyfiles(params, ksks=None, zsks=None): "config": autosign_config, "offset": -timedelta(days=30 * 6), "key-properties": [ - f"ksk 63072000 {os.environ['DEFAULT_ALGORITHM_NUMBER']} {os.environ['DEFAULT_BITS']} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent missing", - f"zsk 31536000 {os.environ['DEFAULT_ALGORITHM_NUMBER']} {os.environ['DEFAULT_BITS']} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent", + f"ksk 63072000 {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent missing", + f"zsk 31536000 {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent", ], }, id="ksk-missing.autosign", @@ -451,8 +441,8 @@ def cb_remove_keyfiles(params, ksks=None, zsks=None): "config": autosign_config, "offset": -timedelta(days=30 * 6), "key-properties": [ - f"ksk 63072000 {os.environ['DEFAULT_ALGORITHM_NUMBER']} {os.environ['DEFAULT_BITS']} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent", - f"zsk 31536000 {os.environ['DEFAULT_ALGORITHM_NUMBER']} {os.environ['DEFAULT_BITS']} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent missing", + f"ksk 63072000 {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent", + f"zsk 31536000 {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent missing", ], }, id="zsk-missing.autosign", @@ -511,8 +501,8 @@ def cb_remove_keyfiles(params, ksks=None, zsks=None): }, "key-directories": ["{keydir}/ksk", "{keydir}/zsk"], "key-properties": [ - f"ksk unlimited {os.environ['DEFAULT_ALGORITHM_NUMBER']} {os.environ['DEFAULT_BITS']} goal:omnipresent dnskey:rumoured krrsig:rumoured ds:hidden", - f"zsk unlimited {os.environ['DEFAULT_ALGORITHM_NUMBER']} {os.environ['DEFAULT_BITS']} goal:omnipresent dnskey:rumoured zrrsig:rumoured", + f"ksk unlimited {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:rumoured krrsig:rumoured ds:hidden", + f"zsk unlimited {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:rumoured zrrsig:rumoured", ], }, id="keystore.kasp", @@ -613,7 +603,7 @@ def cb_remove_keyfiles(params, ksks=None, zsks=None): "policy": "unlimited", "config": kasp_config, "key-properties": [ - f"csk 0 {os.environ['DEFAULT_ALGORITHM_NUMBER']} {os.environ['DEFAULT_BITS']} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", + f"csk 0 {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", ], }, id="unlimited.kasp", @@ -1096,18 +1086,16 @@ def test_kasp_dynamic(ns3): assert f"zone_resigninc: zone {zone}/IN (unsigned): enter" not in "ns3/named.run" -def test_kasp_checkds(ns3): +def test_kasp_checkds(ns3, default_algorithm): def wait_for_metadata(): return isctest.util.file_contents_contain(ksk.statefile, metadata) # Zone: checkds-ksk.kasp. zone = "checkds-ksk.kasp" policy = "checkds-ksk" - alg = os.environ["DEFAULT_ALGORITHM_NUMBER"] - size = os.environ["DEFAULT_BITS"] policy_keys = [ - f"ksk unlimited {alg} {size} goal:omnipresent dnskey:rumoured krrsig:rumoured ds:hidden", - f"zsk unlimited {alg} {size} goal:omnipresent dnskey:rumoured zrrsig:rumoured", + f"ksk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:rumoured krrsig:rumoured ds:hidden", + f"zsk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:rumoured zrrsig:rumoured", ] isctest.kasp.wait_keymgr_done(ns3, zone) @@ -1140,19 +1128,17 @@ def test_kasp_checkds(ns3): isctest.kasp.check_keys(zone, keys, expected) -def test_kasp_checkds_doubleksk(ns3): +def test_kasp_checkds_doubleksk(ns3, default_algorithm): def wait_for_metadata(): return isctest.util.file_contents_contain(ksk.statefile, metadata) # Zone: checkds-doubleksk.kasp. zone = "checkds-doubleksk.kasp" policy = "checkds-doubleksk" - alg = os.environ["DEFAULT_ALGORITHM_NUMBER"] - size = os.environ["DEFAULT_BITS"] policy_keys = [ - f"ksk unlimited {alg} {size} goal:omnipresent dnskey:rumoured krrsig:rumoured ds:hidden", - f"ksk unlimited {alg} {size} goal:omnipresent dnskey:rumoured krrsig:rumoured ds:hidden", - f"zsk unlimited {alg} {size} goal:omnipresent dnskey:rumoured zrrsig:rumoured", + f"ksk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:rumoured krrsig:rumoured ds:hidden", + f"ksk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:rumoured krrsig:rumoured ds:hidden", + f"zsk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:rumoured zrrsig:rumoured", ] isctest.kasp.wait_keymgr_done(ns3, zone) @@ -1214,17 +1200,15 @@ def test_kasp_checkds_doubleksk(ns3): isctest.kasp.check_keys(zone, keys, expected) -def test_kasp_checkds_csk(ns3): +def test_kasp_checkds_csk(ns3, default_algorithm): def wait_for_metadata(): return isctest.util.file_contents_contain(ksk.statefile, metadata) # Zone: checkds-csk.kasp. zone = "checkds-csk.kasp" policy = "checkds-csk" - alg = os.environ["DEFAULT_ALGORITHM_NUMBER"] - size = os.environ["DEFAULT_BITS"] policy_keys = [ - f"csk unlimited {alg} {size} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", + f"csk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", ] isctest.kasp.wait_keymgr_done(ns3, zone) @@ -1461,7 +1445,7 @@ def test_kasp_dnssec_keygen(): isctest.kasp.check_keytimes(keys, expected) -def test_kasp_zsk_retired(ns3): +def test_kasp_zsk_retired(ns3, default_algorithm): config = { "dnskey-ttl": timedelta(seconds=300), "ds-ttl": timedelta(days=1), @@ -1476,14 +1460,12 @@ def test_kasp_zsk_retired(ns3): zone = "zsk-retired.autosign" policy = "autosign" - alg = os.environ["DEFAULT_ALGORITHM_NUMBER"] - size = os.environ["DEFAULT_BITS"] key_properties = [ - f"ksk 63072000 {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent", + f"ksk 63072000 {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent", # zsk predecessor - f"zsk 31536000 {alg} {size} goal:hidden dnskey:omnipresent zrrsig:omnipresent", + f"zsk 31536000 {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:omnipresent zrrsig:omnipresent", # zsk successor - f"zsk 31536000 {alg} {size} goal:omnipresent dnskey:rumoured zrrsig:hidden", + f"zsk 31536000 {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:rumoured zrrsig:hidden", ] isctest.kasp.wait_keymgr_done(ns3, zone) @@ -1682,18 +1664,16 @@ def test_kasp_reload_restart(ns6): isctest.run.retry_with_timeout(check_soa_ttl, timeout=10) -def test_kasp_manual_mode(ns3): +def test_kasp_manual_mode(ns3, default_algorithm): keydir = ns3.identifier zone = "keyfiles-missing.manual" policy = "manual" ttl = int(autosign_config["dnskey-ttl"].total_seconds()) offset = -timedelta(days=30 * 6) - alg = os.environ["DEFAULT_ALGORITHM_NUMBER"] - size = os.environ["DEFAULT_BITS"] keyprops = [ - f"ksk {lifetime['P2Y']} {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent", - f"zsk {lifetime['P2M']} {alg} {size} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent", + f"ksk {lifetime['P2Y']} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent", + f"zsk {lifetime['P2M']} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent", ] isctest.kasp.wait_keymgr_done(ns3, zone) @@ -1768,9 +1748,9 @@ def test_kasp_manual_mode(ns3): # Check keys again, make sure the rollover has started. keyprops = [ - f"ksk {lifetime['P2Y']} {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent", - f"zsk {lifetime['P2M']} {alg} {size} goal:hidden dnskey:omnipresent zrrsig:omnipresent", - f"zsk {lifetime['P2M']} {alg} {size} goal:omnipresent dnskey:rumoured zrrsig:hidden", + f"ksk {lifetime['P2Y']} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent", + f"zsk {lifetime['P2M']} {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:omnipresent zrrsig:omnipresent", + f"zsk {lifetime['P2M']} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:rumoured zrrsig:hidden", ] expected = isctest.kasp.policy_to_properties(ttl=ttl, keys=keyprops) keys = isctest.kasp.keydir_to_keylist(zone, keydir) diff --git a/bin/tests/system/ksr/tests_ksr.py b/bin/tests/system/ksr/tests_ksr.py index 2164894042d..6b2cb21b651 100644 --- a/bin/tests/system/ksr/tests_ksr.py +++ b/bin/tests/system/ksr/tests_ksr.py @@ -19,6 +19,7 @@ import time import pytest from isctest.kasp import KeyTimingMetadata +from isctest.vars.algorithms import Algorithm import isctest @@ -112,12 +113,17 @@ def ksr(zone, policy, action, options="", raise_on_exception=True, to_file=""): def check_keys( keys, lifetime, - alg=os.environ["DEFAULT_ALGORITHM_DST_NUMBER"], - size=os.environ["DEFAULT_BITS"], + alg=None, + size=None, offset=0, with_state=False, ): # Check keys that were created. + if alg is None: + alg = Algorithm.default().dst + if size is None: + size = Algorithm.default().bits + num = 0 now = KeyTimingMetadata.now() diff --git a/bin/tests/system/migrate2kasp/tests_migrate2kasp.py b/bin/tests/system/migrate2kasp/tests_migrate2kasp.py index 76c670fafbb..26f1e34ade4 100644 --- a/bin/tests/system/migrate2kasp/tests_migrate2kasp.py +++ b/bin/tests/system/migrate2kasp/tests_migrate2kasp.py @@ -15,6 +15,8 @@ import os import pytest +from isctest.vars.algorithms import Algorithm + import isctest import isctest.mark @@ -134,8 +136,8 @@ lifetime = { "config": standard_config, "offset": 0, "key-properties": [ - f"ksk 0 {os.environ['DEFAULT_ALGORITHM_NUMBER']} {os.environ['DEFAULT_BITS']} goal:omnipresent dnskey:rumoured krrsig:rumoured ds:rumoured", - f"zsk {lifetime['P60D']} {os.environ['DEFAULT_ALGORITHM_NUMBER']} {os.environ['DEFAULT_BITS']} goal:omnipresent dnskey:rumoured zrrsig:rumoured", + f"ksk 0 {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:rumoured krrsig:rumoured ds:rumoured", + f"zsk {lifetime['P60D']} {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:rumoured zrrsig:rumoured", ], }, id="migrate.kasp", @@ -149,7 +151,7 @@ lifetime = { "config": default_config, "offset": 0, "key-properties": [ - f"csk 0 {os.environ['DEFAULT_ALGORITHM_NUMBER']} {os.environ['DEFAULT_BITS']} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:rumoured", + f"csk 0 {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:rumoured", ], }, id="csk.kasp", @@ -163,7 +165,7 @@ lifetime = { "config": default_config, "offset": 0, "key-properties": [ - f"csk 0 {os.environ['DEFAULT_ALGORITHM_NUMBER']} {os.environ['DEFAULT_BITS']} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:rumoured", + f"csk 0 {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:rumoured", ], }, id="csk-nosep.kasp", @@ -177,8 +179,8 @@ lifetime = { "config": timing_config, "offset": -timedelta(seconds=300), "key-properties": [ - f"ksk {lifetime['P60D']} {os.environ['DEFAULT_ALGORITHM_NUMBER']} {os.environ['DEFAULT_BITS']} goal:omnipresent dnskey:rumoured krrsig:rumoured ds:rumoured", - f"zsk {lifetime['P60D']} {os.environ['DEFAULT_ALGORITHM_NUMBER']} {os.environ['DEFAULT_BITS']} goal:omnipresent dnskey:rumoured zrrsig:rumoured", + f"ksk {lifetime['P60D']} {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:rumoured krrsig:rumoured ds:rumoured", + f"zsk {lifetime['P60D']} {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:rumoured zrrsig:rumoured", ], }, id="rumoured.kasp", @@ -192,8 +194,8 @@ lifetime = { "config": timing_config, "offset": -timedelta(seconds=3900), "key-properties": [ - f"ksk {lifetime['P60D']} {os.environ['DEFAULT_ALGORITHM_NUMBER']} {os.environ['DEFAULT_BITS']} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent", - f"zsk {lifetime['P60D']} {os.environ['DEFAULT_ALGORITHM_NUMBER']} {os.environ['DEFAULT_BITS']} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent", + f"ksk {lifetime['P60D']} {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent", + f"zsk {lifetime['P60D']} {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent", ], }, id="omnipresent.kasp", @@ -207,8 +209,8 @@ lifetime = { "config": timing_config, "offset": -timedelta(hours=12), "key-properties": [ - f"ksk {lifetime['P60D']} {os.environ['DEFAULT_ALGORITHM_NUMBER']} {os.environ['DEFAULT_BITS']} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:rumoured", - f"zsk {lifetime['P60D']} {os.environ['DEFAULT_ALGORITHM_NUMBER']} {os.environ['DEFAULT_BITS']} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent", + f"ksk {lifetime['P60D']} {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:rumoured", + f"zsk {lifetime['P60D']} {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent", ], }, id="no-syncpublish.kasp", @@ -224,8 +226,8 @@ lifetime = { "key-properties": [ "ksk - 8 2048 goal:hidden dnskey:omnipresent krrsig:omnipresent ds:omnipresent", "zsk - 8 2048 goal:hidden dnskey:omnipresent zrrsig:omnipresent", - f"ksk 0 {os.environ['DEFAULT_ALGORITHM_NUMBER']} {os.environ['DEFAULT_BITS']} goal:omnipresent dnskey:rumoured krrsig:rumoured ds:hidden", - f"zsk {lifetime['P60D']} {os.environ['DEFAULT_ALGORITHM_NUMBER']} {os.environ['DEFAULT_BITS']} goal:omnipresent dnskey:rumoured zrrsig:rumoured", + f"ksk 0 {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:rumoured krrsig:rumoured ds:hidden", + f"zsk {lifetime['P60D']} {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:rumoured zrrsig:rumoured", ], }, id="migrate-nomatch-algnum.kasp", @@ -257,10 +259,10 @@ lifetime = { "config": migrate_config, "offset": -timedelta(seconds=3900), "key-properties": [ - f"ksk - {os.environ['DEFAULT_ALGORITHM_NUMBER']} {os.environ['DEFAULT_BITS']} goal:hidden dnskey:omnipresent krrsig:omnipresent ds:omnipresent", - f"zsk - {os.environ['DEFAULT_ALGORITHM_NUMBER']} {os.environ['DEFAULT_BITS']} goal:hidden dnskey:omnipresent zrrsig:omnipresent", + f"ksk - {Algorithm.default().number} {Algorithm.default().bits} goal:hidden dnskey:omnipresent krrsig:omnipresent ds:omnipresent", + f"zsk - {Algorithm.default().number} {Algorithm.default().bits} goal:hidden dnskey:omnipresent zrrsig:omnipresent", # This key is considered to be prepublished, so it is not yet signing, nor is the DS introduced. - f"csk 0 {os.environ['DEFAULT_ALGORITHM_NUMBER']} {os.environ['DEFAULT_BITS']} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:hidden ds:hidden", + f"csk 0 {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:hidden ds:hidden", ], }, id="migrate-nomatch-kzc.kasp", diff --git a/bin/tests/system/multisigner/tests_multisigner.py b/bin/tests/system/multisigner/tests_multisigner.py index 894c0dd5b51..1ea3ddd6d81 100644 --- a/bin/tests/system/multisigner/tests_multisigner.py +++ b/bin/tests/system/multisigner/tests_multisigner.py @@ -49,8 +49,6 @@ pytestmark = pytest.mark.extra_artifacts( ] ) -ALGORITHM = os.environ["DEFAULT_ALGORITHM_NUMBER"] -SIZE = os.environ["DEFAULT_BITS"] CONFIG = { "dnskey-ttl": timedelta(hours=1), "ds-ttl": timedelta(days=1), @@ -506,11 +504,11 @@ def check_remove_cds( check_dnssec(server, zone, keys, expected) -def test_multisigner(ns2, ns3, ns4): +def test_multisigner(ns2, ns3, ns4, default_algorithm): zone = "model2.multisigner" keyprops = [ - f"ksk 0 {ALGORITHM} {SIZE} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent", - f"zsk 0 {ALGORITHM} {SIZE} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent", + f"ksk 0 {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent", + f"zsk 0 {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent", ] # First make sure the zone is properly signed. @@ -550,7 +548,7 @@ def test_multisigner(ns2, ns3, ns4): check_dnssec(ns4, zone, keys4, expected4) # Add DNSKEY to RRset. - newprops = [f"zsk unlimited {ALGORITHM} {SIZE}"] + newprops = [f"zsk unlimited {default_algorithm.number} {default_algorithm.bits}"] extra = isctest.kasp.policy_to_properties(ttl=TTL, keys=newprops) extra[0].private = False extra[0].legacy = True @@ -565,7 +563,7 @@ def test_multisigner(ns2, ns3, ns4): check_no_dnssec_in_journal(ns4, zone) # Add CDNSKEY RRset. - newprops = [f"ksk unlimited {ALGORITHM} {SIZE}"] + newprops = [f"ksk unlimited {default_algorithm.number} {default_algorithm.bits}"] extra = isctest.kasp.policy_to_properties(ttl=TTL, keys=newprops) extra[0].private = False extra[0].legacy = True @@ -613,11 +611,11 @@ def test_multisigner_bad_dsync(ns3, ns4): ) -def test_multisigner_secondary(ns2, ns3, ns4, ns5): +def test_multisigner_secondary(ns2, ns3, ns4, ns5, default_algorithm): zone = "model2.secondary" keyprops = [ - f"ksk 0 {ALGORITHM} {SIZE} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent", - f"zsk 0 {ALGORITHM} {SIZE} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent", + f"ksk 0 {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent", + f"zsk 0 {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent", ] # First make sure the zone is properly signed. @@ -658,7 +656,7 @@ def test_multisigner_secondary(ns2, ns3, ns4, ns5): check_dnssec(ns4, zone, keys4, expected4) # Add DNSKEY to RRset. - newprops = [f"zsk unlimited {ALGORITHM} {SIZE}"] + newprops = [f"zsk unlimited {default_algorithm.number} {default_algorithm.bits}"] extra = isctest.kasp.policy_to_properties(ttl=TTL, keys=newprops) extra[0].private = False extra[0].legacy = True @@ -675,7 +673,7 @@ def test_multisigner_secondary(ns2, ns3, ns4, ns5): check_no_dnssec_in_journal(ns4, zone) # Add CDNSKEY RRset. - newprops = [f"ksk unlimited {ALGORITHM} {SIZE}"] + newprops = [f"ksk unlimited {default_algorithm.number} {default_algorithm.bits}"] extra = isctest.kasp.policy_to_properties(ttl=TTL, keys=newprops) extra[0].private = False extra[0].legacy = True diff --git a/bin/tests/system/nsec3/common.py b/bin/tests/system/nsec3/common.py index 85afe2b23a3..31c7ecd66a2 100644 --- a/bin/tests/system/nsec3/common.py +++ b/bin/tests/system/nsec3/common.py @@ -11,8 +11,6 @@ from datetime import timedelta -import os - import dns import pytest @@ -39,9 +37,6 @@ pytestmark = pytest.mark.extra_artifacts( ] ) -ALGORITHM = os.environ["DEFAULT_ALGORITHM_NUMBER"] -SIZE = os.environ["DEFAULT_BITS"] - default_config = { "dnskey-ttl": timedelta(hours=1), "ds-ttl": timedelta(days=1), diff --git a/bin/tests/system/nsec3/tests_nsec3_change.py b/bin/tests/system/nsec3/tests_nsec3_change.py index beaea9554d6..4d01eb70d05 100644 --- a/bin/tests/system/nsec3/tests_nsec3_change.py +++ b/bin/tests/system/nsec3/tests_nsec3_change.py @@ -19,8 +19,8 @@ import dns import dns.update import pytest -from isctest.vars.algorithms import RSASHA1 -from nsec3.common import ALGORITHM, SIZE, check_nsec3_case, default_config, pytestmark +from isctest.vars.algorithms import RSASHA1, Algorithm +from nsec3.common import check_nsec3_case, default_config, pytestmark import isctest import isctest.mark @@ -95,7 +95,7 @@ def test_nsec3_case(ns3): "salt-length": 8, }, "key-properties": [ - f"csk 0 {ALGORITHM} {SIZE} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", + f"csk 0 {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", ], } zone = params["zone"] diff --git a/bin/tests/system/nsec3/tests_nsec3_initial.py b/bin/tests/system/nsec3/tests_nsec3_initial.py index 19ba62600d8..8148a16fd3f 100644 --- a/bin/tests/system/nsec3/tests_nsec3_initial.py +++ b/bin/tests/system/nsec3/tests_nsec3_initial.py @@ -17,8 +17,8 @@ import dns import dns.update import pytest -from isctest.vars.algorithms import RSASHA1 -from nsec3.common import ALGORITHM, SIZE, check_nsec3_case, default_config, pytestmark +from isctest.vars.algorithms import RSASHA1, Algorithm +from nsec3.common import check_nsec3_case, default_config, pytestmark import isctest import isctest.mark @@ -65,7 +65,7 @@ def bootstrap(): "zone": "nsec-to-nsec3.kasp", "policy": "nsec", "key-properties": [ - f"csk 0 {ALGORITHM} {SIZE} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", + f"csk 0 {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", ], }, id="nsec-to-nsec3.kasp", @@ -99,10 +99,10 @@ def bootstrap(): "zone": "nsec3-xfr-inline.kasp", "policy": "nsec", "key-properties": [ - f"csk 0 {ALGORITHM} {SIZE} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", + f"csk 0 {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", ], "external-keys": [ - f"csk 0 {ALGORITHM} {SIZE}", + f"csk 0 {Algorithm.default().number} {Algorithm.default().bits}", ], "external-keydir": "ns2", }, @@ -113,7 +113,7 @@ def bootstrap(): "zone": "nsec3-dynamic-update-inline.kasp", "policy": "nsec", "key-properties": [ - f"csk 0 {ALGORITHM} {SIZE} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", + f"csk 0 {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", ], }, id="nsec3-dynamic-update-inline.kasp", @@ -156,7 +156,7 @@ def test_nsec_case(ns3, params): "zone": "nsec3-to-rsasha1.kasp", "policy": "nsec3", "key-properties": [ - f"csk 0 {ALGORITHM} {SIZE} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent", + f"csk 0 {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent", ], }, id="nsec3-to-rsasha1.kasp", @@ -167,7 +167,7 @@ def test_nsec_case(ns3, params): "zone": "nsec3-to-rsasha1-ds.kasp", "policy": "nsec3", "key-properties": [ - f"csk 0 {ALGORITHM} {SIZE} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent", + f"csk 0 {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent", ], }, id="nsec3-to-rsasha1-ds.kasp", @@ -178,7 +178,7 @@ def test_nsec_case(ns3, params): "zone": "nsec3.kasp", "policy": "nsec3", "key-properties": [ - f"csk 0 {ALGORITHM} {SIZE} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", + f"csk 0 {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", ], }, id="nsec3.kasp", @@ -188,7 +188,7 @@ def test_nsec_case(ns3, params): "zone": "nsec3-dynamic.kasp", "policy": "nsec3", "key-properties": [ - f"csk 0 {ALGORITHM} {SIZE} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", + f"csk 0 {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", ], }, id="nsec3-dynamic.kasp", @@ -198,7 +198,7 @@ def test_nsec_case(ns3, params): "zone": "nsec3-change.kasp", "policy": "nsec3", "key-properties": [ - f"csk 0 {ALGORITHM} {SIZE} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", + f"csk 0 {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", ], }, id="nsec3-change.kasp", @@ -208,7 +208,7 @@ def test_nsec_case(ns3, params): "zone": "nsec3-dynamic-change.kasp", "policy": "nsec3", "key-properties": [ - f"csk 0 {ALGORITHM} {SIZE} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", + f"csk 0 {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", ], }, id="nsec3-dynamic-change.kasp", @@ -218,7 +218,7 @@ def test_nsec_case(ns3, params): "zone": "nsec3-dynamic-to-inline.kasp", "policy": "nsec3", "key-properties": [ - f"csk 0 {ALGORITHM} {SIZE} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", + f"csk 0 {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", ], }, id="nsec3-dynamic-to-inline.kasp", @@ -228,7 +228,7 @@ def test_nsec_case(ns3, params): "zone": "nsec3-inline-to-dynamic.kasp", "policy": "nsec3", "key-properties": [ - f"csk 0 {ALGORITHM} {SIZE} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", + f"csk 0 {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", ], }, id="nsec3-inline-to-dynamic.kasp", @@ -238,7 +238,7 @@ def test_nsec_case(ns3, params): "zone": "nsec3-to-nsec.kasp", "policy": "nsec3", "key-properties": [ - f"csk 0 {ALGORITHM} {SIZE} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", + f"csk 0 {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", ], }, id="nsec3-to-nsec.kasp", @@ -248,7 +248,7 @@ def test_nsec_case(ns3, params): "zone": "nsec3-to-optout.kasp", "policy": "nsec3", "key-properties": [ - f"csk 0 {ALGORITHM} {SIZE} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", + f"csk 0 {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", ], }, id="nsec3-to-optout.kasp", @@ -262,7 +262,7 @@ def test_nsec_case(ns3, params): "salt-length": 0, }, "key-properties": [ - f"csk 0 {ALGORITHM} {SIZE} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", + f"csk 0 {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", ], }, id="nsec3-from-optout.kasp", @@ -276,7 +276,7 @@ def test_nsec_case(ns3, params): "salt-length": 8, }, "key-properties": [ - f"csk 0 {ALGORITHM} {SIZE} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", + f"csk 0 {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", ], }, id="nsec3-other.kasp", diff --git a/bin/tests/system/nsec3/tests_nsec3_reconfig.py b/bin/tests/system/nsec3/tests_nsec3_reconfig.py index a725039ed46..6c8c16b29cd 100644 --- a/bin/tests/system/nsec3/tests_nsec3_reconfig.py +++ b/bin/tests/system/nsec3/tests_nsec3_reconfig.py @@ -19,8 +19,8 @@ import dns import dns.update import pytest -from isctest.vars.algorithms import RSASHA1 -from nsec3.common import ALGORITHM, SIZE, check_nsec3_case, default_config, pytestmark +from isctest.vars.algorithms import RSASHA1, Algorithm +from nsec3.common import check_nsec3_case, default_config, pytestmark import isctest import isctest.mark @@ -92,7 +92,7 @@ def after_servers_start(ns3, templates): "policy": "nsec3", "key-properties": [ f"csk 0 {RSASHA1.number} 2048 goal:hidden dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent", - f"csk 0 {ALGORITHM} {SIZE} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", + f"csk 0 {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", ], }, id="rsasha1-to-nsec3.kasp", @@ -104,7 +104,7 @@ def after_servers_start(ns3, templates): "policy": "nsec3", "key-properties": [ f"csk 0 {RSASHA1.number} 2048 goal:hidden dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent", - f"csk 0 {ALGORITHM} {SIZE} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", + f"csk 0 {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", ], }, id="rsasha1-to-nsec3-wait.kasp", @@ -115,7 +115,7 @@ def after_servers_start(ns3, templates): "zone": "nsec3-to-rsasha1.kasp", "policy": "rsasha1", "key-properties": [ - f"csk 0 {ALGORITHM} {SIZE} goal:hidden dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent", + f"csk 0 {Algorithm.default().number} {Algorithm.default().bits} goal:hidden dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent", f"csk 0 {RSASHA1.number} 2048 goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", ], }, @@ -127,7 +127,7 @@ def after_servers_start(ns3, templates): "zone": "nsec3-to-rsasha1-ds.kasp", "policy": "rsasha1", "key-properties": [ - f"csk 0 {ALGORITHM} {SIZE} goal:hidden dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent", + f"csk 0 {Algorithm.default().number} {Algorithm.default().bits} goal:hidden dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent", f"csk 0 {RSASHA1.number} 2048 goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", ], }, @@ -139,7 +139,7 @@ def after_servers_start(ns3, templates): "zone": "nsec3-to-nsec.kasp", "policy": "nsec", "key-properties": [ - f"csk 0 {ALGORITHM} {SIZE} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", + f"csk 0 {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", ], }, id="nsec3-to-nsec.kasp", @@ -164,7 +164,7 @@ def test_nsec_case(ns3, params): "zone": "nsec-to-nsec3.kasp", "policy": "nsec3", "key-properties": [ - f"csk 0 {ALGORITHM} {SIZE} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", + f"csk 0 {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", ], }, id="nsec-to-nsec3.kasp", @@ -174,7 +174,7 @@ def test_nsec_case(ns3, params): "zone": "nsec3.kasp", "policy": "nsec3", "key-properties": [ - f"csk 0 {ALGORITHM} {SIZE} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", + f"csk 0 {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", ], }, id="nsec3.kasp", @@ -184,7 +184,7 @@ def test_nsec_case(ns3, params): "zone": "nsec3-dynamic.kasp", "policy": "nsec3", "key-properties": [ - f"csk 0 {ALGORITHM} {SIZE} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", + f"csk 0 {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", ], }, id="nsec3-dynamic.kasp", @@ -198,7 +198,7 @@ def test_nsec_case(ns3, params): "salt-length": 8, }, "key-properties": [ - f"csk 0 {ALGORITHM} {SIZE} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", + f"csk 0 {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", ], }, id="nsec3-dynamic-change.kasp", @@ -208,7 +208,7 @@ def test_nsec_case(ns3, params): "zone": "nsec3-dynamic-to-inline.kasp", "policy": "nsec3", "key-properties": [ - f"csk 0 {ALGORITHM} {SIZE} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", + f"csk 0 {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", ], }, id="nsec3-dynamic-to-inline.kasp", @@ -218,7 +218,7 @@ def test_nsec_case(ns3, params): "zone": "nsec3-inline-to-dynamic.kasp", "policy": "nsec3", "key-properties": [ - f"csk 0 {ALGORITHM} {SIZE} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", + f"csk 0 {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", ], }, id="nsec3-inline-to-dynamic.kasp", @@ -235,7 +235,7 @@ def test_nsec_case(ns3, params): # "salt-length": 0, # }, # "key-properties": [ - # f"csk 0 {ALGORITHM} {SIZE} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", + # f"csk 0 {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", # ], # }, # id="nsec3-to-optout.kasp", @@ -248,7 +248,7 @@ def test_nsec_case(ns3, params): # "zone": "nsec3-from-optout.kasp", # "policy": "optout", # "key-properties": [ - # f"csk 0 {ALGORITHM} {SIZE} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", + # f"csk 0 {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", # ], # }, # id="nsec3-from-optout.kasp", @@ -262,7 +262,7 @@ def test_nsec_case(ns3, params): "salt-length": 8, }, "key-properties": [ - f"csk 0 {ALGORITHM} {SIZE} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", + f"csk 0 {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", ], }, id="nsec3-other.kasp", @@ -286,7 +286,7 @@ def test_nsec3_ent(ns3, templates): "zone": "nsec3-ent.kasp", "policy": "nsec3", "key-properties": [ - f"csk 0 {ALGORITHM} {SIZE} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", + f"csk 0 {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", ], } diff --git a/bin/tests/system/nsec3/tests_nsec3_reload.py b/bin/tests/system/nsec3/tests_nsec3_reload.py index d23d7df64b6..f1d1f996659 100644 --- a/bin/tests/system/nsec3/tests_nsec3_reload.py +++ b/bin/tests/system/nsec3/tests_nsec3_reload.py @@ -18,7 +18,7 @@ import time import dns import pytest -from nsec3.common import ALGORITHM, SIZE, check_nsec3_case +from nsec3.common import check_nsec3_case import isctest @@ -34,13 +34,13 @@ def bootstrap(): } -def test_nsec3_case(ns3): +def test_nsec3_case(ns3, default_algorithm): # Get test parameters. params = { "zone": "nsec3-fails-to-load.kasp", "policy": "nsec3", "key-properties": [ - f"csk 0 {ALGORITHM} {SIZE} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", + f"csk 0 {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", ], } zone = params["zone"] diff --git a/bin/tests/system/nsec3/tests_nsec3_restart.py b/bin/tests/system/nsec3/tests_nsec3_restart.py index 63c65381723..e74ea64780f 100644 --- a/bin/tests/system/nsec3/tests_nsec3_restart.py +++ b/bin/tests/system/nsec3/tests_nsec3_restart.py @@ -17,14 +17,8 @@ import dns import dns.update import pytest -from nsec3.common import ( - ALGORITHM, - SIZE, - check_nsec3_case, - check_nsec3param, - default_config, - pytestmark, -) +from isctest.vars.algorithms import Algorithm +from nsec3.common import check_nsec3_case, check_nsec3param, default_config, pytestmark import isctest import isctest.mark @@ -75,7 +69,7 @@ def perform_nsec3_tests(server, params): "zone": "nsec3.kasp", "policy": "nsec3", "key-properties": [ - f"csk 0 {ALGORITHM} {SIZE} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", + f"csk 0 {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", ], }, id="nsec3.kasp", @@ -89,7 +83,7 @@ def perform_nsec3_tests(server, params): "salt-length": 8, }, "key-properties": [ - f"csk 0 {ALGORITHM} {SIZE} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", + f"csk 0 {Algorithm.default().number} {Algorithm.default().bits} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", ], }, id="nsec3-other.kasp", diff --git a/bin/tests/system/rollover-algo-csk/tests_rollover_algo_csk_reconfig.py b/bin/tests/system/rollover-algo-csk/tests_rollover_algo_csk_reconfig.py index c2d47824ade..8bfd4a3083f 100644 --- a/bin/tests/system/rollover-algo-csk/tests_rollover_algo_csk_reconfig.py +++ b/bin/tests/system/rollover-algo-csk/tests_rollover_algo_csk_reconfig.py @@ -27,9 +27,7 @@ from rollover.common import ( CDSS, DURATION, TIMEDELTA, - alg, pytestmark, - size, ) from rollover.setup import configure_algo_csk, configure_root, configure_tld @@ -87,7 +85,7 @@ def after_servers_start(ns3, templates): param("manual"), ], ) -def test_algoroll_csk_reconfig_step1(tld, ns3, alg, size): +def test_algoroll_csk_reconfig_step1(tld, ns3, default_algorithm): zone = f"step1.csk-algorithm-roll.{tld}" policy = f"{POLICY}-{tld}" @@ -128,7 +126,7 @@ def test_algoroll_csk_reconfig_step1(tld, ns3, alg, size): # The RSASHA keys are outroducing. f"csk 0 8 2048 goal:hidden dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{ALGOROLL_OFFVAL}", # The ECDSAP256SHA256 keys are introducing. - f"csk 0 {alg} {size} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", + f"csk 0 {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", ], # Next key event is when the ecdsa256 keys have been propagated. "nextev": ALGOROLL_IPUB, @@ -145,7 +143,7 @@ def test_algoroll_csk_reconfig_step1(tld, ns3, alg, size): param("manual"), ], ) -def test_algoroll_csk_reconfig_step2(tld, ns3, alg, size): +def test_algoroll_csk_reconfig_step2(tld, ns3, default_algorithm): zone = f"step2.csk-algorithm-roll.{tld}" policy = f"{POLICY}-{tld}" @@ -163,7 +161,7 @@ def test_algoroll_csk_reconfig_step2(tld, ns3, alg, size): f"csk 0 8 2048 goal:hidden dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{ALGOROLL_OFFVAL}", # The ECDSAP256SHA256 keys are introducing. The DNSKEY RRset is # omnipresent, but the zone signatures are not. - f"csk 0 {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:rumoured ds:hidden offset:{ALGOROLL_OFFSETS['step2']}", + f"csk 0 {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:rumoured ds:hidden offset:{ALGOROLL_OFFSETS['step2']}", ], # Next key event is when all zone signatures are signed with the # new algorithm. This is the child publication interval, minus @@ -184,7 +182,7 @@ def test_algoroll_csk_reconfig_step2(tld, ns3, alg, size): param("manual"), ], ) -def test_algoroll_csk_reconfig_step3(tld, ns3, alg, size): +def test_algoroll_csk_reconfig_step3(tld, ns3, default_algorithm): zone = f"step3.csk-algorithm-roll.{tld}" policy = f"{POLICY}-{tld}" @@ -197,7 +195,7 @@ def test_algoroll_csk_reconfig_step3(tld, ns3, alg, size): "cdss": CDSS, "keyprops": [ f"csk 0 8 2048 goal:hidden dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{ALGOROLL_OFFVAL}", - f"csk 0 {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:hidden offset:{ALGOROLL_OFFSETS['step3']}", + f"csk 0 {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:hidden offset:{ALGOROLL_OFFSETS['step3']}", ], "manual-mode": True, "nextev": None, @@ -237,7 +235,7 @@ def test_algoroll_csk_reconfig_step3(tld, ns3, alg, size): "keyprops": [ # The DS can be swapped. f"csk 0 8 2048 goal:hidden dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:unretentive offset:{ALGOROLL_OFFVAL}", - f"csk 0 {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:rumoured offset:{ALGOROLL_OFFSETS['step3']}", + f"csk 0 {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:rumoured offset:{ALGOROLL_OFFSETS['step3']}", ], # Next key event is when the DS becomes OMNIPRESENT. This happens # after the publication interval of the parent side. @@ -258,7 +256,7 @@ def test_algoroll_csk_reconfig_step3(tld, ns3, alg, size): param("manual"), ], ) -def test_algoroll_csk_reconfig_step4(tld, ns3, alg, size): +def test_algoroll_csk_reconfig_step4(tld, ns3, default_algorithm): zone = f"step4.csk-algorithm-roll.{tld}" policy = f"{POLICY}-{tld}" @@ -271,7 +269,7 @@ def test_algoroll_csk_reconfig_step4(tld, ns3, alg, size): "cdss": CDSS, "keyprops": [ f"csk 0 8 2048 goal:hidden dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:hidden offset:{ALGOROLL_OFFVAL}", - f"csk 0 {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{ALGOROLL_OFFSETS['step4']}", + f"csk 0 {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{ALGOROLL_OFFSETS['step4']}", ], "manual-mode": True, "nextev": None, @@ -297,7 +295,7 @@ def test_algoroll_csk_reconfig_step4(tld, ns3, alg, size): "keyprops": [ # The old DS is HIDDEN, we can remove the old algorithm records. f"csk 0 8 2048 goal:hidden dnskey:unretentive krrsig:unretentive zrrsig:unretentive ds:hidden offset:{ALGOROLL_OFFVAL}", - f"csk 0 {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{ALGOROLL_OFFSETS['step4']}", + f"csk 0 {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{ALGOROLL_OFFSETS['step4']}", ], # Next key event is when the old DNSKEY becomes HIDDEN. # This happens after the DNSKEY TTL plus zone propagation delay. @@ -315,7 +313,7 @@ def test_algoroll_csk_reconfig_step4(tld, ns3, alg, size): param("manual"), ], ) -def test_algoroll_csk_reconfig_step5(tld, ns3, alg, size): +def test_algoroll_csk_reconfig_step5(tld, ns3, default_algorithm): zone = f"step5.csk-algorithm-roll.{tld}" policy = f"{POLICY}-{tld}" @@ -329,7 +327,7 @@ def test_algoroll_csk_reconfig_step5(tld, ns3, alg, size): "keyprops": [ # The DNSKEY becomes HIDDEN. f"csk 0 8 2048 goal:hidden dnskey:hidden krrsig:hidden zrrsig:unretentive ds:hidden offset:{ALGOROLL_OFFVAL}", - f"csk 0 {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{ALGOROLL_OFFSETS['step5']}", + f"csk 0 {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{ALGOROLL_OFFSETS['step5']}", ], # Next key event is when the RSASHA signatures become HIDDEN. # This happens after the max-zone-ttl plus zone propagation delay @@ -351,7 +349,7 @@ def test_algoroll_csk_reconfig_step5(tld, ns3, alg, size): param("manual"), ], ) -def test_algoroll_csk_reconfig_step6(tld, ns3, alg, size): +def test_algoroll_csk_reconfig_step6(tld, ns3, default_algorithm): zone = f"step6.csk-algorithm-roll.{tld}" policy = f"{POLICY}-{tld}" @@ -365,7 +363,7 @@ def test_algoroll_csk_reconfig_step6(tld, ns3, alg, size): "keyprops": [ # The zone signatures are now HIDDEN. f"csk 0 8 2048 goal:hidden dnskey:hidden krrsig:hidden zrrsig:hidden ds:hidden offset:{ALGOROLL_OFFVAL}", - f"csk 0 {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{ALGOROLL_OFFSETS['step6']}", + f"csk 0 {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{ALGOROLL_OFFSETS['step6']}", ], # Next key event is never since we established the policy and the # keys have an unlimited lifetime. Fallback to the default diff --git a/bin/tests/system/rollover-algo-ksk-zsk/tests_rollover_algo_ksk_zsk_reconfig.py b/bin/tests/system/rollover-algo-ksk-zsk/tests_rollover_algo_ksk_zsk_reconfig.py index 7d8c169e970..a9f310fccb0 100644 --- a/bin/tests/system/rollover-algo-ksk-zsk/tests_rollover_algo_ksk_zsk_reconfig.py +++ b/bin/tests/system/rollover-algo-ksk-zsk/tests_rollover_algo_ksk_zsk_reconfig.py @@ -27,9 +27,7 @@ from rollover.common import ( CDSS, DURATION, TIMEDELTA, - alg, pytestmark, - size, ) from rollover.setup import configure_algo_ksk_zsk, configure_root, configure_tld @@ -85,7 +83,7 @@ def after_servers_start(ns3, templates): param("manual"), ], ) -def test_algoroll_ksk_zsk_reconfig_step1(tld, ns3, alg, size): +def test_algoroll_ksk_zsk_reconfig_step1(tld, ns3, default_algorithm): zone = f"step1.algorithm-roll.{tld}" policy = f"{POLICY}-{tld}" @@ -130,8 +128,8 @@ def test_algoroll_ksk_zsk_reconfig_step1(tld, ns3, alg, size): f"ksk 0 8 2048 goal:hidden dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{ALGOROLL_OFFVAL}", f"zsk 0 8 2048 goal:hidden dnskey:omnipresent zrrsig:omnipresent offset:{ALGOROLL_OFFVAL}", # The ECDSAP256SHA256 keys are introducing. - f"ksk 0 {alg} {size} goal:omnipresent dnskey:rumoured krrsig:rumoured ds:hidden", - f"zsk 0 {alg} {size} goal:omnipresent dnskey:rumoured zrrsig:rumoured", + f"ksk 0 {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:rumoured krrsig:rumoured ds:hidden", + f"zsk 0 {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:rumoured zrrsig:rumoured", ], # Next key event is when the ecdsa256 keys have been propagated. "nextev": ALGOROLL_IPUB, @@ -148,7 +146,7 @@ def test_algoroll_ksk_zsk_reconfig_step1(tld, ns3, alg, size): param("manual"), ], ) -def test_algoroll_ksk_zsk_reconfig_step2(tld, ns3, alg, size): +def test_algoroll_ksk_zsk_reconfig_step2(tld, ns3, default_algorithm): zone = f"step2.algorithm-roll.{tld}" policy = f"{POLICY}-{tld}" @@ -167,8 +165,8 @@ def test_algoroll_ksk_zsk_reconfig_step2(tld, ns3, alg, size): f"zsk 0 8 2048 goal:hidden dnskey:omnipresent zrrsig:omnipresent offset:{ALGOROLL_OFFVAL}", # The ECDSAP256SHA256 keys are introducing. The DNSKEY RRset is # omnipresent, but the zone signatures are not. - f"ksk 0 {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:hidden offset:{ALGOROLL_OFFSETS['step2']}", - f"zsk 0 {alg} {size} goal:omnipresent dnskey:omnipresent zrrsig:rumoured offset:{ALGOROLL_OFFSETS['step2']}", + f"ksk 0 {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:hidden offset:{ALGOROLL_OFFSETS['step2']}", + f"zsk 0 {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent zrrsig:rumoured offset:{ALGOROLL_OFFSETS['step2']}", ], # Next key event is when all zone signatures are signed with the new # algorithm. This is the max-zone-ttl plus zone propagation delay. But @@ -189,7 +187,7 @@ def test_algoroll_ksk_zsk_reconfig_step2(tld, ns3, alg, size): param("manual"), ], ) -def test_algoroll_ksk_zsk_reconfig_step3(tld, ns3, alg, size): +def test_algoroll_ksk_zsk_reconfig_step3(tld, ns3, default_algorithm): zone = f"step3.algorithm-roll.{tld}" policy = f"{POLICY}-{tld}" @@ -203,8 +201,8 @@ def test_algoroll_ksk_zsk_reconfig_step3(tld, ns3, alg, size): "keyprops": [ f"ksk 0 8 2048 goal:hidden dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{ALGOROLL_OFFVAL}", f"zsk 0 8 2048 goal:hidden dnskey:omnipresent zrrsig:omnipresent offset:{ALGOROLL_OFFVAL}", - f"ksk 0 {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:hidden offset:{ALGOROLL_OFFSETS['step3']}", - f"zsk 0 {alg} {size} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{ALGOROLL_OFFSETS['step3']}", + f"ksk 0 {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:hidden offset:{ALGOROLL_OFFSETS['step3']}", + f"zsk 0 {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{ALGOROLL_OFFSETS['step3']}", ], "manual-mode": True, "nextev": None, @@ -245,8 +243,8 @@ def test_algoroll_ksk_zsk_reconfig_step3(tld, ns3, alg, size): # The DS can be swapped. f"ksk 0 8 2048 goal:hidden dnskey:omnipresent krrsig:omnipresent ds:unretentive offset:{ALGOROLL_OFFVAL}", f"zsk 0 8 2048 goal:hidden dnskey:omnipresent zrrsig:omnipresent offset:{ALGOROLL_OFFVAL}", - f"ksk 0 {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:rumoured offset:{ALGOROLL_OFFSETS['step3']}", - f"zsk 0 {alg} {size} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{ALGOROLL_OFFSETS['step3']}", + f"ksk 0 {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:rumoured offset:{ALGOROLL_OFFSETS['step3']}", + f"zsk 0 {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{ALGOROLL_OFFSETS['step3']}", ], # Next key event is when the DS becomes OMNIPRESENT. This happens # after the retire interval. @@ -267,7 +265,7 @@ def test_algoroll_ksk_zsk_reconfig_step3(tld, ns3, alg, size): param("manual"), ], ) -def test_algoroll_ksk_zsk_reconfig_step4(tld, ns3, alg, size): +def test_algoroll_ksk_zsk_reconfig_step4(tld, ns3, default_algorithm): zone = f"step4.algorithm-roll.{tld}" policy = f"{POLICY}-{tld}" @@ -281,8 +279,8 @@ def test_algoroll_ksk_zsk_reconfig_step4(tld, ns3, alg, size): "keyprops": [ f"ksk 0 8 2048 goal:hidden dnskey:omnipresent krrsig:omnipresent ds:hidden offset:{ALGOROLL_OFFVAL}", f"zsk 0 8 2048 goal:hidden dnskey:omnipresent zrrsig:omnipresent offset:{ALGOROLL_OFFVAL}", - f"ksk 0 {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{ALGOROLL_OFFSETS['step4']}", - f"zsk 0 {alg} {size} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{ALGOROLL_OFFSETS['step4']}", + f"ksk 0 {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{ALGOROLL_OFFSETS['step4']}", + f"zsk 0 {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{ALGOROLL_OFFSETS['step4']}", ], "manual-mode": True, "nextev": None, @@ -312,8 +310,8 @@ def test_algoroll_ksk_zsk_reconfig_step4(tld, ns3, alg, size): # The old DS is HIDDEN, we can remove the old algorithm records. f"ksk 0 8 2048 goal:hidden dnskey:unretentive krrsig:unretentive ds:hidden offset:{ALGOROLL_OFFVAL}", f"zsk 0 8 2048 goal:hidden dnskey:unretentive zrrsig:unretentive offset:{ALGOROLL_OFFVAL}", - f"ksk 0 {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{ALGOROLL_OFFSETS['step4']}", - f"zsk 0 {alg} {size} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{ALGOROLL_OFFSETS['step4']}", + f"ksk 0 {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{ALGOROLL_OFFSETS['step4']}", + f"zsk 0 {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{ALGOROLL_OFFSETS['step4']}", ], # Next key event is when the old DNSKEY becomes HIDDEN. # This happens after the DNSKEY TTL plus zone propagation delay. @@ -331,7 +329,7 @@ def test_algoroll_ksk_zsk_reconfig_step4(tld, ns3, alg, size): param("manual"), ], ) -def test_algoroll_ksk_zsk_reconfig_step5(tld, ns3, alg, size): +def test_algoroll_ksk_zsk_reconfig_step5(tld, ns3, default_algorithm): zone = f"step5.algorithm-roll.{tld}" policy = f"{POLICY}-{tld}" @@ -346,8 +344,8 @@ def test_algoroll_ksk_zsk_reconfig_step5(tld, ns3, alg, size): # The DNSKEY becomes HIDDEN. f"ksk 0 8 2048 goal:hidden dnskey:hidden krrsig:hidden ds:hidden offset:{ALGOROLL_OFFVAL}", f"zsk 0 8 2048 goal:hidden dnskey:hidden zrrsig:unretentive offset:{ALGOROLL_OFFVAL}", - f"ksk 0 {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{ALGOROLL_OFFSETS['step5']}", - f"zsk 0 {alg} {size} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{ALGOROLL_OFFSETS['step5']}", + f"ksk 0 {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{ALGOROLL_OFFSETS['step5']}", + f"zsk 0 {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{ALGOROLL_OFFSETS['step5']}", ], # Next key event is when the RSASHA signatures become HIDDEN. # This happens after the max-zone-ttl plus zone propagation delay @@ -371,7 +369,7 @@ def test_algoroll_ksk_zsk_reconfig_step5(tld, ns3, alg, size): param("manual"), ], ) -def test_algoroll_ksk_zsk_reconfig_step6(tld, ns3, alg, size): +def test_algoroll_ksk_zsk_reconfig_step6(tld, ns3, default_algorithm): zone = f"step6.algorithm-roll.{tld}" policy = f"{POLICY}-{tld}" @@ -386,8 +384,8 @@ def test_algoroll_ksk_zsk_reconfig_step6(tld, ns3, alg, size): # The zone signatures are now HIDDEN. f"ksk 0 8 2048 goal:hidden dnskey:hidden krrsig:hidden ds:hidden offset:{ALGOROLL_OFFVAL}", f"zsk 0 8 2048 goal:hidden dnskey:hidden zrrsig:hidden offset:{ALGOROLL_OFFVAL}", - f"ksk 0 {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{ALGOROLL_OFFSETS['step6']}", - f"zsk 0 {alg} {size} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{ALGOROLL_OFFSETS['step6']}", + f"ksk 0 {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{ALGOROLL_OFFSETS['step6']}", + f"zsk 0 {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{ALGOROLL_OFFSETS['step6']}", ], # Next key event is never since we established the policy and the # keys have an unlimited lifetime. Fallback to the default diff --git a/bin/tests/system/rollover-csk-roll1/tests_rollover_csk_roll1.py b/bin/tests/system/rollover-csk-roll1/tests_rollover_csk_roll1.py index eebeea47234..ce1f94f2e5e 100644 --- a/bin/tests/system/rollover-csk-roll1/tests_rollover_csk_roll1.py +++ b/bin/tests/system/rollover-csk-roll1/tests_rollover_csk_roll1.py @@ -17,7 +17,7 @@ import pytest from isctest.kasp import Ipub, Iret from isctest.util import param -from rollover.common import TIMEDELTA, alg, pytestmark, size +from rollover.common import TIMEDELTA, pytestmark from rollover.setup import configure_cskroll1, configure_root, configure_tld import isctest @@ -92,7 +92,7 @@ def bootstrap(): param("manual"), ], ) -def test_csk_roll1_step1(tld, ns3, alg, size): +def test_csk_roll1_step1(tld, ns3, default_algorithm): zone = f"step1.csk-roll1.{tld}" policy = f"{POLICY}-{tld}" @@ -106,7 +106,7 @@ def test_csk_roll1_step1(tld, ns3, alg, size): "zone": zone, "cdss": CDSS, "keyprops": [ - f"csk {LIFETIME_POLICY} {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{OFFSETS['step1-p']}", + f"csk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{OFFSETS['step1-p']}", ], # Next key event is when the successor CSK needs to be published # minus time already elapsed. This is Lcsk - Ipub + Dreg (we ignore @@ -125,7 +125,7 @@ def test_csk_roll1_step1(tld, ns3, alg, size): param("manual"), ], ) -def test_csk_roll1_step2(tld, alg, size, ns3): +def test_csk_roll1_step2(tld, ns3, default_algorithm): zone = f"step2.csk-roll1.{tld}" policy = f"{POLICY}-{tld}" @@ -137,7 +137,7 @@ def test_csk_roll1_step2(tld, alg, size, ns3): "zone": zone, "cdss": CDSS, "keyprops": [ - f"csk {LIFETIME_POLICY} {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{OFFSETS['step2-p']}", + f"csk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{OFFSETS['step2-p']}", ], "manual-mode": True, "nextev": None, @@ -166,8 +166,8 @@ def test_csk_roll1_step2(tld, alg, size, ns3): "zone": zone, "cdss": CDSS, "keyprops": [ - f"csk {LIFETIME_POLICY} {alg} {size} goal:hidden dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{OFFSETS['step2-p']}", - f"csk {LIFETIME_POLICY} {alg} {size} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:hidden ds:hidden offset:{OFFSETS['step2-s']}", + f"csk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{OFFSETS['step2-p']}", + f"csk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:hidden ds:hidden offset:{OFFSETS['step2-s']}", ], "keyrelationships": [0, 1], # Next key event is when the successor CSK becomes OMNIPRESENT. @@ -185,7 +185,7 @@ def test_csk_roll1_step2(tld, alg, size, ns3): param("manual"), ], ) -def test_csk_roll1_step3(tld, alg, size, ns3): +def test_csk_roll1_step3(tld, ns3, default_algorithm): zone = f"step3.csk-roll1.{tld}" policy = f"{POLICY}-{tld}" @@ -197,8 +197,8 @@ def test_csk_roll1_step3(tld, alg, size, ns3): "zone": zone, "cdss": CDSS, "keyprops": [ - f"csk {LIFETIME_POLICY} {alg} {size} goal:hidden dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{OFFSETS['step3-p']}", - f"csk {LIFETIME_POLICY} {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:hidden ds:hidden offset:{OFFSETS['step3-s']}", + f"csk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{OFFSETS['step3-p']}", + f"csk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:hidden ds:hidden offset:{OFFSETS['step3-s']}", ], "keyrelationships": [0, 1], "manual-mode": True, @@ -249,8 +249,8 @@ def test_csk_roll1_step3(tld, alg, size, ns3): # CSK1 ds: omnipresent -> unretentive # CSK2 ds: hidden -> rumoured "keyprops": [ - f"csk {LIFETIME_POLICY} {alg} {size} goal:hidden dnskey:omnipresent krrsig:omnipresent zrrsig:unretentive ds:unretentive offset:{OFFSETS['step3-p']}", - f"csk {LIFETIME_POLICY} {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:rumoured ds:rumoured offset:{OFFSETS['step3-s']}", + f"csk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:omnipresent krrsig:omnipresent zrrsig:unretentive ds:unretentive offset:{OFFSETS['step3-p']}", + f"csk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:rumoured ds:rumoured offset:{OFFSETS['step3-s']}", ], "keyrelationships": [0, 1], # Next key event is when the predecessor DS has been replaced with @@ -277,7 +277,7 @@ def test_csk_roll1_step3(tld, alg, size, ns3): param("manual"), ], ) -def test_csk_roll1_step4(tld, alg, size, ns3): +def test_csk_roll1_step4(tld, ns3, default_algorithm): zone = f"step4.csk-roll1.{tld}" policy = f"{POLICY}-{tld}" @@ -289,8 +289,8 @@ def test_csk_roll1_step4(tld, alg, size, ns3): "zone": zone, "cdss": CDSS, "keyprops": [ - f"csk {LIFETIME_POLICY} {alg} {size} goal:hidden dnskey:omnipresent krrsig:omnipresent zrrsig:unretentive ds:hidden offset:{OFFSETS['step4-p']}", - f"csk {LIFETIME_POLICY} {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:rumoured ds:omnipresent offset:{OFFSETS['step4-s']}", + f"csk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:omnipresent krrsig:omnipresent zrrsig:unretentive ds:hidden offset:{OFFSETS['step4-p']}", + f"csk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:rumoured ds:omnipresent offset:{OFFSETS['step4-s']}", ], "keyrelationships": [0, 1], "manual-mode": True, @@ -322,8 +322,8 @@ def test_csk_roll1_step4(tld, alg, size, ns3): # CSK1 ds: unretentive -> hidden # CSK2 ds: rumoured -> omnipresent "keyprops": [ - f"csk {LIFETIME_POLICY} {alg} {size} goal:hidden dnskey:omnipresent krrsig:unretentive zrrsig:unretentive ds:hidden offset:{OFFSETS['step4-p']}", - f"csk {LIFETIME_POLICY} {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:rumoured ds:omnipresent offset:{OFFSETS['step4-s']}", + f"csk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:omnipresent krrsig:unretentive zrrsig:unretentive ds:hidden offset:{OFFSETS['step4-p']}", + f"csk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:rumoured ds:omnipresent offset:{OFFSETS['step4-s']}", ], "keyrelationships": [0, 1], # Next key event is when the KRRSIG enters the HIDDEN state. @@ -344,7 +344,7 @@ def test_csk_roll1_step4(tld, alg, size, ns3): param("manual"), ], ) -def test_csk_roll1_step5(tld, alg, size, ns3): +def test_csk_roll1_step5(tld, ns3, default_algorithm): zone = f"step5.csk-roll1.{tld}" policy = f"{POLICY}-{tld}" @@ -358,8 +358,8 @@ def test_csk_roll1_step5(tld, alg, size, ns3): # The predecessor KRRSIG records are now all hidden. # CSK1 krrsig: unretentive -> hidden "keyprops": [ - f"csk {LIFETIME_POLICY} {alg} {size} goal:hidden dnskey:omnipresent krrsig:hidden zrrsig:unretentive ds:hidden offset:{OFFSETS['step5-p']}", - f"csk {LIFETIME_POLICY} {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:rumoured ds:omnipresent offset:{OFFSETS['step5-s']}", + f"csk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:omnipresent krrsig:hidden zrrsig:unretentive ds:hidden offset:{OFFSETS['step5-p']}", + f"csk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:rumoured ds:omnipresent offset:{OFFSETS['step5-s']}", ], "keyrelationships": [0, 1], # Next key event is when the DNSKEY can be removed. This is when @@ -379,7 +379,7 @@ def test_csk_roll1_step5(tld, alg, size, ns3): param("manual"), ], ) -def test_csk_roll1_step6(tld, alg, size, ns3): +def test_csk_roll1_step6(tld, ns3, default_algorithm): zone = f"step6.csk-roll1.{tld}" policy = f"{POLICY}-{tld}" @@ -397,8 +397,8 @@ def test_csk_roll1_step6(tld, alg, size, ns3): # CSK1 zrrsig: unretentive -> hidden # CSK2 zrrsig: rumoured -> omnipresent "keyprops": [ - f"csk {LIFETIME_POLICY} {alg} {size} goal:hidden dnskey:unretentive krrsig:hidden zrrsig:hidden ds:hidden offset:{OFFSETS['step6-p']}", - f"csk {LIFETIME_POLICY} {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{OFFSETS['step6-s']}", + f"csk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:unretentive krrsig:hidden zrrsig:hidden ds:hidden offset:{OFFSETS['step6-p']}", + f"csk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{OFFSETS['step6-s']}", ], "keyrelationships": [0, 1], # Next key event is when the DNSKEY enters the HIDDEN state. @@ -417,7 +417,7 @@ def test_csk_roll1_step6(tld, alg, size, ns3): param("manual"), ], ) -def test_csk_roll1_step7(tld, alg, size, ns3): +def test_csk_roll1_step7(tld, ns3, default_algorithm): zone = f"step7.csk-roll1.{tld}" policy = f"{POLICY}-{tld}" @@ -430,8 +430,8 @@ def test_csk_roll1_step7(tld, alg, size, ns3): "cdss": CDSS, # The predecessor CSK is now completely HIDDEN. "keyprops": [ - f"csk {LIFETIME_POLICY} {alg} {size} goal:hidden dnskey:hidden krrsig:hidden zrrsig:hidden ds:hidden offset:{OFFSETS['step7-p']}", - f"csk {LIFETIME_POLICY} {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{OFFSETS['step7-s']}", + f"csk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:hidden krrsig:hidden zrrsig:hidden ds:hidden offset:{OFFSETS['step7-p']}", + f"csk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{OFFSETS['step7-s']}", ], "keyrelationships": [0, 1], # Next key event is when the new successor needs to be published. @@ -451,7 +451,7 @@ def test_csk_roll1_step7(tld, alg, size, ns3): param("manual"), ], ) -def test_csk_roll1_step8(tld, alg, size, ns3): +def test_csk_roll1_step8(tld, ns3, default_algorithm): zone = f"step8.csk-roll1.{tld}" policy = f"{POLICY}-{tld}" @@ -463,7 +463,7 @@ def test_csk_roll1_step8(tld, alg, size, ns3): "zone": zone, "cdss": CDSS, "keyprops": [ - f"csk {LIFETIME_POLICY} {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{OFFSETS['step8-s']}", + f"csk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{OFFSETS['step8-s']}", ], "nextev": None, } diff --git a/bin/tests/system/rollover-csk-roll2/tests_rollover_csk_roll2.py b/bin/tests/system/rollover-csk-roll2/tests_rollover_csk_roll2.py index 9993b83ecdc..b63c59b35dd 100644 --- a/bin/tests/system/rollover-csk-roll2/tests_rollover_csk_roll2.py +++ b/bin/tests/system/rollover-csk-roll2/tests_rollover_csk_roll2.py @@ -17,7 +17,7 @@ import pytest from isctest.kasp import Ipub, Iret from isctest.util import param -from rollover.common import TIMEDELTA, alg, pytestmark, size +from rollover.common import TIMEDELTA, pytestmark from rollover.setup import configure_cskroll2, configure_root, configure_tld import isctest @@ -95,7 +95,7 @@ def bootstrap(): param("manual"), ], ) -def test_csk_roll2_step1(tld, alg, size, ns3): +def test_csk_roll2_step1(tld, ns3, default_algorithm): zone = f"step1.csk-roll2.{tld}" policy = f"{POLICY}-{tld}" @@ -109,7 +109,7 @@ def test_csk_roll2_step1(tld, alg, size, ns3): "zone": zone, "cdss": CDSS, "keyprops": [ - f"csk {LIFETIME_POLICY} {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{OFFSETS['step1-p']}", + f"csk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{OFFSETS['step1-p']}", ], # Next key event is when the successor CSK needs to be published # minus time already elapsed. This is Lcsk - Ipub + Dreg (we ignore @@ -128,7 +128,7 @@ def test_csk_roll2_step1(tld, alg, size, ns3): param("manual"), ], ) -def test_csk_roll2_step2(tld, alg, size, ns3): +def test_csk_roll2_step2(tld, ns3, default_algorithm): zone = f"step2.csk-roll2.{tld}" policy = f"{POLICY}-{tld}" @@ -140,7 +140,7 @@ def test_csk_roll2_step2(tld, alg, size, ns3): "zone": zone, "cdss": CDSS, "keyprops": [ - f"csk {LIFETIME_POLICY} {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{OFFSETS['step2-p']}", + f"csk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{OFFSETS['step2-p']}", ], "manual-mode": True, "nextev": None, @@ -169,8 +169,8 @@ def test_csk_roll2_step2(tld, alg, size, ns3): "zone": zone, "cdss": CDSS, "keyprops": [ - f"csk {LIFETIME_POLICY} {alg} {size} goal:hidden dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{OFFSETS['step2-p']}", - f"csk {LIFETIME_POLICY} {alg} {size} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:hidden ds:hidden offset:{OFFSETS['step2-s']}", + f"csk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{OFFSETS['step2-p']}", + f"csk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:hidden ds:hidden offset:{OFFSETS['step2-s']}", ], "keyrelationships": [0, 1], # Next key event is when the successor CSK becomes OMNIPRESENT. @@ -188,7 +188,7 @@ def test_csk_roll2_step2(tld, alg, size, ns3): param("manual"), ], ) -def test_csk_roll2_step3(tld, alg, size, ns3): +def test_csk_roll2_step3(tld, ns3, default_algorithm): zone = f"step3.csk-roll2.{tld}" policy = f"{POLICY}-{tld}" @@ -200,8 +200,8 @@ def test_csk_roll2_step3(tld, alg, size, ns3): "zone": zone, "cdss": CDSS, "keyprops": [ - f"csk {LIFETIME_POLICY} {alg} {size} goal:hidden dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{OFFSETS['step3-p']}", - f"csk {LIFETIME_POLICY} {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:hidden ds:hidden offset:{OFFSETS['step3-s']}", + f"csk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{OFFSETS['step3-p']}", + f"csk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:hidden ds:hidden offset:{OFFSETS['step3-s']}", ], "keyrelationships": [0, 1], "manual-mode": True, @@ -252,8 +252,8 @@ def test_csk_roll2_step3(tld, alg, size, ns3): # CSK1 ds: omnipresent -> unretentive # CSK2 ds: hidden -> rumoured "keyprops": [ - f"csk {LIFETIME_POLICY} {alg} {size} goal:hidden dnskey:omnipresent krrsig:omnipresent zrrsig:unretentive ds:unretentive offset:{OFFSETS['step3-p']}", - f"csk {LIFETIME_POLICY} {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:rumoured ds:rumoured offset:{OFFSETS['step3-s']}", + f"csk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:omnipresent krrsig:omnipresent zrrsig:unretentive ds:unretentive offset:{OFFSETS['step3-p']}", + f"csk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:rumoured ds:rumoured offset:{OFFSETS['step3-s']}", ], "keyrelationships": [0, 1], # Next key event is when the predecessor DS has been replaced with @@ -280,7 +280,7 @@ def test_csk_roll2_step3(tld, alg, size, ns3): param("manual"), ], ) -def test_csk_roll2_step4(tld, alg, size, ns3): +def test_csk_roll2_step4(tld, ns3, default_algorithm): zone = f"step4.csk-roll2.{tld}" policy = f"{POLICY}-{tld}" @@ -296,8 +296,8 @@ def test_csk_roll2_step4(tld, alg, size, ns3): # CSK1 zrrsig: unretentive -> hidden # CSK2 zrrsig: rumoured -> omnipresent "keyprops": [ - f"csk {LIFETIME_POLICY} {alg} {size} goal:hidden dnskey:omnipresent krrsig:omnipresent zrrsig:hidden ds:unretentive offset:{OFFSETS['step4-p']}", - f"csk {LIFETIME_POLICY} {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:rumoured offset:{OFFSETS['step4-s']}", + f"csk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:omnipresent krrsig:omnipresent zrrsig:hidden ds:unretentive offset:{OFFSETS['step4-p']}", + f"csk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:rumoured offset:{OFFSETS['step4-s']}", ], "keyrelationships": [0, 1], # Next key event is when the predecessor DS has been replaced with @@ -321,7 +321,7 @@ def test_csk_roll2_step4(tld, alg, size, ns3): param("manual"), ], ) -def test_csk_roll2_step5(tld, alg, size, ns3): +def test_csk_roll2_step5(tld, ns3, default_algorithm): zone = f"step5.csk-roll2.{tld}" policy = f"{POLICY}-{tld}" @@ -333,8 +333,8 @@ def test_csk_roll2_step5(tld, alg, size, ns3): "zone": zone, "cdss": CDSS, "keyprops": [ - f"csk {LIFETIME_POLICY} {alg} {size} goal:hidden dnskey:omnipresent krrsig:omnipresent zrrsig:hidden ds:hidden offset:{OFFSETS['step5-p']}", - f"csk {LIFETIME_POLICY} {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{OFFSETS['step5-s']}", + f"csk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:omnipresent krrsig:omnipresent zrrsig:hidden ds:hidden offset:{OFFSETS['step5-p']}", + f"csk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{OFFSETS['step5-s']}", ], "keyrelationships": [0, 1], "manual-mode": True, @@ -367,8 +367,8 @@ def test_csk_roll2_step5(tld, alg, size, ns3): # The successor key is now fully OMNIPRESENT. # CSK2 ds: rumoured -> omnipresent "keyprops": [ - f"csk {LIFETIME_POLICY} {alg} {size} goal:hidden dnskey:unretentive krrsig:unretentive zrrsig:hidden ds:hidden offset:{OFFSETS['step5-p']}", - f"csk {LIFETIME_POLICY} {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{OFFSETS['step5-s']}", + f"csk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:unretentive krrsig:unretentive zrrsig:hidden ds:hidden offset:{OFFSETS['step5-p']}", + f"csk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{OFFSETS['step5-s']}", ], "keyrelationships": [0, 1], # Next key event is when the DNSKEY enters the HIDDEN state. @@ -387,7 +387,7 @@ def test_csk_roll2_step5(tld, alg, size, ns3): param("manual"), ], ) -def test_csk_roll2_step6(tld, alg, size, ns3): +def test_csk_roll2_step6(tld, ns3, default_algorithm): zone = f"step6.csk-roll2.{tld}" policy = f"{POLICY}-{tld}" @@ -402,8 +402,8 @@ def test_csk_roll2_step6(tld, alg, size, ns3): # CSK1 dnskey: unretentive -> hidden # CSK1 krrsig: unretentive -> hidden "keyprops": [ - f"csk {LIFETIME_POLICY} {alg} {size} goal:hidden dnskey:hidden krrsig:hidden zrrsig:hidden ds:hidden offset:{OFFSETS['step6-p']}", - f"csk {LIFETIME_POLICY} {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{OFFSETS['step6-s']}", + f"csk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:hidden krrsig:hidden zrrsig:hidden ds:hidden offset:{OFFSETS['step6-p']}", + f"csk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{OFFSETS['step6-s']}", ], "keyrelationships": [0, 1], # Next key event is when the new successor needs to be published. @@ -424,7 +424,7 @@ def test_csk_roll2_step6(tld, alg, size, ns3): param("manual"), ], ) -def test_csk_roll2_step7(tld, alg, size, ns3): +def test_csk_roll2_step7(tld, ns3, default_algorithm): zone = f"step7.csk-roll2.{tld}" policy = f"{POLICY}-{tld}" @@ -437,8 +437,8 @@ def test_csk_roll2_step7(tld, alg, size, ns3): "cdss": CDSS, # The predecessor CSK is now completely HIDDEN. "keyprops": [ - f"csk {LIFETIME_POLICY} {alg} {size} goal:hidden dnskey:hidden krrsig:hidden zrrsig:hidden ds:hidden offset:{OFFSETS['step7-p']}", - f"csk {LIFETIME_POLICY} {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{OFFSETS['step7-s']}", + f"csk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:hidden krrsig:hidden zrrsig:hidden ds:hidden offset:{OFFSETS['step7-p']}", + f"csk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{OFFSETS['step7-s']}", ], "keyrelationships": [0, 1], "nextev": None, diff --git a/bin/tests/system/rollover-dynamic2inline/tests_rollover_dynamic2inline.py b/bin/tests/system/rollover-dynamic2inline/tests_rollover_dynamic2inline.py index 946a7c14201..925b0b0b1cb 100644 --- a/bin/tests/system/rollover-dynamic2inline/tests_rollover_dynamic2inline.py +++ b/bin/tests/system/rollover-dynamic2inline/tests_rollover_dynamic2inline.py @@ -11,12 +11,12 @@ # pylint: disable=redefined-outer-name,unused-import -from rollover.common import CDSS, DEFAULT_CONFIG, alg, pytestmark, size +from rollover.common import CDSS, DEFAULT_CONFIG, pytestmark import isctest -def test_dynamic2inline(alg, size, ns3, templates): +def test_dynamic2inline(ns3, default_algorithm, templates): config = DEFAULT_CONFIG policy = "default" zone = "dynamic2inline.kasp" @@ -27,7 +27,7 @@ def test_dynamic2inline(alg, size, ns3, templates): "zone": zone, "cdss": CDSS, "keyprops": [ - f"csk unlimited {alg} {size} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", + f"csk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", ], "nextev": None, } diff --git a/bin/tests/system/rollover-enable-dnssec/tests_rollover_enable_dnssec.py b/bin/tests/system/rollover-enable-dnssec/tests_rollover_enable_dnssec.py index 30d24e403ca..c6a616b6c44 100644 --- a/bin/tests/system/rollover-enable-dnssec/tests_rollover_enable_dnssec.py +++ b/bin/tests/system/rollover-enable-dnssec/tests_rollover_enable_dnssec.py @@ -15,7 +15,7 @@ import pytest from isctest.kasp import Ipub, IpubC, Iret from isctest.util import param -from rollover.common import CDSS, TIMEDELTA, alg, pytestmark, size +from rollover.common import CDSS, TIMEDELTA, pytestmark from rollover.setup import configure_enable_dnssec, configure_root, configure_tld import isctest @@ -74,7 +74,7 @@ def bootstrap(): param("manual"), ], ) -def test_rollover_enable_dnssec_step1(tld, alg, size, ns3): +def test_rollover_enable_dnssec_step1(tld, default_algorithm, ns3): zone = f"step1.enable-dnssec.{tld}" policy = f"{POLICY}-{tld}" @@ -105,7 +105,7 @@ def test_rollover_enable_dnssec_step1(tld, alg, size, ns3): "zone": zone, "cdss": CDSS, "keyprops": [ - f"csk unlimited {alg} {size} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden offset:{OFFSETS['step1']}", + f"csk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden offset:{OFFSETS['step1']}", ], # Next key event is when the DNSKEY RRset becomes OMNIPRESENT, # after the publication interval. @@ -123,7 +123,7 @@ def test_rollover_enable_dnssec_step1(tld, alg, size, ns3): param("manual"), ], ) -def test_rollover_enable_dnssec_step2(tld, alg, size, ns3): +def test_rollover_enable_dnssec_step2(tld, default_algorithm, ns3): zone = f"step2.enable-dnssec.{tld}" policy = f"{POLICY}-{tld}" @@ -139,7 +139,7 @@ def test_rollover_enable_dnssec_step2(tld, alg, size, ns3): # dnskey: rumoured -> omnipresent # krrsig: rumoured -> omnipresent "keyprops": [ - f"csk unlimited {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:rumoured ds:hidden offset:{OFFSETS['step2']}", + f"csk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:rumoured ds:hidden offset:{OFFSETS['step2']}", ], # Next key event is when the zone signatures become OMNIPRESENT, # Minus the time already elapsed. @@ -157,7 +157,7 @@ def test_rollover_enable_dnssec_step2(tld, alg, size, ns3): param("manual"), ], ) -def test_rollover_enable_dnssec_step3(tld, alg, size, ns3): +def test_rollover_enable_dnssec_step3(tld, default_algorithm, ns3): zone = f"step3.enable-dnssec.{tld}" policy = f"{POLICY}-{tld}" @@ -169,7 +169,7 @@ def test_rollover_enable_dnssec_step3(tld, alg, size, ns3): "zone": zone, "cdss": CDSS, "keyprops": [ - f"csk unlimited {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:hidden offset:{OFFSETS['step3']}", + f"csk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:hidden offset:{OFFSETS['step3']}", ], "manual-mode": True, "nextev": None, @@ -195,7 +195,7 @@ def test_rollover_enable_dnssec_step3(tld, alg, size, ns3): # zrrsig: rumoured -> omnipresent # ds: hidden -> rumoured "keyprops": [ - f"csk unlimited {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:rumoured offset:{OFFSETS['step3']}", + f"csk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:rumoured offset:{OFFSETS['step3']}", ], # Next key event is when the DS can move to the OMNIPRESENT state. # This is after the retire interval. @@ -216,7 +216,7 @@ def test_rollover_enable_dnssec_step3(tld, alg, size, ns3): param("manual"), ], ) -def test_rollover_enable_dnssec_step4(tld, alg, size, ns3): +def test_rollover_enable_dnssec_step4(tld, default_algorithm, ns3): zone = f"step4.enable-dnssec.{tld}" policy = f"{POLICY}-{tld}" @@ -230,7 +230,7 @@ def test_rollover_enable_dnssec_step4(tld, alg, size, ns3): # DS has been published long enough. # ds: rumoured -> omnipresent "keyprops": [ - f"csk unlimited {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{OFFSETS['step4']}", + f"csk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{OFFSETS['step4']}", ], # Next key event is never, the zone dnssec-policy has been # established. So we fall back to the default loadkeys interval. diff --git a/bin/tests/system/rollover-going-insecure/tests_rollover_going_insecure_initial.py b/bin/tests/system/rollover-going-insecure/tests_rollover_going_insecure_initial.py index a521948fc23..9e697156a66 100644 --- a/bin/tests/system/rollover-going-insecure/tests_rollover_going_insecure_initial.py +++ b/bin/tests/system/rollover-going-insecure/tests_rollover_going_insecure_initial.py @@ -13,7 +13,7 @@ import pytest -from rollover.common import CDSS, DURATION, UNSIGNING_CONFIG, alg, pytestmark, size +from rollover.common import CDSS, DURATION, UNSIGNING_CONFIG, pytestmark from rollover.setup import configure_going_insecure, configure_root, configure_tld import isctest @@ -43,7 +43,7 @@ def bootstrap(): "going-insecure-dynamic.kasp", ], ) -def test_going_insecure_initial(zone, ns3, alg, size): +def test_going_insecure_initial(zone, ns3, default_algorithm): config = UNSIGNING_CONFIG policy = "unsigning" zone = f"step1.{zone}" @@ -54,8 +54,8 @@ def test_going_insecure_initial(zone, ns3, alg, size): "zone": zone, "cdss": CDSS, "keyprops": [ - f"ksk 0 {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{-DURATION['P10D']}", - f"zsk {DURATION['P60D']} {alg} {size} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{-DURATION['P10D']}", + f"ksk 0 {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{-DURATION['P10D']}", + f"zsk {DURATION['P60D']} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{-DURATION['P10D']}", ], "nextev": None, } diff --git a/bin/tests/system/rollover-going-insecure/tests_rollover_going_insecure_reconfig.py b/bin/tests/system/rollover-going-insecure/tests_rollover_going_insecure_reconfig.py index 9fb23b19877..9abff654fd7 100644 --- a/bin/tests/system/rollover-going-insecure/tests_rollover_going_insecure_reconfig.py +++ b/bin/tests/system/rollover-going-insecure/tests_rollover_going_insecure_reconfig.py @@ -13,15 +13,7 @@ import pytest -from rollover.common import ( - CDSS, - DEFAULT_CONFIG, - DURATION, - UNSIGNING_CONFIG, - alg, - pytestmark, - size, -) +from rollover.common import CDSS, DEFAULT_CONFIG, DURATION, UNSIGNING_CONFIG, pytestmark from rollover.setup import configure_going_insecure, configure_root, configure_tld import isctest @@ -57,7 +49,7 @@ def after_servers_start(ns3, templates): "going-insecure-dynamic.kasp", ], ) -def test_going_insecure_reconfig_step1(zone, alg, size, ns3): +def test_going_insecure_reconfig_step1(zone, ns3, default_algorithm): config = DEFAULT_CONFIG policy = "insecure" szone = f"step1.{zone}" @@ -70,8 +62,8 @@ def test_going_insecure_reconfig_step1(zone, alg, size, ns3): "zone": szone, "cdss": CDSS, "keyprops": [ - f"ksk 0 {alg} {size} goal:hidden dnskey:omnipresent krrsig:omnipresent ds:unretentive offset:{-DURATION['P10D']}", - f"zsk {DURATION['P60D']} {alg} {size} goal:hidden dnskey:omnipresent zrrsig:omnipresent offset:{-DURATION['P10D']}", + f"ksk 0 {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:omnipresent krrsig:omnipresent ds:unretentive offset:{-DURATION['P10D']}", + f"zsk {DURATION['P60D']} {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:omnipresent zrrsig:omnipresent offset:{-DURATION['P10D']}", ], # Next key event is when the DS becomes HIDDEN. This # happens after the# parent propagation delay plus DS TTL. @@ -100,7 +92,7 @@ def test_going_insecure_reconfig_step1(zone, alg, size, ns3): "going-insecure-dynamic.kasp", ], ) -def test_going_insecure_reconfig_step2(zone, alg, size, ns3): +def test_going_insecure_reconfig_step2(zone, ns3, default_algorithm): config = DEFAULT_CONFIG policy = "insecure" zone = f"step2.{zone}" @@ -114,8 +106,8 @@ def test_going_insecure_reconfig_step2(zone, alg, size, ns3): "zone": zone, "cdss": CDSS, "keyprops": [ - f"ksk 0 {alg} {size} goal:hidden dnskey:unretentive krrsig:unretentive ds:hidden offset:{-DURATION['P10D']}", - f"zsk {DURATION['P60D']} {alg} {size} goal:hidden dnskey:unretentive zrrsig:unretentive offset:{-DURATION['P10D']}", + f"ksk 0 {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:unretentive krrsig:unretentive ds:hidden offset:{-DURATION['P10D']}", + f"zsk {DURATION['P60D']} {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:unretentive zrrsig:unretentive offset:{-DURATION['P10D']}", ], # Next key event is when the DNSKEY becomes HIDDEN. # This happens after the propagation delay, plus DNSKEY TTL. diff --git a/bin/tests/system/rollover-ksk-3crowd/tests_rollover_three_is_a_crowd.py b/bin/tests/system/rollover-ksk-3crowd/tests_rollover_three_is_a_crowd.py index 07710d19b07..a7580640911 100644 --- a/bin/tests/system/rollover-ksk-3crowd/tests_rollover_three_is_a_crowd.py +++ b/bin/tests/system/rollover-ksk-3crowd/tests_rollover_three_is_a_crowd.py @@ -19,9 +19,7 @@ from rollover.common import ( KSK_IPUB, KSK_IRET, KSK_LIFETIME_POLICY, - alg, pytestmark, - size, ) from rollover.setup import configure_ksk_3crowd, configure_root, configure_tld @@ -51,7 +49,7 @@ def bootstrap(): return data -def test_rollover_ksk_three_is_a_crowd(alg, size, ns3): +def test_rollover_ksk_three_is_a_crowd(ns3, default_algorithm): """Test #2375: Scheduled rollovers are happening faster than they can finish.""" zone = "three-is-a-crowd.kasp" @@ -61,9 +59,9 @@ def test_rollover_ksk_three_is_a_crowd(alg, size, ns3): "zone": zone, "cdss": CDSS, "keyprops": [ - f"ksk {KSK_LIFETIME_POLICY} {alg} {size} goal:hidden dnskey:omnipresent krrsig:omnipresent ds:unretentive offset:{OFFSET1}", - f"ksk {KSK_LIFETIME_POLICY} {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:rumoured offset:{OFFSET2}", - f"zsk unlimited {alg} {size} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{OFFSET1}", + f"ksk {KSK_LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:omnipresent krrsig:omnipresent ds:unretentive offset:{OFFSET1}", + f"ksk {KSK_LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:rumoured offset:{OFFSET2}", + f"zsk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{OFFSET1}", ], "keyrelationships": [0, 1], } @@ -84,10 +82,10 @@ def test_rollover_ksk_three_is_a_crowd(alg, size, ns3): "zone": zone, "cdss": CDSS, "keyprops": [ - f"ksk {KSK_LIFETIME_POLICY} {alg} {size} goal:hidden dnskey:omnipresent krrsig:omnipresent ds:unretentive offset:{OFFSET1}", - f"ksk {KSK_LIFETIME_POLICY} {alg} {size} goal:hidden dnskey:omnipresent krrsig:omnipresent ds:rumoured offset:{OFFSET2}", - f"ksk {KSK_LIFETIME_POLICY} {alg} {size} goal:omnipresent dnskey:rumoured krrsig:rumoured ds:hidden offset:0", - f"zsk unlimited {alg} {size} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{OFFSET1}", + f"ksk {KSK_LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:omnipresent krrsig:omnipresent ds:unretentive offset:{OFFSET1}", + f"ksk {KSK_LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:omnipresent krrsig:omnipresent ds:rumoured offset:{OFFSET2}", + f"ksk {KSK_LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:rumoured krrsig:rumoured ds:hidden offset:0", + f"zsk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{OFFSET1}", ], "check-keytimes": False, # checked manually with modified values } diff --git a/bin/tests/system/rollover-ksk-doubleksk/tests_rollover_ksk_doubleksk.py b/bin/tests/system/rollover-ksk-doubleksk/tests_rollover_ksk_doubleksk.py index 8eccb702d72..5c4e58c2086 100644 --- a/bin/tests/system/rollover-ksk-doubleksk/tests_rollover_ksk_doubleksk.py +++ b/bin/tests/system/rollover-ksk-doubleksk/tests_rollover_ksk_doubleksk.py @@ -25,9 +25,7 @@ from rollover.common import ( KSK_LIFETIME, KSK_LIFETIME_POLICY, TIMEDELTA, - alg, pytestmark, - size, ) from rollover.setup import configure_ksk_doubleksk, configure_root, configure_tld @@ -80,7 +78,7 @@ def bootstrap(): param("manual"), ], ) -def test_ksk_doubleksk_step1(tld, alg, size, ns3): +def test_ksk_doubleksk_step1(tld, ns3, default_algorithm): zone = f"step1.ksk-doubleksk.{tld}" policy = f"{POLICY}-{tld}" @@ -94,8 +92,8 @@ def test_ksk_doubleksk_step1(tld, alg, size, ns3): "zone": zone, "cdss": CDSS, "keyprops": [ - f"zsk unlimited {alg} {size} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{OFFSETS['step1-p']}", - f"ksk {KSK_LIFETIME_POLICY} {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{OFFSETS['step1-p']}", + f"zsk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{OFFSETS['step1-p']}", + f"ksk {KSK_LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{OFFSETS['step1-p']}", ], # Next key event is when the successor KSK needs to be published. # That is the KSK lifetime - prepublication time (minus time @@ -114,7 +112,7 @@ def test_ksk_doubleksk_step1(tld, alg, size, ns3): param("manual"), ], ) -def test_ksk_doubleksk_step2(tld, alg, size, ns3): +def test_ksk_doubleksk_step2(tld, ns3, default_algorithm): zone = f"step2.ksk-doubleksk.{tld}" policy = f"{POLICY}-{tld}" @@ -126,8 +124,8 @@ def test_ksk_doubleksk_step2(tld, alg, size, ns3): "zone": zone, "cdss": CDSS, "keyprops": [ - f"zsk unlimited {alg} {size} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{OFFSETS['step2-p']}", - f"ksk {KSK_LIFETIME_POLICY} {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{OFFSETS['step2-p']}", + f"zsk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{OFFSETS['step2-p']}", + f"ksk {KSK_LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{OFFSETS['step2-p']}", ], "manual-mode": True, "nextev": None, @@ -155,9 +153,9 @@ def test_ksk_doubleksk_step2(tld, alg, size, ns3): "zone": zone, "cdss": CDSS, "keyprops": [ - f"zsk unlimited {alg} {size} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{OFFSETS['step2-p']}", - f"ksk {KSK_LIFETIME_POLICY} {alg} {size} goal:hidden dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{OFFSETS['step2-p']}", - f"ksk {KSK_LIFETIME_POLICY} {alg} {size} goal:omnipresent dnskey:rumoured krrsig:rumoured ds:hidden offset:{OFFSETS['step2-s']}", + f"zsk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{OFFSETS['step2-p']}", + f"ksk {KSK_LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{OFFSETS['step2-p']}", + f"ksk {KSK_LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:rumoured krrsig:rumoured ds:hidden offset:{OFFSETS['step2-s']}", ], "keyrelationships": [1, 2], # Next key event is when the successor KSK becomes OMNIPRESENT. @@ -175,7 +173,7 @@ def test_ksk_doubleksk_step2(tld, alg, size, ns3): param("manual"), ], ) -def test_ksk_doubleksk_step3(tld, alg, size, ns3): +def test_ksk_doubleksk_step3(tld, ns3, default_algorithm): zone = f"step3.ksk-doubleksk.{tld}" policy = f"{POLICY}-{tld}" @@ -187,9 +185,9 @@ def test_ksk_doubleksk_step3(tld, alg, size, ns3): "zone": zone, "cdss": CDSS, "keyprops": [ - f"zsk unlimited {alg} {size} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{OFFSETS['step3-p']}", - f"ksk {KSK_LIFETIME_POLICY} {alg} {size} goal:hidden dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{OFFSETS['step3-p']}", - f"ksk {KSK_LIFETIME_POLICY} {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:hidden offset:{OFFSETS['step3-s']}", + f"zsk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{OFFSETS['step3-p']}", + f"ksk {KSK_LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{OFFSETS['step3-p']}", + f"ksk {KSK_LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:hidden offset:{OFFSETS['step3-s']}", ], "keyrelationships": [1, 2], "manual-mode": True, @@ -234,9 +232,9 @@ def test_ksk_doubleksk_step3(tld, alg, size, ns3): "zone": zone, "cdss": CDSS, "keyprops": [ - f"zsk unlimited {alg} {size} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{OFFSETS['step3-p']}", - f"ksk {KSK_LIFETIME_POLICY} {alg} {size} goal:hidden dnskey:omnipresent krrsig:omnipresent ds:unretentive offset:{OFFSETS['step3-p']}", - f"ksk {KSK_LIFETIME_POLICY} {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:rumoured offset:{OFFSETS['step3-s']}", + f"zsk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{OFFSETS['step3-p']}", + f"ksk {KSK_LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:omnipresent krrsig:omnipresent ds:unretentive offset:{OFFSETS['step3-p']}", + f"ksk {KSK_LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:rumoured offset:{OFFSETS['step3-s']}", ], "keyrelationships": [1, 2], # Next key event is when the predecessor DS has been replaced with @@ -260,7 +258,7 @@ def test_ksk_doubleksk_step3(tld, alg, size, ns3): param("manual"), ], ) -def test_ksk_doubleksk_step4(tld, alg, size, ns3): +def test_ksk_doubleksk_step4(tld, ns3, default_algorithm): zone = f"step4.ksk-doubleksk.{tld}" policy = f"{POLICY}-{tld}" @@ -272,9 +270,9 @@ def test_ksk_doubleksk_step4(tld, alg, size, ns3): "zone": zone, "cdss": CDSS, "keyprops": [ - f"zsk unlimited {alg} {size} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{OFFSETS['step4-p']}", - f"ksk {KSK_LIFETIME_POLICY} {alg} {size} goal:hidden dnskey:omnipresent krrsig:omnipresent ds:hidden offset:{OFFSETS['step4-p']}", - f"ksk {KSK_LIFETIME_POLICY} {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{OFFSETS['step4-s']}", + f"zsk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{OFFSETS['step4-p']}", + f"ksk {KSK_LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:omnipresent krrsig:omnipresent ds:hidden offset:{OFFSETS['step4-p']}", + f"ksk {KSK_LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{OFFSETS['step4-s']}", ], "keyrelationships": [1, 2], "manual-mode": True, @@ -307,9 +305,9 @@ def test_ksk_doubleksk_step4(tld, alg, size, ns3): "zone": zone, "cdss": CDSS, "keyprops": [ - f"zsk unlimited {alg} {size} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{OFFSETS['step4-p']}", - f"ksk {KSK_LIFETIME_POLICY} {alg} {size} goal:hidden dnskey:unretentive krrsig:unretentive ds:hidden offset:{OFFSETS['step4-p']}", - f"ksk {KSK_LIFETIME_POLICY} {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{OFFSETS['step4-s']}", + f"zsk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{OFFSETS['step4-p']}", + f"ksk {KSK_LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:unretentive krrsig:unretentive ds:hidden offset:{OFFSETS['step4-p']}", + f"ksk {KSK_LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{OFFSETS['step4-s']}", ], "keyrelationships": [1, 2], # Next key event is when the DNSKEY enters the HIDDEN state. @@ -328,7 +326,7 @@ def test_ksk_doubleksk_step4(tld, alg, size, ns3): param("manual"), ], ) -def test_ksk_doubleksk_step5(tld, alg, size, ns3): +def test_ksk_doubleksk_step5(tld, ns3, default_algorithm): zone = f"step5.ksk-doubleksk.{tld}" policy = f"{POLICY}-{tld}" @@ -344,9 +342,9 @@ def test_ksk_doubleksk_step5(tld, alg, size, ns3): "zone": zone, "cdss": CDSS, "keyprops": [ - f"zsk unlimited {alg} {size} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{OFFSETS['step5-p']}", - f"ksk {KSK_LIFETIME_POLICY} {alg} {size} goal:hidden dnskey:hidden krrsig:hidden ds:hidden offset:{OFFSETS['step5-p']}", - f"ksk {KSK_LIFETIME_POLICY} {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{OFFSETS['step5-s']}", + f"zsk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{OFFSETS['step5-p']}", + f"ksk {KSK_LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:hidden krrsig:hidden ds:hidden offset:{OFFSETS['step5-p']}", + f"ksk {KSK_LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{OFFSETS['step5-s']}", ], "keyrelationships": [1, 2], # Next key event is when the new successor needs to be published. @@ -367,7 +365,7 @@ def test_ksk_doubleksk_step5(tld, alg, size, ns3): param("manual"), ], ) -def test_ksk_doubleksk_step6(tld, alg, size, ns3): +def test_ksk_doubleksk_step6(tld, ns3, default_algorithm): zone = f"step6.ksk-doubleksk.{tld}" policy = f"{POLICY}-{tld}" @@ -380,8 +378,8 @@ def test_ksk_doubleksk_step6(tld, alg, size, ns3): "zone": zone, "cdss": CDSS, "keyprops": [ - f"zsk unlimited {alg} {size} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{OFFSETS['step6-p']}", - f"ksk {KSK_LIFETIME_POLICY} {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{OFFSETS['step6-s']}", + f"zsk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{OFFSETS['step6-p']}", + f"ksk {KSK_LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{OFFSETS['step6-s']}", ], "nextev": None, } diff --git a/bin/tests/system/rollover-lifetime/tests_rollover_lifetime_initial.py b/bin/tests/system/rollover-lifetime/tests_rollover_lifetime_initial.py index a770814f8ad..f37cb3690f0 100644 --- a/bin/tests/system/rollover-lifetime/tests_rollover_lifetime_initial.py +++ b/bin/tests/system/rollover-lifetime/tests_rollover_lifetime_initial.py @@ -14,7 +14,7 @@ import pytest from isctest.util import param -from rollover.common import CDSS, DEFAULT_CONFIG, DURATION, alg, pytestmark, size +from rollover.common import CDSS, DEFAULT_CONFIG, DURATION, pytestmark import isctest @@ -28,7 +28,7 @@ import isctest param("unlimit-lifetime", "short-lifetime", "P6M"), ], ) -def test_lifetime_initial(zone, policy, lifetime, alg, size, ns3): +def test_lifetime_initial(zone, policy, lifetime, ns3, default_algorithm): config = DEFAULT_CONFIG isctest.kasp.wait_keymgr_done(ns3, f"{zone}.kasp") @@ -37,7 +37,7 @@ def test_lifetime_initial(zone, policy, lifetime, alg, size, ns3): "zone": f"{zone}.kasp", "cdss": CDSS, "keyprops": [ - f"csk {DURATION[lifetime]} {alg} {size} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", + f"csk {DURATION[lifetime]} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", ], "nextev": None, } diff --git a/bin/tests/system/rollover-lifetime/tests_rollover_lifetime_reconfig.py b/bin/tests/system/rollover-lifetime/tests_rollover_lifetime_reconfig.py index ff697a05293..345bd2bc65a 100644 --- a/bin/tests/system/rollover-lifetime/tests_rollover_lifetime_reconfig.py +++ b/bin/tests/system/rollover-lifetime/tests_rollover_lifetime_reconfig.py @@ -14,7 +14,7 @@ import pytest from isctest.util import param -from rollover.common import CDSS, DEFAULT_CONFIG, DURATION, alg, pytestmark, size +from rollover.common import CDSS, DEFAULT_CONFIG, DURATION, pytestmark import isctest @@ -43,7 +43,7 @@ def after_servers_start(ns3, templates): param("unlimit-lifetime", "unlimited-lifetime", 0), ], ) -def test_lifetime_reconfig(zone, policy, lifetime, alg, size, ns3): +def test_lifetime_reconfig(zone, policy, lifetime, ns3, default_algorithm): config = DEFAULT_CONFIG isctest.kasp.wait_keymgr_done(ns3, f"{zone}.kasp", reconfig=True) @@ -52,7 +52,7 @@ def test_lifetime_reconfig(zone, policy, lifetime, alg, size, ns3): "zone": f"{zone}.kasp", "cdss": CDSS, "keyprops": [ - f"csk {DURATION[lifetime]} {alg} {size} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", + f"csk {DURATION[lifetime]} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden", ], "nextev": None, } diff --git a/bin/tests/system/rollover-multisigner/tests_rollover_multisigner.py b/bin/tests/system/rollover-multisigner/tests_rollover_multisigner.py index 39cca867f24..20e3c357fef 100644 --- a/bin/tests/system/rollover-multisigner/tests_rollover_multisigner.py +++ b/bin/tests/system/rollover-multisigner/tests_rollover_multisigner.py @@ -21,7 +21,7 @@ import pytest from isctest.kasp import Iret, SettimeOptions from isctest.run import EnvCmd -from rollover.common import alg, pytestmark, size +from rollover.common import pytestmark from rollover.setup import fake_lifetime, render_and_sign_zone, setkeytimes import isctest @@ -96,7 +96,7 @@ def bootstrap(): return {} -def test_rollover_multisigner(ns3, alg, size): +def test_rollover_multisigner(ns3, default_algorithm): policy = "multisigner-model2" config = { "dnskey-ttl": timedelta(hours=1), @@ -118,7 +118,7 @@ def test_rollover_multisigner(ns3, alg, size): keygen_command = [ os.environ.get("KEYGEN"), "-a", - alg, + default_algorithm.name, "-L", "3600", "-M", @@ -135,12 +135,14 @@ def test_rollover_multisigner(ns3, alg, size): isctest.kasp.check_dnssec_verify(ns3, zone) key_properties = [ - f"ksk unlimited {alg} {size} goal:omnipresent dnskey:rumoured krrsig:rumoured ds:hidden tag-range:32768-65535", - f"zsk unlimited {alg} {size} goal:omnipresent dnskey:rumoured zrrsig:rumoured tag-range:32768-65535", + f"ksk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:rumoured krrsig:rumoured ds:hidden tag-range:32768-65535", + f"zsk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:rumoured zrrsig:rumoured tag-range:32768-65535", ] expected = isctest.kasp.policy_to_properties(ttl, key_properties) - newprops = [f"zsk unlimited {alg} {size} tag-range:0-32767"] + newprops = [ + f"zsk unlimited {default_algorithm.number} {default_algorithm.bits} tag-range:0-32767" + ] expected2 = isctest.kasp.policy_to_properties(ttl, newprops) expected2[0].private = False expected2[0].legacy = True @@ -164,7 +166,9 @@ def test_rollover_multisigner(ns3, alg, size): # Update zone with ZSK from another provider for zone. out = keygen(zone) newkeys = isctest.kasp.keystr_to_keylist(out) - newprops = [f"zsk unlimited {alg} {size} tag-range:0-32767"] + newprops = [ + f"zsk unlimited {default_algorithm.number} {default_algorithm.bits} tag-range:0-32767" + ] expected2 = isctest.kasp.policy_to_properties(ttl, newprops) expected2[0].private = False expected2[0].legacy = True @@ -211,10 +215,10 @@ def test_rollover_multisigner(ns3, alg, size): isctest.kasp.check_dnssec_verify(ns3, zone) key_properties = [ - f"ksk unlimited {alg} {size} goal:omnipresent dnskey:rumoured krrsig:rumoured ds:hidden tag-range:32768-65535", - f"zsk unlimited {alg} {size} goal:omnipresent dnskey:rumoured zrrsig:hidden tag-range:32768-65535", - f"ksk unlimited {alg} {size} goal:hidden dnskey:omnipresent krrsig:omnipresent ds:omnipresent tag-range:0-32767 offset:{offval}", - f"zsk unlimited {alg} {size} goal:hidden dnskey:omnipresent zrrsig:omnipresent tag-range:0-32767 offset:{offval}", + f"ksk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:rumoured krrsig:rumoured ds:hidden tag-range:32768-65535", + f"zsk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:rumoured zrrsig:hidden tag-range:32768-65535", + f"ksk unlimited {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:omnipresent krrsig:omnipresent ds:omnipresent tag-range:0-32767 offset:{offval}", + f"zsk unlimited {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:omnipresent zrrsig:omnipresent tag-range:0-32767 offset:{offval}", ] expected = isctest.kasp.policy_to_properties(ttl, key_properties) keys = isctest.kasp.keydir_to_keylist(zone, ns3.identifier) diff --git a/bin/tests/system/rollover-straight2none/tests_rollover_straight2none_initial.py b/bin/tests/system/rollover-straight2none/tests_rollover_straight2none_initial.py index 8d63204a99d..b6f718c26bf 100644 --- a/bin/tests/system/rollover-straight2none/tests_rollover_straight2none_initial.py +++ b/bin/tests/system/rollover-straight2none/tests_rollover_straight2none_initial.py @@ -13,7 +13,7 @@ import pytest -from rollover.common import CDSS, DEFAULT_CONFIG, DURATION, alg, pytestmark, size +from rollover.common import CDSS, DEFAULT_CONFIG, DURATION, pytestmark from rollover.setup import configure_root, configure_straight2none, configure_tld import isctest @@ -43,7 +43,7 @@ def bootstrap(): "going-straight-to-none-dynamic.kasp", ], ) -def test_straight2none_initial(zone, ns3, alg, size): +def test_straight2none_initial(zone, ns3, default_algorithm): config = DEFAULT_CONFIG policy = "default" @@ -53,7 +53,7 @@ def test_straight2none_initial(zone, ns3, alg, size): "zone": zone, "cdss": CDSS, "keyprops": [ - f"csk 0 {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{-DURATION['P10D']}", + f"csk 0 {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{-DURATION['P10D']}", ], "nextev": None, } diff --git a/bin/tests/system/rollover-straight2none/tests_rollover_straight2none_reconfig.py b/bin/tests/system/rollover-straight2none/tests_rollover_straight2none_reconfig.py index b4bc988a3d8..5af41f47c99 100644 --- a/bin/tests/system/rollover-straight2none/tests_rollover_straight2none_reconfig.py +++ b/bin/tests/system/rollover-straight2none/tests_rollover_straight2none_reconfig.py @@ -13,7 +13,7 @@ import pytest -from rollover.common import CDSS, DEFAULT_CONFIG, DURATION, alg, pytestmark, size +from rollover.common import CDSS, DEFAULT_CONFIG, DURATION, pytestmark from rollover.setup import configure_root, configure_straight2none, configure_tld import isctest @@ -52,7 +52,7 @@ def after_servers_start(ns3, templates): "going-straight-to-none-dynamic.kasp", ], ) -def test_straight2none_reconfig(zone, ns3, alg, size): +def test_straight2none_reconfig(zone, ns3, default_algorithm): config = DEFAULT_CONFIG policy = None @@ -62,7 +62,7 @@ def test_straight2none_reconfig(zone, ns3, alg, size): # These zones will go bogus after signatures expire, but # remain validly signed for now. "keyprops": [ - f"csk 0 {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{-DURATION['P10D']}", + f"csk 0 {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent zrrsig:omnipresent ds:omnipresent offset:{-DURATION['P10D']}", ], "nextev": None, } diff --git a/bin/tests/system/rollover-zsk-prepub/tests_rollover_zsk_prepublication.py b/bin/tests/system/rollover-zsk-prepub/tests_rollover_zsk_prepublication.py index 4ac6f673135..96db40c4cb7 100644 --- a/bin/tests/system/rollover-zsk-prepub/tests_rollover_zsk_prepublication.py +++ b/bin/tests/system/rollover-zsk-prepub/tests_rollover_zsk_prepublication.py @@ -17,7 +17,7 @@ import pytest from isctest.kasp import Ipub, Iret from isctest.util import param -from rollover.common import TIMEDELTA, alg, pytestmark, size +from rollover.common import TIMEDELTA, pytestmark from rollover.setup import configure_root, configure_tld, configure_zsk_prepub import isctest @@ -85,7 +85,7 @@ def bootstrap(): param("manual"), ], ) -def test_zsk_prepub_step1(tld, alg, size, ns3): +def test_zsk_prepub_step1(tld, ns3, default_algorithm): zone = f"step1.zsk-prepub.{tld}" policy = f"{POLICY}-{tld}" @@ -98,8 +98,8 @@ def test_zsk_prepub_step1(tld, alg, size, ns3): # Introduce the first key. This will immediately be active. "zone": zone, "keyprops": [ - f"ksk unlimited {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{OFFSETS['step1-p']}", - f"zsk {LIFETIME_POLICY} {alg} {size} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{OFFSETS['step1-p']}", + f"ksk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{OFFSETS['step1-p']}", + f"zsk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{OFFSETS['step1-p']}", ], # Next key event is when the successor ZSK needs to be published. # That is the ZSK lifetime - prepublication time (minus time @@ -118,7 +118,7 @@ def test_zsk_prepub_step1(tld, alg, size, ns3): param("manual"), ], ) -def test_zsk_prepub_step2(tld, alg, size, ns3): +def test_zsk_prepub_step2(tld, ns3, default_algorithm): zone = f"step2.zsk-prepub.{tld}" policy = f"{POLICY}-{tld}" @@ -129,8 +129,8 @@ def test_zsk_prepub_step2(tld, alg, size, ns3): step = { "zone": zone, "keyprops": [ - f"ksk unlimited {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{OFFSETS['step2-p']}", - f"zsk {LIFETIME_POLICY} {alg} {size} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{OFFSETS['step2-p']}", + f"ksk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{OFFSETS['step2-p']}", + f"zsk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{OFFSETS['step2-p']}", ], "manual-mode": True, "nextev": None, @@ -156,9 +156,9 @@ def test_zsk_prepub_step2(tld, alg, size, ns3): # zsk2 dnskey: hidden -> rumoured "zone": zone, "keyprops": [ - f"ksk unlimited {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{OFFSETS['step2-p']}", - f"zsk {LIFETIME_POLICY} {alg} {size} goal:hidden dnskey:omnipresent zrrsig:omnipresent offset:{OFFSETS['step2-p']}", - f"zsk {LIFETIME_POLICY} {alg} {size} goal:omnipresent dnskey:rumoured zrrsig:hidden offset:{OFFSETS['step2-s']}", + f"ksk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{OFFSETS['step2-p']}", + f"zsk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:omnipresent zrrsig:omnipresent offset:{OFFSETS['step2-p']}", + f"zsk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:rumoured zrrsig:hidden offset:{OFFSETS['step2-s']}", ], "keyrelationships": [1, 2], # next key event is when the successor zsk becomes omnipresent. @@ -177,7 +177,7 @@ def test_zsk_prepub_step2(tld, alg, size, ns3): param("manual"), ], ) -def test_zsk_prepub_step3(tld, alg, size, ns3): +def test_zsk_prepub_step3(tld, ns3, default_algorithm): zone = f"step3.zsk-prepub.{tld}" policy = f"{POLICY}-{tld}" @@ -188,9 +188,9 @@ def test_zsk_prepub_step3(tld, alg, size, ns3): step = { "zone": zone, "keyprops": [ - f"ksk unlimited {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{OFFSETS['step3-p']}", - f"zsk {LIFETIME_POLICY} {alg} {size} goal:hidden dnskey:omnipresent zrrsig:omnipresent offset:{OFFSETS['step3-p']}", - f"zsk {LIFETIME_POLICY} {alg} {size} goal:omnipresent dnskey:omnipresent zrrsig:hidden offset:{OFFSETS['step3-s']}", + f"ksk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{OFFSETS['step3-p']}", + f"zsk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:omnipresent zrrsig:omnipresent offset:{OFFSETS['step3-p']}", + f"zsk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent zrrsig:hidden offset:{OFFSETS['step3-s']}", ], "keyrelationships": [1, 2], "manual-mode": True, @@ -232,9 +232,9 @@ def test_zsk_prepub_step3(tld, alg, size, ns3): # zsk2 zrrsig: hidden -> rumoured "zone": zone, "keyprops": [ - f"ksk unlimited {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{OFFSETS['step3-p']}", - f"zsk {LIFETIME_POLICY} {alg} {size} goal:hidden dnskey:omnipresent zrrsig:unretentive offset:{OFFSETS['step3-p']}", - f"zsk {LIFETIME_POLICY} {alg} {size} goal:omnipresent dnskey:omnipresent zrrsig:rumoured offset:{OFFSETS['step3-s']}", + f"ksk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{OFFSETS['step3-p']}", + f"zsk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:omnipresent zrrsig:unretentive offset:{OFFSETS['step3-p']}", + f"zsk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent zrrsig:rumoured offset:{OFFSETS['step3-s']}", ], "keyrelationships": [1, 2], # next key event is when all the rrsig records have been replaced @@ -266,7 +266,7 @@ def test_zsk_prepub_step3(tld, alg, size, ns3): param("manual"), ], ) -def test_zsk_prepub_step4(tld, alg, size, ns3): +def test_zsk_prepub_step4(tld, ns3, default_algorithm): zone = f"step4.zsk-prepub.{tld}" policy = f"{POLICY}-{tld}" @@ -277,9 +277,9 @@ def test_zsk_prepub_step4(tld, alg, size, ns3): step = { "zone": zone, "keyprops": [ - f"ksk unlimited {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{OFFSETS['step4-p']}", - f"zsk {LIFETIME_POLICY} {alg} {size} goal:hidden dnskey:omnipresent zrrsig:hidden offset:{OFFSETS['step4-p']}", - f"zsk {LIFETIME_POLICY} {alg} {size} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{OFFSETS['step4-s']}", + f"ksk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{OFFSETS['step4-p']}", + f"zsk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:omnipresent zrrsig:hidden offset:{OFFSETS['step4-p']}", + f"zsk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{OFFSETS['step4-s']}", ], "keyrelationships": [1, 2], "manual-mode": True, @@ -308,9 +308,9 @@ def test_zsk_prepub_step4(tld, alg, size, ns3): # zsk2 zrrsig: rumoured -> omnipresent "zone": zone, "keyprops": [ - f"ksk unlimited {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{OFFSETS['step4-p']}", - f"zsk {LIFETIME_POLICY} {alg} {size} goal:hidden dnskey:unretentive zrrsig:hidden offset:{OFFSETS['step4-p']}", - f"zsk {LIFETIME_POLICY} {alg} {size} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{OFFSETS['step4-s']}", + f"ksk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{OFFSETS['step4-p']}", + f"zsk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:unretentive zrrsig:hidden offset:{OFFSETS['step4-p']}", + f"zsk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{OFFSETS['step4-s']}", ], "keyrelationships": [1, 2], # next key event is when the dnskey enters the hidden state. @@ -329,7 +329,7 @@ def test_zsk_prepub_step4(tld, alg, size, ns3): param("manual"), ], ) -def test_zsk_prepub_step5(tld, alg, size, ns3): +def test_zsk_prepub_step5(tld, ns3, default_algorithm): zone = f"step5.zsk-prepub.{tld}" policy = f"{POLICY}-{tld}" @@ -342,9 +342,9 @@ def test_zsk_prepub_step5(tld, alg, size, ns3): # zsk1 dnskey: unretentive -> hidden "zone": zone, "keyprops": [ - f"ksk unlimited {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{OFFSETS['step5-p']}", - f"zsk {LIFETIME_POLICY} {alg} {size} goal:hidden dnskey:hidden zrrsig:hidden offset:{OFFSETS['step5-p']}", - f"zsk {LIFETIME_POLICY} {alg} {size} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{OFFSETS['step5-s']}", + f"ksk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{OFFSETS['step5-p']}", + f"zsk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:hidden zrrsig:hidden offset:{OFFSETS['step5-p']}", + f"zsk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{OFFSETS['step5-s']}", ], "keyrelationships": [1, 2], # next key event is when the new successor needs to be published. @@ -366,7 +366,7 @@ def test_zsk_prepub_step5(tld, alg, size, ns3): param("manual"), ], ) -def test_zsk_prepub_step6(tld, alg, size, ns3): +def test_zsk_prepub_step6(tld, ns3, default_algorithm): zone = f"step6.zsk-prepub.{tld}" policy = f"{POLICY}-{tld}" @@ -378,8 +378,8 @@ def test_zsk_prepub_step6(tld, alg, size, ns3): # predecessor zsk is now purged. "zone": zone, "keyprops": [ - f"ksk unlimited {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{OFFSETS['step6-p']}", - f"zsk {LIFETIME_POLICY} {alg} {size} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{OFFSETS['step6-s']}", + f"ksk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{OFFSETS['step6-p']}", + f"zsk {LIFETIME_POLICY} {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent offset:{OFFSETS['step6-s']}", ], "nextev": None, } diff --git a/bin/tests/system/rollover/common.py b/bin/tests/system/rollover/common.py index 224d6a5560a..7674537f16d 100644 --- a/bin/tests/system/rollover/common.py +++ b/bin/tests/system/rollover/common.py @@ -11,12 +11,9 @@ from datetime import timedelta -import os - import pytest from isctest.kasp import Ipub, IpubC, Iret -from isctest.vars.algorithms import Algorithm pytestmark = pytest.mark.extra_artifacts( [ @@ -131,22 +128,3 @@ KSK_IPUB = Ipub(KSK_CONFIG) KSK_IPUBC = IpubC(KSK_CONFIG) KSK_IRET = Iret(KSK_CONFIG, zsk=False, ksk=True) KSK_KEYTTLPROP = KSK_CONFIG["dnskey-ttl"] + KSK_CONFIG["zone-propagation-delay"] - - -@pytest.fixture -def alg(): - return os.environ["DEFAULT_ALGORITHM_NUMBER"] - - -@pytest.fixture -def size(): - return os.environ["DEFAULT_BITS"] - - -def default_algorithm(): - return Algorithm( - os.environ["DEFAULT_ALGORITHM"], - int(os.environ["DEFAULT_ALGORITHM_NUMBER"]), - int(os.environ["DEFAULT_ALGORITHM_DST_NUMBER"]), - int(os.environ["DEFAULT_BITS"]), - ) diff --git a/bin/tests/system/rollover/setup.py b/bin/tests/system/rollover/setup.py index 53cc97e3acd..f0953e97da0 100644 --- a/bin/tests/system/rollover/setup.py +++ b/bin/tests/system/rollover/setup.py @@ -16,14 +16,14 @@ import shutil from isctest.kasp import SettimeOptions, private_type_record from isctest.run import EnvCmd from isctest.template import Nameserver, TrustAnchor, Zone -from rollover.common import default_algorithm +from isctest.vars.algorithms import Algorithm import isctest def configure_tld(zonename: str, delegations: List[Zone]) -> Zone: templates = isctest.template.TemplateEngine(".") - alg = default_algorithm() + alg = Algorithm.default() keygen = EnvCmd("KEYGEN", f"-q -a {alg.number} -b {alg.bits} -L 3600") signer = EnvCmd("SIGNER", "-S -g") @@ -57,7 +57,7 @@ def configure_tld(zonename: str, delegations: List[Zone]) -> Zone: def configure_root(delegations: List[Zone]) -> TrustAnchor: templates = isctest.template.TemplateEngine(".") - alg = default_algorithm() + alg = Algorithm.default() keygen = EnvCmd("KEYGEN", f"-q -a {alg.number} -b {alg.bits} -L 3600") signer = EnvCmd("SIGNER", "-S -g") diff --git a/bin/tests/system/rollover/tests_rollover_manual.py b/bin/tests/system/rollover/tests_rollover_manual.py index ae32dbf0e9a..87b6a93f690 100644 --- a/bin/tests/system/rollover/tests_rollover_manual.py +++ b/bin/tests/system/rollover/tests_rollover_manual.py @@ -11,8 +11,6 @@ from datetime import timedelta -import os - from isctest.kasp import ( Ipub, Iret, @@ -22,7 +20,7 @@ from isctest.kasp import ( ) from isctest.run import EnvCmd from isctest.template import Nameserver, Zone -from rollover.common import default_algorithm +from isctest.vars.algorithms import Algorithm from rollover.setup import configure_root, configure_tld, setkeytimes import isctest @@ -30,8 +28,11 @@ import isctest def setup_zone(zone, ksk_time, ksk_timings, zsk_time, zsk_timings) -> Zone: templates = isctest.template.TemplateEngine(".") - alg = default_algorithm() - keygen = EnvCmd("KEYGEN", f"-q -a {alg.number} -b {alg.bits} -L 3600") + default_algorithm = Algorithm.default() + keygen = EnvCmd( + "KEYGEN", + f"-q -a {default_algorithm.number} -b {default_algorithm.bits} -L 3600", + ) signer = EnvCmd("SIGNER", "-S -g") isctest.log.info(f"setup {zone}") @@ -125,10 +126,8 @@ CONFIG = { POLICY = "manual-rollover" -def test_rollover_manual(ns3): +def test_rollover_manual(ns3, default_algorithm): ttl = int(CONFIG["dnskey-ttl"].total_seconds()) - alg = os.environ["DEFAULT_ALGORITHM_NUMBER"] - size = os.environ["DEFAULT_BITS"] zone = "manual-rollover.kasp" isctest.kasp.wait_keymgr_done(ns3, zone) @@ -136,8 +135,8 @@ def test_rollover_manual(ns3): isctest.kasp.check_dnssec_verify(ns3, zone) key_properties = [ - f"ksk unlimited {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent", - f"zsk unlimited {alg} {size} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent", + f"ksk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent", + f"zsk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent", ] expected = isctest.kasp.policy_to_properties(ttl, key_properties) keys = isctest.kasp.keydir_to_keylist(zone, ns3.identifier) @@ -184,9 +183,9 @@ def test_rollover_manual(ns3): isctest.kasp.check_dnssec_verify(ns3, zone) key_properties = [ - f"ksk unlimited {alg} {size} goal:hidden dnskey:omnipresent krrsig:omnipresent ds:omnipresent", - f"ksk unlimited {alg} {size} goal:omnipresent dnskey:rumoured krrsig:rumoured ds:hidden", - f"zsk unlimited {alg} {size} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent", + f"ksk unlimited {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:omnipresent krrsig:omnipresent ds:omnipresent", + f"ksk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:rumoured krrsig:rumoured ds:hidden", + f"zsk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent", ] expected = isctest.kasp.policy_to_properties(ttl, key_properties) keys = isctest.kasp.keydir_to_keylist(zone, ns3.identifier) @@ -226,10 +225,10 @@ def test_rollover_manual(ns3): isctest.kasp.check_dnssec_verify(ns3, zone) key_properties = [ - f"ksk unlimited {alg} {size} goal:hidden dnskey:omnipresent krrsig:omnipresent ds:omnipresent", - f"ksk unlimited {alg} {size} goal:omnipresent dnskey:rumoured krrsig:rumoured ds:hidden", - f"zsk unlimited {alg} {size} goal:hidden dnskey:omnipresent zrrsig:omnipresent", - f"zsk unlimited {alg} {size} goal:omnipresent dnskey:rumoured zrrsig:hidden", + f"ksk unlimited {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:omnipresent krrsig:omnipresent ds:omnipresent", + f"ksk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:rumoured krrsig:rumoured ds:hidden", + f"zsk unlimited {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:omnipresent zrrsig:omnipresent", + f"zsk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:rumoured zrrsig:hidden", ] expected = isctest.kasp.policy_to_properties(ttl, key_properties) keys = isctest.kasp.keydir_to_keylist(zone, ns3.identifier) @@ -250,10 +249,8 @@ def test_rollover_manual(ns3): assert "key is not actively signing" in response.out -def test_rollover_manual_zrrsig_rumoured(ns3): +def test_rollover_manual_zrrsig_rumoured(ns3, default_algorithm): ttl = int(CONFIG["dnskey-ttl"].total_seconds()) - alg = os.environ["DEFAULT_ALGORITHM_NUMBER"] - size = os.environ["DEFAULT_BITS"] zone = "manual-rollover-zrrsig-rumoured.kasp" isctest.kasp.wait_keymgr_done(ns3, zone) @@ -263,8 +260,8 @@ def test_rollover_manual_zrrsig_rumoured(ns3): koffset = -int(timedelta(days=7).total_seconds()) zoffset = -int(timedelta(hours=2).total_seconds()) key_properties = [ - f"ksk unlimited {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{koffset}", - f"zsk unlimited {alg} {size} goal:omnipresent dnskey:omnipresent zrrsig:rumoured offset:{zoffset}", + f"ksk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{koffset}", + f"zsk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent zrrsig:rumoured offset:{zoffset}", ] expected = isctest.kasp.policy_to_properties(ttl, key_properties) keys = isctest.kasp.keydir_to_keylist(zone, ns3.identifier) @@ -292,10 +289,10 @@ def test_rollover_manual_zrrsig_rumoured(ns3): isctest.kasp.check_dnssec_verify(ns3, zone) key_properties = [ - f"ksk unlimited {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{koffset}", + f"ksk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent offset:{koffset}", # Predecessor DNSKEY must stay until successor ZSK is fully omnipresent. - f"zsk unlimited {alg} {size} goal:hidden dnskey:omnipresent zrrsig:rumoured offset:{zoffset}", - f"zsk unlimited {alg} {size} goal:omnipresent dnskey:rumoured zrrsig:hidden offset:0", + f"zsk unlimited {default_algorithm.number} {default_algorithm.bits} goal:hidden dnskey:omnipresent zrrsig:rumoured offset:{zoffset}", + f"zsk unlimited {default_algorithm.number} {default_algorithm.bits} goal:omnipresent dnskey:rumoured zrrsig:hidden offset:0", ] expected = isctest.kasp.policy_to_properties(ttl, key_properties) keys = isctest.kasp.keydir_to_keylist(zone, ns3.identifier)