From: Nicki Křížek Date: Tue, 8 Jul 2025 13:26:09 +0000 (+0200) Subject: Add nsX fixtures to system tests X-Git-Tag: v9.21.11~37^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fe5534291699572e67ad4a854b412e40c524307a;p=thirdparty%2Fbind9.git Add nsX fixtures to system tests Many of our test cases only use a single NamedInstance from the `servers` fixture. Introduce `nsX` helper fixtures to simplify these tests and reduce boilterplate code further. Specifically, the test no longer has to either define its own variable to extract a single server from the list, or use the longer servers["nsX"] syntax. While this may seem minor, the amount of times it is repeated across the tests justifies the change. It also promotes using more explicit server identification, i.e. `nsX`, rather than generic `server`. This also improves the clarity of the tests and may be helpful in traceback during debugging as well. --- diff --git a/bin/tests/system/addzone/tests_rndc_deadlock.py b/bin/tests/system/addzone/tests_rndc_deadlock.py index 3b987d39120..fd2c9d58970 100755 --- a/bin/tests/system/addzone/tests_rndc_deadlock.py +++ b/bin/tests/system/addzone/tests_rndc_deadlock.py @@ -59,13 +59,12 @@ def check_if_server_is_responsive(ns3): return False -def test_rndc_deadlock(servers): +def test_rndc_deadlock(ns3): """ Test whether running "rndc addzone", "rndc modzone", and "rndc delzone" commands concurrently does not trigger a deadlock """ test_state = {"finished": False} - ns3 = servers["ns3"] # Create 4 worker threads running "rndc" commands in a loop. with concurrent.futures.ThreadPoolExecutor() as executor: diff --git a/bin/tests/system/checkds/tests_checkds.py b/bin/tests/system/checkds/tests_checkds.py index 163c4cc150a..edc7d13abd9 100755 --- a/bin/tests/system/checkds/tests_checkds.py +++ b/bin/tests/system/checkds/tests_checkds.py @@ -462,16 +462,16 @@ checkds_tests = ( @pytest.mark.parametrize("params", checkds_tests, ids=lambda t: t.zone) -def test_checkds(servers, params): +def test_checkds(ns2, ns9, params): # Wait until the provided zone is signed and then verify its DNSSEC data. - zone_check(servers["ns9"], params.zone) + zone_check(ns9, params.zone) # Wait up to 10 seconds until all the expected log lines are found in the # log file for the provided server. Rekey every second if necessary. time_remaining = 10 for log_string in params.logs_to_wait_for: line = f"zone {params.zone}/IN (signed): checkds: {log_string}" - while line not in servers["ns9"].log: + while line not in ns9.log: rekey(params.zone) time_remaining -= 1 assert time_remaining, f'Timed out waiting for "{log_string}" to be logged' @@ -479,4 +479,4 @@ def test_checkds(servers, params): # Check whether key states on the parent server provided match # expectations. - keystate_check(servers["ns2"], params.zone, params.expected_parent_state) + keystate_check(ns2, params.zone, params.expected_parent_state) diff --git a/bin/tests/system/configloading/tests_configloading.py b/bin/tests/system/configloading/tests_configloading.py index 12aa2dc4759..f0a136cc36f 100644 --- a/bin/tests/system/configloading/tests_configloading.py +++ b/bin/tests/system/configloading/tests_configloading.py @@ -10,7 +10,7 @@ # information regarding copyright ownership. -def test_configloading_log(servers): +def test_configloading_log(ns1): """ This test is a "guard/warning" to make sure the named.conf loading (parsing) is done outside of the exclusive mode (so, named is still able to @@ -18,7 +18,6 @@ def test_configloading_log(servers): is currently based on logging, so it's quite brittle. """ - server = servers["ns1"] log_sequence = [ "load_configuration", "parsing user configuration from ", @@ -26,13 +25,13 @@ def test_configloading_log(servers): "loop exclusive mode: starting", ] - with server.watch_log_from_start() as watcher: + with ns1.watch_log_from_start() as watcher: watcher.wait_for_sequence(log_sequence) - with server.watch_log_from_here() as watcher: - server.rndc("reconfig") + with ns1.watch_log_from_here() as watcher: + ns1.rndc("reconfig") watcher.wait_for_sequence(log_sequence) - with server.watch_log_from_here() as watcher: - server.rndc("reload") + with ns1.watch_log_from_here() as watcher: + ns1.rndc("reload") watcher.wait_for_sequence(log_sequence) diff --git a/bin/tests/system/conftest.py b/bin/tests/system/conftest.py index 6dfc9bed38b..21c406e0840 100644 --- a/bin/tests/system/conftest.py +++ b/bin/tests/system/conftest.py @@ -634,3 +634,53 @@ def servers(system_test_dir): except ValueError: continue return instances + + +@pytest.fixture(scope="module") +def ns1(servers): + return servers["ns1"] + + +@pytest.fixture(scope="module") +def ns2(servers): + return servers["ns2"] + + +@pytest.fixture(scope="module") +def ns3(servers): + return servers["ns3"] + + +@pytest.fixture(scope="module") +def ns4(servers): + return servers["ns4"] + + +@pytest.fixture(scope="module") +def ns5(servers): + return servers["ns5"] + + +@pytest.fixture(scope="module") +def ns6(servers): + return servers["ns6"] + + +@pytest.fixture(scope="module") +def ns7(servers): + return servers["ns7"] + + +@pytest.fixture(scope="module") +def ns8(servers): + return servers["ns8"] + + +@pytest.fixture(scope="module") +def ns9(servers): + return servers["ns9"] + + +@pytest.fixture(scope="module") +def ns10(servers): + return servers["ns10"] diff --git a/bin/tests/system/database/tests_database.py b/bin/tests/system/database/tests_database.py index 476b81da95c..0e4fd9be796 100644 --- a/bin/tests/system/database/tests_database.py +++ b/bin/tests/system/database/tests_database.py @@ -14,7 +14,7 @@ import isctest import dns.message -def test_database(servers, templates): +def test_database(ns1, templates): msg = dns.message.make_query("database.", "SOA") # checking pre reload zone @@ -28,8 +28,8 @@ def test_database(servers, templates): ) templates.render("ns1/named.conf", {"rname": "marka.isc.org."}) - with servers["ns1"].watch_log_from_here() as watcher: - servers["ns1"].rndc("reload") + with ns1.watch_log_from_here() as watcher: + ns1.rndc("reload") watcher.wait_for_line("all zones loaded") # checking post reload zone diff --git a/bin/tests/system/emptyzones/tests_emptyzones.py b/bin/tests/system/emptyzones/tests_emptyzones.py index 20911cc9bdc..c4781393953 100644 --- a/bin/tests/system/emptyzones/tests_emptyzones.py +++ b/bin/tests/system/emptyzones/tests_emptyzones.py @@ -14,9 +14,8 @@ import dns.message import isctest -def test_emptyzones(servers, templates): +def test_emptyzones(ns1, templates): # check that switching to automatic empty zones works - ns1 = servers["ns1"] with ns1.watch_log_from_here() as watcher: ns1.rndc("reload") watcher.wait_for_line("all zones loaded") diff --git a/bin/tests/system/kasp/tests_kasp.py b/bin/tests/system/kasp/tests_kasp.py index 039b302801f..4e6eda8d825 100644 --- a/bin/tests/system/kasp/tests_kasp.py +++ b/bin/tests/system/kasp/tests_kasp.py @@ -633,11 +633,10 @@ def cb_remove_keyfiles(params, ksks=None, zsks=None): ), ], ) -def test_kasp_case(servers, params): +def test_kasp_case(servers, ns3, params): # Test many different configurations and expected keys and states after # initial startup. - server = servers["ns3"] - keydir = server.identifier + keydir = ns3.identifier # Get test parameters. zone = params["zone"] @@ -660,7 +659,7 @@ def test_kasp_case(servers, params): isctest.log.info(f"check test case zone {zone} policy {policy}") # First make sure the zone is signed. - isctest.kasp.check_dnssec_verify(server, zone) + isctest.kasp.check_dnssec_verify(ns3, zone) # Key properties. expected = isctest.kasp.policy_to_properties(ttl=ttl, keys=params["key-properties"]) @@ -678,7 +677,7 @@ def test_kasp_case(servers, params): ksks = [k for k in keys if k.is_ksk()] zsks = [k for k in keys if not k.is_ksk()] - isctest.kasp.check_dnssec_verify(server, zone) + isctest.kasp.check_dnssec_verify(ns3, zone) isctest.kasp.check_keys(zone, keys, expected) offset = params["offset"] if "offset" in params else None @@ -691,7 +690,7 @@ def test_kasp_case(servers, params): if "rumoured" not in params: isctest.kasp.check_keytimes(keys, expected) - check_all(server, zone, policy, ksks, zsks, zsk_missing=zsk_missing) + check_all(ns3, zone, policy, ksks, zsks, zsk_missing=zsk_missing) if "additional-tests" in params: params["servers"] = servers @@ -774,26 +773,25 @@ def test_kasp_inherit_signed(zone, policy, server_id, alg, tsig_kind, servers): param("3", "no", "yes", "view2"), ], ) -def test_kasp_inherit_view(number, dynamic, inline_signing, txt_rdata, servers): +def test_kasp_inherit_view(number, dynamic, inline_signing, txt_rdata, ns4): zone = "example.net" policy = "test" - server = servers["ns4"] view = f"example{number}" tsig = f"{os.environ['DEFAULT_HMAC']}:keyforview{number}:{KASP_INHERIT_TSIG_SECRET[f'view{number}']}" key1 = KeyProperties.default() key1.metadata["Algorithm"] = ECDSAP384SHA384.number key1.metadata["Length"] = ECDSAP384SHA384.bits - keys = isctest.kasp.keydir_to_keylist(zone, server.identifier) + keys = isctest.kasp.keydir_to_keylist(zone, ns4.identifier) - isctest.kasp.check_dnssec_verify(server, zone, tsig=tsig) + isctest.kasp.check_dnssec_verify(ns4, zone, tsig=tsig) isctest.kasp.check_keys(zone, keys, [key1]) set_keytimes_default_policy(key1) isctest.kasp.check_keytimes(keys, [key1]) - isctest.kasp.check_dnssecstatus(server, zone, keys, policy=policy, view=view) - isctest.kasp.check_apex(server, zone, keys, [], tsig=tsig) + isctest.kasp.check_dnssecstatus(ns4, zone, keys, policy=policy, view=view) + isctest.kasp.check_apex(ns4, zone, keys, [], tsig=tsig) # check zonestatus - response = server.rndc(f"zonestatus {zone} in {view}", log=False) + response = ns4.rndc(f"zonestatus {zone} in {view}", log=False) assert f"dynamic: {dynamic}" in response assert f"inline signing: {inline_signing}" in response # check subdomain @@ -806,9 +804,9 @@ def test_kasp_inherit_view(number, dynamic, inline_signing, txt_rdata, servers): keyring = dns.tsig.Key(tsigkey[1], tsigkey[2], tsigkey[0]) query.use_tsig(keyring) try: - response = isctest.query.tcp(query, server.ip, server.ports.dns, timeout=3) + response = isctest.query.tcp(query, ns4.ip, ns4.ports.dns, timeout=3) except dns.exception.Timeout: - isctest.log.debug(f"query timeout for query {qname} {qtype} to {server.ip}") + isctest.log.debug(f"query timeout for query {qname} {qtype} to {ns4.ip}") response = None assert response.rcode() == dns.rcode.NOERROR match = f'{qname} 300 IN TXT "{rdata}"' @@ -824,9 +822,7 @@ def test_kasp_inherit_view(number, dynamic, inline_signing, txt_rdata, servers): isctest.kasp.check_signatures(rrsigs, qtype, fqdn, keys, []) -def test_kasp_default(servers): - server = servers["ns3"] - +def test_kasp_default(ns3): # check the zone with default kasp policy has loaded and is signed. isctest.log.info("check a zone with the default policy is signed") zone = "default.kasp" @@ -839,11 +835,11 @@ def test_kasp_default(servers): ] expected = isctest.kasp.policy_to_properties(ttl=3600, keys=keyprops) keys = isctest.kasp.keydir_to_keylist(zone, "ns3") - isctest.kasp.check_dnssec_verify(server, zone) + isctest.kasp.check_dnssec_verify(ns3, zone) isctest.kasp.check_keys(zone, keys, expected) set_keytimes_default_policy(expected[0]) isctest.kasp.check_keytimes(keys, expected) - check_all(server, zone, policy, keys, []) + check_all(ns3, zone, policy, keys, []) # Trigger a keymgr run. Make sure the key files are not touched if there # are no modifications to the key metadata. @@ -855,8 +851,8 @@ def test_kasp_default(servers): pubkey_stat = os.stat(key.keyfile) state_stat = os.stat(key.statefile) - with server.watch_log_from_here() as watcher: - server.rndc(f"loadkeys {zone}", log=False) + with ns3.watch_log_from_here() as watcher: + ns3.rndc(f"loadkeys {zone}", log=False) watcher.wait_for_line(f"keymgr: {zone} done") assert privkey_stat.st_mtime == os.stat(key.privatefile).st_mtime @@ -864,8 +860,8 @@ def test_kasp_default(servers): assert state_stat.st_mtime == os.stat(key.statefile).st_mtime # again - with server.watch_log_from_here() as watcher: - server.rndc(f"loadkeys {zone}", log=False) + with ns3.watch_log_from_here() as watcher: + ns3.rndc(f"loadkeys {zone}", log=False) watcher.wait_for_line(f"keymgr: {zone} done") assert privkey_stat.st_mtime == os.stat(key.privatefile).st_mtime @@ -875,7 +871,7 @@ def test_kasp_default(servers): # modify unsigned zone file and check that new record is signed. isctest.log.info("check that an updated zone signs the new record") shutil.copyfile("ns3/template2.db.in", f"ns3/{zone}.db") - server.rndc(f"reload {zone}", log=False) + ns3.rndc(f"reload {zone}", log=False) def update_is_signed(): parts = update.split() @@ -883,7 +879,7 @@ def test_kasp_default(servers): qtype = dns.rdatatype.from_text(parts[1]) rdata = parts[2] return isctest.kasp.verify_update_is_signed( - server, zone, qname, qtype, rdata, keys, [] + ns3, zone, qname, qtype, rdata, keys, [] ) expected_updates = [f"a.{zone}. A 10.0.0.11", f"d.{zone}. A 10.0.0.44"] @@ -895,15 +891,15 @@ def test_kasp_default(servers): isctest.log.info("check that missing private key doesn't trigger rollover") shutil.move(f"{key.privatefile}", f"{key.path}.offline") expectmsg = "zone_rekey:zone_verifykeys failed: some key files are missing" - with server.watch_log_from_here() as watcher: - server.rndc(f"loadkeys {zone}", log=False) + with ns3.watch_log_from_here() as watcher: + ns3.rndc(f"loadkeys {zone}", log=False) watcher.wait_for_line(f"zone {zone}/IN (signed): {expectmsg}") # Nothing has changed. expected[0].properties["private"] = False - isctest.kasp.check_dnssec_verify(server, zone) + isctest.kasp.check_dnssec_verify(ns3, zone) isctest.kasp.check_keys(zone, keys, expected) isctest.kasp.check_keytimes(keys, expected) - check_all(server, zone, policy, keys, []) + check_all(ns3, zone, policy, keys, []) # A zone that uses inline-signing. isctest.log.info("check an inline-signed zone with the default policy is signed") @@ -912,17 +908,14 @@ def test_kasp_default(servers): key1 = KeyProperties.default() keys = isctest.kasp.keydir_to_keylist(zone, "ns3") expected = [key1] - isctest.kasp.check_dnssec_verify(server, zone) + isctest.kasp.check_dnssec_verify(ns3, zone) isctest.kasp.check_keys(zone, keys, expected) set_keytimes_default_policy(key1) isctest.kasp.check_keytimes(keys, expected) - check_all(server, zone, policy, keys, []) - + check_all(ns3, zone, policy, keys, []) -def test_kasp_dynamic(servers): - # Dynamic update test cases. - server = servers["ns3"] +def test_kasp_dynamic(ns3): # Standard dynamic zone. isctest.log.info("check dynamic zone is updated and signed after update") zone = "dynamic.kasp" @@ -931,12 +924,12 @@ def test_kasp_dynamic(servers): key1 = KeyProperties.default() expected = [key1] keys = isctest.kasp.keydir_to_keylist(zone, "ns3") - isctest.kasp.check_dnssec_verify(server, zone) + isctest.kasp.check_dnssec_verify(ns3, zone) isctest.kasp.check_keys(zone, keys, expected) set_keytimes_default_policy(key1) expected = [key1] isctest.kasp.check_keytimes(keys, expected) - check_all(server, zone, policy, keys, []) + check_all(ns3, zone, policy, keys, []) def update_is_signed(): parts = update.split() @@ -944,14 +937,14 @@ def test_kasp_dynamic(servers): qtype = dns.rdatatype.from_text(parts[1]) rdata = parts[2] return isctest.kasp.verify_update_is_signed( - server, zone, qname, qtype, rdata, keys, [] + ns3, zone, qname, qtype, rdata, keys, [] ) update_msg = dns.update.UpdateMessage(zone) update_msg.delete(f"a.{zone}.", "A", "10.0.0.1") update_msg.add(f"a.{zone}.", 300, "A", "10.0.0.101") update_msg.add(f"d.{zone}.", 300, "A", "10.0.0.4") - server.nsupdate(update_msg) + ns3.nsupdate(update_msg) expected_updates = [f"a.{zone}. A 10.0.0.101", f"d.{zone}. A 10.0.0.4"] for update in expected_updates: @@ -962,15 +955,15 @@ def test_kasp_dynamic(servers): update_msg.add(f"a.{zone}.", 300, "A", "10.0.0.1") update_msg.delete(f"a.{zone}.", "A", "10.0.0.101") update_msg.delete(f"d.{zone}.", "A", "10.0.0.4") - server.nsupdate(update_msg) + ns3.nsupdate(update_msg) update = f"a.{zone}. A 10.0.0.1" isctest.run.retry_with_timeout(update_is_signed, timeout=5) # Update zone with freeze/thaw. isctest.log.info("check dynamic zone is updated and signed after freeze and thaw") - with server.watch_log_from_here() as watcher: - server.rndc(f"freeze {zone}", log=False) + with ns3.watch_log_from_here() as watcher: + ns3.rndc(f"freeze {zone}", log=False) watcher.wait_for_line(f"freezing zone '{zone}/IN': success") time.sleep(1) @@ -978,8 +971,8 @@ def test_kasp_dynamic(servers): zonefile.write(f"d.{zone}. 300 A 10.0.0.44\n") time.sleep(1) - with server.watch_log_from_here() as watcher: - server.rndc(f"thaw {zone}", log=False) + with ns3.watch_log_from_here() as watcher: + ns3.rndc(f"thaw {zone}", log=False) watcher.wait_for_line(f"thawing zone '{zone}/IN': success") expected_updates = [f"a.{zone}. A 10.0.0.1", f"d.{zone}. A 10.0.0.44"] @@ -993,27 +986,27 @@ def test_kasp_dynamic(servers): key1 = KeyProperties.default() expected = [key1] keys = isctest.kasp.keydir_to_keylist(zone, "ns3") - isctest.kasp.check_dnssec_verify(server, zone) + isctest.kasp.check_dnssec_verify(ns3, zone) isctest.kasp.check_keys(zone, keys, expected) set_keytimes_default_policy(key1) expected = [key1] isctest.kasp.check_keytimes(keys, expected) - check_all(server, zone, policy, keys, []) + check_all(ns3, zone, policy, keys, []) # Update zone with freeze/thaw. isctest.log.info( "check dynamic inline-signed zone is updated and signed after freeze and thaw" ) - with server.watch_log_from_here() as watcher: - server.rndc(f"freeze {zone}", log=False) + with ns3.watch_log_from_here() as watcher: + ns3.rndc(f"freeze {zone}", log=False) watcher.wait_for_line(f"freezing zone '{zone}/IN': success") time.sleep(1) shutil.copyfile("ns3/template2.db.in", f"ns3/{zone}.db") time.sleep(1) - with server.watch_log_from_here() as watcher: - server.rndc(f"thaw {zone}", log=False) + with ns3.watch_log_from_here() as watcher: + ns3.rndc(f"thaw {zone}", log=False) watcher.wait_for_line(f"thawing zone '{zone}/IN': success") expected_updates = [f"a.{zone}. A 10.0.0.11", f"d.{zone}. A 10.0.0.44"] @@ -1032,16 +1025,14 @@ def test_kasp_dynamic(servers): key1.metadata["DSState"] = "omnipresent" expected = [key1] keys = isctest.kasp.keydir_to_keylist(zone, "ns3/keys") - isctest.kasp.check_dnssec_verify(server, zone) + isctest.kasp.check_dnssec_verify(ns3, zone) isctest.kasp.check_keys(zone, keys, expected) - check_all(server, zone, policy, keys, []) + check_all(ns3, zone, policy, keys, []) # Ensure no zone_resigninc for the unsigned version of the zone is triggered. assert f"zone_resigninc: zone {zone}/IN (unsigned): enter" not in "ns3/named.run" -def test_kasp_checkds(servers): - server = servers["ns3"] - +def test_kasp_checkds(ns3): def wait_for_metadata(): return isctest.util.file_contents_contain(ksk.statefile, metadata) @@ -1058,15 +1049,15 @@ def test_kasp_checkds(servers): keys = isctest.kasp.keydir_to_keylist(zone, "ns3") ksks = [k for k in keys if k.is_ksk()] zsks = [k for k in keys if k.is_zsk()] - isctest.kasp.check_dnssec_verify(server, zone) + isctest.kasp.check_dnssec_verify(ns3, zone) isctest.kasp.check_keys(zone, keys, expected) - check_all(server, zone, policy, ksks, zsks) + check_all(ns3, zone, policy, ksks, zsks) now = KeyTimingMetadata.now() ksk = ksks[0] isctest.log.info("check if checkds -publish correctly sets DSPublish") - server.rndc(f"dnssec -checkds -when {now} published {zone}", log=False) + ns3.rndc(f"dnssec -checkds -when {now} published {zone}", log=False) metadata = f"DSPublish: {now}" isctest.run.retry_with_timeout(wait_for_metadata, timeout=3) expected[0].metadata["DSState"] = "rumoured" @@ -1074,7 +1065,7 @@ def test_kasp_checkds(servers): isctest.kasp.check_keys(zone, keys, expected) isctest.log.info("check if checkds -withdrawn correctly sets DSRemoved") - server.rndc(f"dnssec -checkds -when {now} withdrawn {zone}", log=False) + ns3.rndc(f"dnssec -checkds -when {now} withdrawn {zone}", log=False) metadata = f"DSRemoved: {now}" isctest.run.retry_with_timeout(wait_for_metadata, timeout=3) expected[0].metadata["DSState"] = "unretentive" @@ -1082,9 +1073,7 @@ def test_kasp_checkds(servers): isctest.kasp.check_keys(zone, keys, expected) -def test_kasp_checkds_doubleksk(servers): - server = servers["ns3"] - +def test_kasp_checkds_doubleksk(ns3): def wait_for_metadata(): return isctest.util.file_contents_contain(ksk.statefile, metadata) @@ -1102,9 +1091,9 @@ def test_kasp_checkds_doubleksk(servers): keys = isctest.kasp.keydir_to_keylist(zone, "ns3") ksks = [k for k in keys if k.is_ksk()] zsks = [k for k in keys if k.is_zsk()] - isctest.kasp.check_dnssec_verify(server, zone) + isctest.kasp.check_dnssec_verify(ns3, zone) isctest.kasp.check_keys(zone, keys, expected) - check_all(server, zone, policy, ksks, zsks) + check_all(ns3, zone, policy, ksks, zsks) now = KeyTimingMetadata.now() ksk = ksks[0] @@ -1113,7 +1102,7 @@ def test_kasp_checkds_doubleksk(servers): isctest.log.info("check invalid checkds commands") def check_error(): - response = server.rndc(test["command"], log=False) + response = ns3.rndc(test["command"], log=False) assert test["error"] in response test_cases = [ @@ -1138,9 +1127,7 @@ def test_kasp_checkds_doubleksk(servers): check_error() isctest.log.info("check if checkds -publish -key correctly sets DSPublish") - server.rndc( - f"dnssec -checkds -when {now} -key {ksk.tag} published {zone}", log=False - ) + ns3.rndc(f"dnssec -checkds -when {now} -key {ksk.tag} published {zone}", log=False) metadata = f"DSPublish: {now}" isctest.run.retry_with_timeout(wait_for_metadata, timeout=3) expected[0].metadata["DSState"] = "rumoured" @@ -1149,9 +1136,7 @@ def test_kasp_checkds_doubleksk(servers): isctest.log.info("check if checkds -withdrawn -key correctly sets DSRemoved") ksk = ksks[1] - server.rndc( - f"dnssec -checkds -when {now} -key {ksk.tag} withdrawn {zone}", log=False - ) + ns3.rndc(f"dnssec -checkds -when {now} -key {ksk.tag} withdrawn {zone}", log=False) metadata = f"DSRemoved: {now}" isctest.run.retry_with_timeout(wait_for_metadata, timeout=3) expected[1].metadata["DSState"] = "unretentive" @@ -1159,9 +1144,7 @@ def test_kasp_checkds_doubleksk(servers): isctest.kasp.check_keys(zone, keys, expected) -def test_kasp_checkds_csk(servers): - server = servers["ns3"] - +def test_kasp_checkds_csk(ns3): def wait_for_metadata(): return isctest.util.file_contents_contain(ksk.statefile, metadata) @@ -1175,15 +1158,15 @@ def test_kasp_checkds_csk(servers): ] expected = isctest.kasp.policy_to_properties(ttl=303, keys=policy_keys) keys = isctest.kasp.keydir_to_keylist(zone, "ns3") - isctest.kasp.check_dnssec_verify(server, zone) + isctest.kasp.check_dnssec_verify(ns3, zone) isctest.kasp.check_keys(zone, keys, expected) - check_all(server, zone, policy, keys, []) + check_all(ns3, zone, policy, keys, []) now = KeyTimingMetadata.now() ksk = keys[0] isctest.log.info("check if checkds -publish csk correctly sets DSPublish") - server.rndc(f"dnssec -checkds -when {now} published {zone}", log=False) + ns3.rndc(f"dnssec -checkds -when {now} published {zone}", log=False) metadata = f"DSPublish: {now}" isctest.run.retry_with_timeout(wait_for_metadata, timeout=3) expected[0].metadata["DSState"] = "rumoured" @@ -1191,7 +1174,7 @@ def test_kasp_checkds_csk(servers): isctest.kasp.check_keys(zone, keys, expected) isctest.log.info("check if checkds -withdrawn csk correctly sets DSRemoved") - server.rndc(f"dnssec -checkds -when {now} withdrawn {zone}", log=False) + ns3.rndc(f"dnssec -checkds -when {now} withdrawn {zone}", log=False) metadata = f"DSRemoved: {now}" isctest.run.retry_with_timeout(wait_for_metadata, timeout=3) expected[0].metadata["DSState"] = "unretentive" @@ -1199,21 +1182,17 @@ def test_kasp_checkds_csk(servers): isctest.kasp.check_keys(zone, keys, expected) -def test_kasp_special_characters(servers): - server = servers["ns3"] - +def test_kasp_special_characters(ns3): # A zone with special characters. isctest.log.info("check special characters") zone = r'i-am.":\;?&[]\@!\$*+,|=\.\(\)special.kasp' # It is non-trivial to adapt the tests to deal with all possible different # escaping characters, so we will just try to verify the zone. - isctest.kasp.check_dnssec_verify(server, zone) - + isctest.kasp.check_dnssec_verify(ns3, zone) -def test_kasp_insecure(servers): - server = servers["ns3"] +def test_kasp_insecure(ns3): # Insecure zones. isctest.log.info("check insecure zones") @@ -1221,28 +1200,26 @@ def test_kasp_insecure(servers): expected = [] keys = isctest.kasp.keydir_to_keylist(zone, "ns3") isctest.kasp.check_keys(zone, keys, expected) - isctest.kasp.check_dnssecstatus(server, zone, keys, policy="insecure") - isctest.kasp.check_apex(server, zone, keys, []) - isctest.kasp.check_subdomain(server, zone, keys, []) + isctest.kasp.check_dnssecstatus(ns3, zone, keys, policy="insecure") + isctest.kasp.check_apex(ns3, zone, keys, []) + isctest.kasp.check_subdomain(ns3, zone, keys, []) zone = "unsigned.kasp" expected = [] keys = isctest.kasp.keydir_to_keylist(zone, "ns3") isctest.kasp.check_keys(zone, keys, expected) - isctest.kasp.check_dnssecstatus(server, zone, keys, policy=None) - isctest.kasp.check_apex(server, zone, keys, []) - isctest.kasp.check_subdomain(server, zone, keys, []) + isctest.kasp.check_dnssecstatus(ns3, zone, keys, policy=None) + isctest.kasp.check_apex(ns3, zone, keys, []) + isctest.kasp.check_subdomain(ns3, zone, keys, []) # Make sure the zone file is untouched. isctest.check.file_contents_equal(f"ns3/{zone}.db.infile", f"ns3/{zone}.db") -def test_kasp_bad_maxzonettl(servers): - server = servers["ns3"] - +def test_kasp_bad_maxzonettl(ns3): # check that max-zone-ttl rejects zones with too high TTL. isctest.log.info("check max-zone-ttl rejects zones with too high TTL") zone = "max-zone-ttl.kasp" - assert f"loading from master file {zone}.db failed: out of range" in server.log + assert f"loading from master file {zone}.db failed: out of range" in ns3.log def test_kasp_dnssec_keygen(): @@ -1431,9 +1408,7 @@ def test_kasp_dnssec_keygen(): isctest.kasp.check_keytimes(keys, expected) -def test_kasp_zsk_retired(servers): - server = servers["ns3"] - +def test_kasp_zsk_retired(ns3): config = { "dnskey-ttl": timedelta(seconds=300), "ds-ttl": timedelta(days=1), @@ -1461,7 +1436,7 @@ def test_kasp_zsk_retired(servers): keys = isctest.kasp.keydir_to_keylist(zone, "ns3") ksks = [k for k in keys if k.is_ksk()] zsks = [k for k in keys if not k.is_ksk()] - isctest.kasp.check_dnssec_verify(server, zone) + isctest.kasp.check_dnssec_verify(ns3, zone) isctest.kasp.check_keys(zone, keys, expected) offset = -timedelta(days=30 * 6) @@ -1529,7 +1504,7 @@ def test_kasp_zsk_retired(servers): expected[2].timing["ZRRSIGChange"] = None isctest.kasp.check_keytimes(keys, expected) - check_all(server, zone, policy, ksks, zsks) + check_all(ns3, zone, policy, ksks, zsks) queries = [ f"{zone} DNSKEY", @@ -1551,25 +1526,23 @@ def test_kasp_zsk_retired(servers): qname = parts[0] qtype = dns.rdatatype.from_text(parts[1]) return isctest.kasp.verify_rrsig_is_refreshed( - server, zone, f"ns3/{zone}.db.signed", qname, qtype, ksks, zsks + ns3, zone, f"ns3/{zone}.db.signed", qname, qtype, ksks, zsks ) for query in queries: isctest.run.retry_with_timeout(rrsig_is_refreshed, timeout=5) # Load again, make sure the purged key is not an issue when verifying keys. - with server.watch_log_from_here() as watcher: - server.rndc(f"loadkeys {zone}", log=False) + with ns3.watch_log_from_here() as watcher: + ns3.rndc(f"loadkeys {zone}", log=False) watcher.wait_for_line(f"keymgr: {zone} done") msg = f"zone {zone}/IN (signed): zone_rekey:zone_verifykeys failed: some key files are missing" - server.log.prohibit(msg) + ns3.log.prohibit(msg) -def test_kasp_purge_keys(servers): +def test_kasp_purge_keys(ns4): zone = "purgekeys.kasp" - server = servers["ns4"] - tsig1 = ( f"{os.environ['DEFAULT_HMAC']}:keyforview1:{KASP_INHERIT_TSIG_SECRET['view1']}" ) @@ -1577,24 +1550,23 @@ def test_kasp_purge_keys(servers): f"{os.environ['DEFAULT_HMAC']}:keyforview2:{KASP_INHERIT_TSIG_SECRET['view2']}" ) - isctest.kasp.check_dnssec_verify(server, zone, tsig=tsig1) - isctest.kasp.check_dnssec_verify(server, zone, tsig=tsig2) + isctest.kasp.check_dnssec_verify(ns4, zone, tsig=tsig1) + isctest.kasp.check_dnssec_verify(ns4, zone, tsig=tsig2) # Reconfig, make sure the purged key is not an issue when verifying keys. shutil.copyfile("ns4/purgekeys2.conf", "ns4/purgekeys.conf") - with server.watch_log_from_here() as watcher: - server.rndc("reconfig", log=False) + with ns4.watch_log_from_here() as watcher: + ns4.rndc("reconfig", log=False) watcher.wait_for_line(f"keymgr: {zone} done") msg = f"zone {zone}/IN/example1 (signed): zone_rekey:zone_verifykeys failed: some key files are missing" - server.log.prohibit(msg) + ns4.log.prohibit(msg) msg = f"zone {zone}/IN/example2 (signed): zone_rekey:zone_verifykeys failed: some key files are missing" - server.log.prohibit(msg) + ns4.log.prohibit(msg) -def test_kasp_reload_restart(servers): - server = servers["ns6"] +def test_kasp_reload_restart(ns6): zone = "example" def query_soa(qname): @@ -1602,9 +1574,9 @@ def test_kasp_reload_restart(servers): qtype = dns.rdatatype.SOA query = dns.message.make_query(fqdn, qtype, use_edns=True, want_dnssec=True) try: - response = isctest.query.tcp(query, server.ip, server.ports.dns, timeout=3) + response = isctest.query.tcp(query, ns6.ip, ns6.ports.dns, timeout=3) except dns.exception.Timeout: - isctest.log.debug(f"query timeout for query {qname} SOA to {server.ip}") + isctest.log.debug(f"query timeout for query {qname} SOA to {ns6.ip}") return 0, 0 assert response.rcode() == dns.rcode.NOERROR @@ -1629,8 +1601,8 @@ def test_kasp_reload_restart(servers): assert ttl1 == 300 shutil.copyfile(f"ns6/{zone}2.db.in", f"ns6/{zone}.db") - with server.watch_log_from_here() as watcher: - server.rndc("reload", log=False) + with ns6.watch_log_from_here() as watcher: + ns6.rndc("reload", log=False) watcher.wait_for_line("all zones loaded") newttl = 300 @@ -1641,11 +1613,11 @@ def test_kasp_reload_restart(servers): soa1, ttl1 = query_soa(zone) assert ttl1 == 300 - server.stop() + ns6.stop() shutil.copyfile(f"ns6/{zone}3.db.in", f"ns6/{zone}.db") os.unlink(f"ns6/{zone}.db.jnl") - with server.watch_log_from_here() as watcher: - server.start(["--noclean", "--restart", "--port", os.environ["PORT"]]) + with ns6.watch_log_from_here() as watcher: + ns6.start(["--noclean", "--restart", "--port", os.environ["PORT"]]) watcher.wait_for_line("all zones loaded") newttl = 400 diff --git a/bin/tests/system/keepalive/tests_keepalive.py b/bin/tests/system/keepalive/tests_keepalive.py index f800898cdb8..9190ddd8b81 100644 --- a/bin/tests/system/keepalive/tests_keepalive.py +++ b/bin/tests/system/keepalive/tests_keepalive.py @@ -18,9 +18,9 @@ pytestmark = pytest.mark.extra_artifacts( ) -def test_dig_tcp_keepalive_handling(named_port, servers): +def test_dig_tcp_keepalive_handling(named_port, ns2): def get_keepalive_options_received(): - servers["ns2"].rndc("stats", log=False) + ns2.rndc("stats", log=False) options_received = 0 with open("ns2/named.stats", "r", encoding="utf-8") as ns2_stats_file: for line in ns2_stats_file: @@ -53,7 +53,7 @@ def test_dig_tcp_keepalive_handling(named_port, servers): ) isctest.log.info("check a re-configured keepalive value") - response = servers["ns2"].rndc("tcp-timeouts 300 300 300 200 100", log=False) + response = ns2.rndc("tcp-timeouts 300 300 300 200 100", log=False) assert "tcp-initial-timeout=300" in response assert "tcp-idle-timeout=300" in response assert "tcp-keepalive-timeout=300" in response diff --git a/bin/tests/system/ksr/tests_ksr.py b/bin/tests/system/ksr/tests_ksr.py index ed8c18c31bb..0555f626e1c 100644 --- a/bin/tests/system/ksr/tests_ksr.py +++ b/bin/tests/system/ksr/tests_ksr.py @@ -564,7 +564,7 @@ def test_ksr_errors(): assert "dnssec-ksr: fatal: 'sign' requires a KSR file" in err -def test_ksr_common(servers): +def test_ksr_common(ns1): # common test cases (1) zone = "common.test" policy = "common" @@ -738,7 +738,6 @@ def test_ksr_common(servers): ) # add zone - ns1 = servers["ns1"] ns1.rndc( f"addzone {zone} " + "{ type primary; file " @@ -764,7 +763,7 @@ def test_ksr_common(servers): isctest.kasp.check_subdomain(ns1, zone, ksks, overlapping_zsks, offline_ksk=True) -def test_ksr_lastbundle(servers): +def test_ksr_lastbundle(ns1): zone = "last-bundle.test" policy = "common" n = 1 @@ -811,7 +810,6 @@ def test_ksr_lastbundle(servers): check_signedkeyresponse(out, zone, ksks, zsks, then, until, refresh) # add zone - ns1 = servers["ns1"] ns1.rndc( f"addzone {zone} " + "{ type primary; file " @@ -841,7 +839,7 @@ def test_ksr_lastbundle(servers): assert f"zone {zone}/IN (signed): zone_rekey: {warning}" in ns1.log -def test_ksr_inthemiddle(servers): +def test_ksr_inthemiddle(ns1): zone = "in-the-middle.test" policy = "common" n = 1 @@ -889,7 +887,6 @@ def test_ksr_inthemiddle(servers): check_signedkeyresponse(out, zone, ksks, zsks, then, until, refresh) # add zone - ns1 = servers["ns1"] ns1.rndc( f"addzone {zone} " + "{ type primary; file " @@ -982,18 +979,14 @@ def check_ksr_rekey_logs_error(server, zone, policy, offset, end): assert line in server.log -def test_ksr_rekey_logs_error(servers): +def test_ksr_rekey_logs_error(ns1): # check that an SKR that is too old logs error - check_ksr_rekey_logs_error( - servers["ns1"], "past.test", "common", -63072000, -31536000 - ) + check_ksr_rekey_logs_error(ns1, "past.test", "common", -63072000, -31536000) # check that an SKR that is too new logs error - check_ksr_rekey_logs_error( - servers["ns1"], "future.test", "common", 2592000, 31536000 - ) + check_ksr_rekey_logs_error(ns1, "future.test", "common", 2592000, 31536000) -def test_ksr_unlimited(servers): +def test_ksr_unlimited(ns1): zone = "unlimited.test" policy = "unlimited" n = 1 @@ -1082,7 +1075,6 @@ def test_ksr_unlimited(servers): check_signedkeyresponse(out, zone, ksks, zsks, now, until, refresh) # add zone - ns1 = servers["ns1"] ns1.rndc( f"addzone {zone} " + "{ type primary; file " @@ -1108,7 +1100,7 @@ def test_ksr_unlimited(servers): isctest.kasp.check_subdomain(ns1, zone, ksks, zsks, offline_ksk=True) -def test_ksr_twotone(servers): +def test_ksr_twotone(ns1): zone = "two-tone.test" policy = "two-tone" n = 1 @@ -1192,7 +1184,6 @@ def test_ksr_twotone(servers): check_signedkeyresponse(out, zone, ksks, zsks, now, until, refresh) # add zone - ns1 = servers["ns1"] ns1.rndc( f"addzone {zone} " + "{ type primary; file " @@ -1224,7 +1215,7 @@ def test_ksr_twotone(servers): isctest.kasp.check_subdomain(ns1, zone, ksks, zsks, offline_ksk=True) -def test_ksr_kskroll(servers): +def test_ksr_kskroll(ns1): zone = "ksk-roll.test" policy = "ksk-roll" n = 1 @@ -1270,7 +1261,6 @@ def test_ksr_kskroll(servers): check_signedkeyresponse(out, zone, ksks, zsks, now, until, refresh) # add zone - ns1 = servers["ns1"] ns1.rndc( f"addzone {zone} " + "{ type primary; file " diff --git a/bin/tests/system/nzd2nzf/tests_nzd2nzf.py b/bin/tests/system/nzd2nzf/tests_nzd2nzf.py index cd22bef7d93..0f5c89a09b5 100644 --- a/bin/tests/system/nzd2nzf/tests_nzd2nzf.py +++ b/bin/tests/system/nzd2nzf/tests_nzd2nzf.py @@ -27,22 +27,22 @@ pytestmark = [ ] -def test_nzd2nzf(servers): +def test_nzd2nzf(ns1): zone_data = '"added.example" { type primary; file "added.db"; };' msg = dns.message.make_query("a.added.example.", "A") # query for non-existing zone data - res = isctest.query.tcp(msg, servers["ns1"].ip) + res = isctest.query.tcp(msg, ns1.ip) isctest.check.refused(res) # add new zone into the default NZD using "rndc addzone" - servers["ns1"].rndc(f"addzone {zone_data}", log=False) + ns1.rndc(f"addzone {zone_data}", log=False) # query for existing zone data - res = isctest.query.tcp(msg, servers["ns1"].ip) + res = isctest.query.tcp(msg, ns1.ip) isctest.check.noerror(res) - servers["ns1"].stop() + ns1.stop() # dump "_default.nzd" to "_default.nzf" and check that it contains the expected content cfg_dir = "ns1" @@ -59,8 +59,8 @@ def test_nzd2nzf(servers): os.remove(nzd_filename) # start ns1 again, it should migrate "_default.nzf" to "_default.nzd" - servers["ns1"].start(["--noclean", "--restart", "--port", os.environ["PORT"]]) + ns1.start(["--noclean", "--restart", "--port", os.environ["PORT"]]) # query for zone data from the migrated zone config - res = isctest.query.tcp(msg, servers["ns1"].ip) + res = isctest.query.tcp(msg, ns1.ip) isctest.check.noerror(res) diff --git a/bin/tests/system/rollover-algo-csk/tests_rollover_algo_csk_initial.py b/bin/tests/system/rollover-algo-csk/tests_rollover_algo_csk_initial.py index e3b1053c39a..aa12acbbaa3 100644 --- a/bin/tests/system/rollover-algo-csk/tests_rollover_algo_csk_initial.py +++ b/bin/tests/system/rollover-algo-csk/tests_rollover_algo_csk_initial.py @@ -21,7 +21,7 @@ from common import ( ) -def test_algoroll_csk_initial(servers): +def test_algoroll_csk_initial(ns6): config = ALGOROLL_CONFIG policy = "csk-algoroll" @@ -33,4 +33,4 @@ def test_algoroll_csk_initial(servers): ], "nextev": TIMEDELTA["PT1H"], } - isctest.kasp.check_rollover_step(servers["ns6"], config, policy, step) + isctest.kasp.check_rollover_step(ns6, config, policy, step) diff --git a/bin/tests/system/rollover-algo-csk/tests_rollover_algo_csk_reconfig.py b/bin/tests/system/rollover-algo-csk/tests_rollover_algo_csk_reconfig.py index 7037238db80..19a58045afa 100644 --- a/bin/tests/system/rollover-algo-csk/tests_rollover_algo_csk_reconfig.py +++ b/bin/tests/system/rollover-algo-csk/tests_rollover_algo_csk_reconfig.py @@ -37,18 +37,18 @@ TIME_PASSED = 0 # set in reconfigure() fixture @pytest.fixture(scope="module", autouse=True) -def reconfigure(servers, templates): +def reconfigure(ns6, templates): global TIME_PASSED # pylint: disable=global-statement start_time = KeyTimingMetadata.now() templates.render("ns6/named.conf", {"csk_roll": True}) - servers["ns6"].reconfigure() + ns6.reconfigure() # Calculate time passed to correctly check for next key events. TIME_PASSED = KeyTimingMetadata.now().value - start_time.value -def test_algoroll_csk_reconfig_step1(servers, alg, size): +def test_algoroll_csk_reconfig_step1(ns6, alg, size): step = { "zone": "step1.csk-algorithm-roll.kasp", "cdss": CDSS, @@ -61,10 +61,10 @@ def test_algoroll_csk_reconfig_step1(servers, alg, size): # Next key event is when the ecdsa256 keys have been propagated. "nextev": ALGOROLL_IPUB, } - isctest.kasp.check_rollover_step(servers["ns6"], CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns6, CONFIG, POLICY, step) -def test_algoroll_csk_reconfig_step2(servers, alg, size): +def test_algoroll_csk_reconfig_step2(ns6, alg, size): step = { "zone": "step2.csk-algorithm-roll.kasp", "cdss": CDSS, @@ -84,10 +84,10 @@ def test_algoroll_csk_reconfig_step2(servers, alg, size): # the time passed between key creation and invoking 'rndc reconfig'. "nextev": ALGOROLL_IPUBC - ALGOROLL_IPUB - TIME_PASSED, } - isctest.kasp.check_rollover_step(servers["ns6"], CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns6, CONFIG, POLICY, step) -def test_algoroll_csk_reconfig_step3(servers, alg, size): +def test_algoroll_csk_reconfig_step3(ns6, alg, size): step = { "zone": "step3.csk-algorithm-roll.kasp", "cdss": CDSS, @@ -100,10 +100,10 @@ def test_algoroll_csk_reconfig_step3(servers, alg, size): # after the publication interval of the parent side. "nextev": ALGOROLL_IRETKSK - TIME_PASSED, } - isctest.kasp.check_rollover_step(servers["ns6"], CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns6, CONFIG, POLICY, step) -def test_algoroll_csk_reconfig_step4(servers, alg, size): +def test_algoroll_csk_reconfig_step4(ns6, alg, size): step = { "zone": "step4.csk-algorithm-roll.kasp", "cdss": CDSS, @@ -116,10 +116,10 @@ def test_algoroll_csk_reconfig_step4(servers, alg, size): # This happens after the DNSKEY TTL plus zone propagation delay. "nextev": ALGOROLL_KEYTTLPROP, } - isctest.kasp.check_rollover_step(servers["ns6"], CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns6, CONFIG, POLICY, step) -def test_algoroll_csk_reconfig_step5(servers, alg, size): +def test_algoroll_csk_reconfig_step5(ns6, alg, size): step = { "zone": "step5.csk-algorithm-roll.kasp", "cdss": CDSS, @@ -136,10 +136,10 @@ def test_algoroll_csk_reconfig_step5(servers, alg, size): # between key creation and invoking 'rndc reconfig'. "nextev": ALGOROLL_IRET - ALGOROLL_IRETKSK - ALGOROLL_KEYTTLPROP - TIME_PASSED, } - isctest.kasp.check_rollover_step(servers["ns6"], CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns6, CONFIG, POLICY, step) -def test_algoroll_csk_reconfig_step6(servers, alg, size): +def test_algoroll_csk_reconfig_step6(ns6, alg, size): step = { "zone": "step6.csk-algorithm-roll.kasp", "cdss": CDSS, @@ -153,4 +153,4 @@ def test_algoroll_csk_reconfig_step6(servers, alg, size): # loadkeys interval. "nextev": TIMEDELTA["PT1H"], } - isctest.kasp.check_rollover_step(servers["ns6"], CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns6, CONFIG, POLICY, step) diff --git a/bin/tests/system/rollover-algo-ksk-zsk/tests_rollover_algo_ksk_zsk_initial.py b/bin/tests/system/rollover-algo-ksk-zsk/tests_rollover_algo_ksk_zsk_initial.py index cc90ad3b629..1df8028f57e 100644 --- a/bin/tests/system/rollover-algo-ksk-zsk/tests_rollover_algo_ksk_zsk_initial.py +++ b/bin/tests/system/rollover-algo-ksk-zsk/tests_rollover_algo_ksk_zsk_initial.py @@ -21,7 +21,7 @@ from common import ( ) -def test_algoroll_ksk_zsk_initial(servers): +def test_algoroll_ksk_zsk_initial(ns6): config = ALGOROLL_CONFIG policy = "rsasha256" @@ -34,4 +34,4 @@ def test_algoroll_ksk_zsk_initial(servers): ], "nextev": TIMEDELTA["PT1H"], } - isctest.kasp.check_rollover_step(servers["ns6"], config, policy, step) + isctest.kasp.check_rollover_step(ns6, config, policy, step) diff --git a/bin/tests/system/rollover-algo-ksk-zsk/tests_rollover_algo_ksk_zsk_reconfig.py b/bin/tests/system/rollover-algo-ksk-zsk/tests_rollover_algo_ksk_zsk_reconfig.py index c23eb018750..d0e402f950b 100644 --- a/bin/tests/system/rollover-algo-ksk-zsk/tests_rollover_algo_ksk_zsk_reconfig.py +++ b/bin/tests/system/rollover-algo-ksk-zsk/tests_rollover_algo_ksk_zsk_reconfig.py @@ -37,18 +37,18 @@ TIME_PASSED = 0 # set in reconfigure() fixture @pytest.fixture(scope="module", autouse=True) -def reconfigure(servers, templates): +def reconfigure(ns6, templates): global TIME_PASSED # pylint: disable=global-statement start_time = KeyTimingMetadata.now() templates.render("ns6/named.conf", {"alg_roll": True}) - servers["ns6"].reconfigure() + ns6.reconfigure() # Calculate time passed to correctly check for next key events. TIME_PASSED = KeyTimingMetadata.now().value - start_time.value -def test_algoroll_ksk_zsk_reconfig_step1(servers, alg, size): +def test_algoroll_ksk_zsk_reconfig_step1(ns6, alg, size): step = { "zone": "step1.algorithm-roll.kasp", "cdss": CDSS, @@ -63,10 +63,10 @@ def test_algoroll_ksk_zsk_reconfig_step1(servers, alg, size): # Next key event is when the ecdsa256 keys have been propagated. "nextev": ALGOROLL_IPUB, } - isctest.kasp.check_rollover_step(servers["ns6"], CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns6, CONFIG, POLICY, step) -def test_algoroll_ksk_zsk_reconfig_step2(servers, alg, size): +def test_algoroll_ksk_zsk_reconfig_step2(ns6, alg, size): step = { "zone": "step2.algorithm-roll.kasp", "cdss": CDSS, @@ -88,10 +88,10 @@ def test_algoroll_ksk_zsk_reconfig_step2(servers, alg, size): # key creation and invoking 'rndc reconfig'. "nextev": ALGOROLL_IPUBC - ALGOROLL_IPUB - TIME_PASSED, } - isctest.kasp.check_rollover_step(servers["ns6"], CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns6, CONFIG, POLICY, step) -def test_algoroll_ksk_zsk_reconfig_step3(servers, alg, size): +def test_algoroll_ksk_zsk_reconfig_step3(ns6, alg, size): step = { "zone": "step3.algorithm-roll.kasp", "cdss": CDSS, @@ -106,10 +106,10 @@ def test_algoroll_ksk_zsk_reconfig_step3(servers, alg, size): # after the retire interval. "nextev": ALGOROLL_IRETKSK - TIME_PASSED, } - isctest.kasp.check_rollover_step(servers["ns6"], CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns6, CONFIG, POLICY, step) -def test_algoroll_ksk_zsk_reconfig_step4(servers, alg, size): +def test_algoroll_ksk_zsk_reconfig_step4(ns6, alg, size): step = { "zone": "step4.algorithm-roll.kasp", "cdss": CDSS, @@ -124,10 +124,10 @@ def test_algoroll_ksk_zsk_reconfig_step4(servers, alg, size): # This happens after the DNSKEY TTL plus zone propagation delay. "nextev": ALGOROLL_KEYTTLPROP, } - isctest.kasp.check_rollover_step(servers["ns6"], CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns6, CONFIG, POLICY, step) -def test_algoroll_ksk_zsk_reconfig_step5(servers, alg, size): +def test_algoroll_ksk_zsk_reconfig_step5(ns6, alg, size): step = { "zone": "step5.algorithm-roll.kasp", "cdss": CDSS, @@ -146,10 +146,10 @@ def test_algoroll_ksk_zsk_reconfig_step5(servers, alg, size): # between key creation and invoking 'rndc reconfig'. "nextev": ALGOROLL_IRET - ALGOROLL_IRETKSK - ALGOROLL_KEYTTLPROP - TIME_PASSED, } - isctest.kasp.check_rollover_step(servers["ns6"], CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns6, CONFIG, POLICY, step) -def test_algoroll_ksk_zsk_reconfig_step6(servers, alg, size): +def test_algoroll_ksk_zsk_reconfig_step6(ns6, alg, size): step = { "zone": "step6.algorithm-roll.kasp", "cdss": CDSS, @@ -165,4 +165,4 @@ def test_algoroll_ksk_zsk_reconfig_step6(servers, alg, size): # loadkeys interval. "nextev": TIMEDELTA["PT1H"], } - isctest.kasp.check_rollover_step(servers["ns6"], CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns6, CONFIG, POLICY, step) diff --git a/bin/tests/system/rollover-csk-roll1/tests_rollover_csk_roll1.py b/bin/tests/system/rollover-csk-roll1/tests_rollover_csk_roll1.py index 9a265a682c1..8f72165bf8c 100644 --- a/bin/tests/system/rollover-csk-roll1/tests_rollover_csk_roll1.py +++ b/bin/tests/system/rollover-csk-roll1/tests_rollover_csk_roll1.py @@ -62,7 +62,7 @@ OFFSETS["step8-p"] = OFFSETS["step7-p"] - int(CONFIG["purge-keys"].total_seconds OFFSETS["step8-s"] = OFFSETS["step7-s"] - int(CONFIG["purge-keys"].total_seconds()) -def test_csk_roll1_step1(alg, size, servers): +def test_csk_roll1_step1(alg, size, ns3): step = { # Introduce the first key. This will immediately be active. "zone": "step1.csk-roll1.autosign", @@ -75,10 +75,10 @@ def test_csk_roll1_step1(alg, size, servers): # registration delay). "nextev": CSK_LIFETIME - IPUB - timedelta(days=7), } - isctest.kasp.check_rollover_step(servers["ns3"], CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns3, CONFIG, POLICY, step) -def test_csk_roll1_step2(alg, size, servers): +def test_csk_roll1_step2(alg, size, ns3): step = { # Successor CSK is prepublished (signs DNSKEY RRset, but not yet # other RRsets). @@ -96,10 +96,10 @@ def test_csk_roll1_step2(alg, size, servers): # Next key event is when the successor CSK becomes OMNIPRESENT. "nextev": IPUB, } - isctest.kasp.check_rollover_step(servers["ns3"], CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns3, CONFIG, POLICY, step) -def test_csk_roll1_step3(alg, size, servers): +def test_csk_roll1_step3(alg, size, ns3): step = { # Successor CSK becomes omnipresent, meaning we can start signing # the remainder of the zone with the successor CSK, and we can @@ -130,10 +130,10 @@ def test_csk_roll1_step3(alg, size, servers): # from the predecessor ZSK. "smooth": True, } - isctest.kasp.check_rollover_step(servers["ns3"], CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns3, CONFIG, POLICY, step) -def test_csk_roll1_step4(alg, size, servers): +def test_csk_roll1_step4(alg, size, ns3): step = { "zone": "step4.csk-roll1.autosign", "cdss": CDSS, @@ -153,10 +153,10 @@ def test_csk_roll1_step4(alg, size, servers): # We already swapped the DS in the previous step, so disable ds-swap. "ds-swap": False, } - isctest.kasp.check_rollover_step(servers["ns3"], CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns3, CONFIG, POLICY, step) -def test_csk_roll1_step5(alg, size, servers): +def test_csk_roll1_step5(alg, size, ns3): step = { "zone": "step5.csk-roll1.autosign", "cdss": CDSS, @@ -172,10 +172,10 @@ def test_csk_roll1_step5(alg, size, servers): # CSK. "nextev": SIGNDELAY, } - isctest.kasp.check_rollover_step(servers["ns3"], CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns3, CONFIG, POLICY, step) -def test_csk_roll1_step6(alg, size, servers): +def test_csk_roll1_step6(alg, size, ns3): step = { "zone": "step6.csk-roll1.autosign", "cdss": CDSS, @@ -193,10 +193,10 @@ def test_csk_roll1_step6(alg, size, servers): # This is the DNSKEY TTL plus zone propagation delay. "nextev": KEYTTLPROP, } - isctest.kasp.check_rollover_step(servers["ns3"], CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns3, CONFIG, POLICY, step) -def test_csk_roll1_step7(alg, size, servers): +def test_csk_roll1_step7(alg, size, ns3): step = { "zone": "step7.csk-roll1.autosign", "cdss": CDSS, @@ -211,10 +211,10 @@ def test_csk_roll1_step7(alg, size, servers): # minus the prepublication time. "nextev": CSK_LIFETIME - IRETZSK - IPUB - KEYTTLPROP, } - isctest.kasp.check_rollover_step(servers["ns3"], CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns3, CONFIG, POLICY, step) -def test_csk_roll1_step8(alg, size, servers): +def test_csk_roll1_step8(alg, size, ns3): step = { "zone": "step8.csk-roll1.autosign", "cdss": CDSS, @@ -223,4 +223,4 @@ def test_csk_roll1_step8(alg, size, servers): ], "nextev": None, } - isctest.kasp.check_rollover_step(servers["ns3"], CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns3, CONFIG, POLICY, step) diff --git a/bin/tests/system/rollover-csk-roll2/tests_rollover_csk_roll2.py b/bin/tests/system/rollover-csk-roll2/tests_rollover_csk_roll2.py index a4fe5e574d9..844f754c179 100644 --- a/bin/tests/system/rollover-csk-roll2/tests_rollover_csk_roll2.py +++ b/bin/tests/system/rollover-csk-roll2/tests_rollover_csk_roll2.py @@ -65,7 +65,7 @@ OFFSETS["step7-p"] = OFFSETS["step6-p"] - int(timedelta(days=90).total_seconds() OFFSETS["step7-s"] = OFFSETS["step6-s"] - int(timedelta(days=90).total_seconds()) -def test_csk_roll2_step1(alg, size, servers): +def test_csk_roll2_step1(alg, size, ns3): step = { # Introduce the first key. This will immediately be active. "zone": "step1.csk-roll2.autosign", @@ -78,10 +78,10 @@ def test_csk_roll2_step1(alg, size, servers): # registration delay). "nextev": CSK_LIFETIME - IPUB - TIMEDELTA["P7D"], } - isctest.kasp.check_rollover_step(servers["ns3"], CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns3, CONFIG, POLICY, step) -def test_csk_roll2_step2(alg, size, servers): +def test_csk_roll2_step2(alg, size, ns3): step = { # Successor CSK is prepublished (signs DNSKEY RRset, but not yet # other RRsets). @@ -99,10 +99,10 @@ def test_csk_roll2_step2(alg, size, servers): # Next key event is when the successor CSK becomes OMNIPRESENT. "nextev": IPUB, } - isctest.kasp.check_rollover_step(servers["ns3"], CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns3, CONFIG, POLICY, step) -def test_csk_roll2_step3(alg, size, servers): +def test_csk_roll2_step3(alg, size, ns3): step = { # Successor CSK becomes omnipresent, meaning we can start signing # the remainder of the zone with the successor CSK, and we can @@ -133,10 +133,10 @@ def test_csk_roll2_step3(alg, size, servers): # from the predecessor ZSK. "smooth": True, } - isctest.kasp.check_rollover_step(servers["ns3"], CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns3, CONFIG, POLICY, step) -def test_csk_roll2_step4(alg, size, servers): +def test_csk_roll2_step4(alg, size, ns3): step = { "zone": "step4.csk-roll2.autosign", "cdss": CDSS, @@ -158,10 +158,10 @@ def test_csk_roll2_step4(alg, size, servers): # We already swapped the DS in the previous step, so disable ds-swap. "ds-swap": False, } - isctest.kasp.check_rollover_step(servers["ns3"], CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns3, CONFIG, POLICY, step) -def test_csk_roll2_step5(alg, size, servers): +def test_csk_roll2_step5(alg, size, ns3): step = { "zone": "step5.csk-roll2.autosign", "cdss": CDSS, @@ -180,10 +180,10 @@ def test_csk_roll2_step5(alg, size, servers): # This is the DNSKEY TTL plus zone propagation delay. "nextev": KEYTTLPROP, } - isctest.kasp.check_rollover_step(servers["ns3"], CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns3, CONFIG, POLICY, step) -def test_csk_roll2_step6(alg, size, servers): +def test_csk_roll2_step6(alg, size, ns3): step = { "zone": "step6.csk-roll2.autosign", "cdss": CDSS, @@ -199,10 +199,10 @@ def test_csk_roll2_step6(alg, size, servers): # This is the Lcsk, minus time passed since the key was published. "nextev": CSK_LIFETIME - IRET - IPUB - KEYTTLPROP, } - isctest.kasp.check_rollover_step(servers["ns3"], CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns3, CONFIG, POLICY, step) -def test_csk_roll2_step7(alg, size, servers): +def test_csk_roll2_step7(alg, size, ns3): step = { "zone": "step7.csk-roll2.autosign", "cdss": CDSS, @@ -214,4 +214,4 @@ def test_csk_roll2_step7(alg, size, servers): "keyrelationships": [0, 1], "nextev": None, } - isctest.kasp.check_rollover_step(servers["ns3"], CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns3, CONFIG, POLICY, step) diff --git a/bin/tests/system/rollover-dynamic2inline/tests_rollover_dynamic2inline.py b/bin/tests/system/rollover-dynamic2inline/tests_rollover_dynamic2inline.py index 15f53c4dfb2..39b0a900f4b 100644 --- a/bin/tests/system/rollover-dynamic2inline/tests_rollover_dynamic2inline.py +++ b/bin/tests/system/rollover-dynamic2inline/tests_rollover_dynamic2inline.py @@ -21,7 +21,7 @@ from common import ( ) -def test_dynamic2inline(alg, size, servers, templates): +def test_dynamic2inline(alg, size, ns6, templates): config = DEFAULT_CONFIG policy = "default" @@ -34,9 +34,9 @@ def test_dynamic2inline(alg, size, servers, templates): "nextev": None, } - isctest.kasp.check_rollover_step(servers["ns6"], config, policy, step) + isctest.kasp.check_rollover_step(ns6, config, policy, step) templates.render("ns6/named.conf", {"change_lifetime": True}) - servers["ns6"].reconfigure() + ns6.reconfigure() - isctest.kasp.check_rollover_step(servers["ns6"], config, policy, step) + isctest.kasp.check_rollover_step(ns6, config, policy, step) diff --git a/bin/tests/system/rollover-enable-dnssec/tests_rollover_enable_dnssec.py b/bin/tests/system/rollover-enable-dnssec/tests_rollover_enable_dnssec.py index a41f699af8b..c879f5061c2 100644 --- a/bin/tests/system/rollover-enable-dnssec/tests_rollover_enable_dnssec.py +++ b/bin/tests/system/rollover-enable-dnssec/tests_rollover_enable_dnssec.py @@ -44,7 +44,7 @@ OFFSETS["step3"] = -int(IRETZSK.total_seconds()) OFFSETS["step4"] = -int(IPUBC.total_seconds() + IRETKSK.total_seconds()) -def test_rollover_enable_dnssec_step1(alg, size, servers): +def test_rollover_enable_dnssec_step1(alg, size, ns3): step = { "zone": "step1.enable-dnssec.autosign", "cdss": CDSS, @@ -55,10 +55,10 @@ def test_rollover_enable_dnssec_step1(alg, size, servers): # after the publication interval. "nextev": IPUB, } - isctest.kasp.check_rollover_step(servers["ns3"], CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns3, CONFIG, POLICY, step) -def test_rollover_enable_dnssec_step2(alg, size, servers): +def test_rollover_enable_dnssec_step2(alg, size, ns3): step = { "zone": "step2.enable-dnssec.autosign", "cdss": CDSS, @@ -73,10 +73,10 @@ def test_rollover_enable_dnssec_step2(alg, size, servers): # Minus the time already elapsed. "nextev": IRETZSK - IPUB, } - isctest.kasp.check_rollover_step(servers["ns3"], CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns3, CONFIG, POLICY, step) -def test_rollover_enable_dnssec_step3(alg, size, servers): +def test_rollover_enable_dnssec_step3(alg, size, ns3): step = { "zone": "step3.enable-dnssec.autosign", "cdss": CDSS, @@ -90,10 +90,10 @@ def test_rollover_enable_dnssec_step3(alg, size, servers): # This is after the retire interval. "nextev": IRETKSK, } - isctest.kasp.check_rollover_step(servers["ns3"], CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns3, CONFIG, POLICY, step) -def test_rollover_enable_dnssec_step4(alg, size, servers): +def test_rollover_enable_dnssec_step4(alg, size, ns3): step = { "zone": "step4.enable-dnssec.autosign", "cdss": CDSS, @@ -106,4 +106,4 @@ def test_rollover_enable_dnssec_step4(alg, size, servers): # established. So we fall back to the default loadkeys interval. "nextev": TIMEDELTA["PT1H"], } - isctest.kasp.check_rollover_step(servers["ns3"], CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns3, CONFIG, POLICY, step) diff --git a/bin/tests/system/rollover-going-insecure/tests_rollover_going_insecure_initial.py b/bin/tests/system/rollover-going-insecure/tests_rollover_going_insecure_initial.py index 60119582095..112e2cc31f6 100644 --- a/bin/tests/system/rollover-going-insecure/tests_rollover_going_insecure_initial.py +++ b/bin/tests/system/rollover-going-insecure/tests_rollover_going_insecure_initial.py @@ -31,7 +31,7 @@ from common import ( "going-insecure-dynamic.kasp", ], ) -def test_going_insecure_initial(zone, servers, alg, size): +def test_going_insecure_initial(zone, ns6, alg, size): config = UNSIGNING_CONFIG policy = "unsigning" step = { @@ -43,4 +43,4 @@ def test_going_insecure_initial(zone, servers, alg, size): ], "nextev": None, } - isctest.kasp.check_rollover_step(servers["ns6"], config, policy, step) + isctest.kasp.check_rollover_step(ns6, config, policy, step) diff --git a/bin/tests/system/rollover-going-insecure/tests_rollover_going_insecure_reconfig.py b/bin/tests/system/rollover-going-insecure/tests_rollover_going_insecure_reconfig.py index a783f4fb174..60a0b54c902 100644 --- a/bin/tests/system/rollover-going-insecure/tests_rollover_going_insecure_reconfig.py +++ b/bin/tests/system/rollover-going-insecure/tests_rollover_going_insecure_reconfig.py @@ -26,9 +26,9 @@ from common import ( @pytest.fixture(scope="module", autouse=True) -def reconfigure_policy(servers, templates): +def reconfigure_policy(ns6, templates): templates.render("ns6/named.conf", {"policy": "insecure"}) - servers["ns6"].reconfigure() + ns6.reconfigure() @pytest.mark.parametrize( @@ -38,7 +38,7 @@ def reconfigure_policy(servers, templates): "going-insecure-dynamic.kasp", ], ) -def test_going_insecure_reconfig_step1(zone, alg, size, servers): +def test_going_insecure_reconfig_step1(zone, alg, size, ns6): config = DEFAULT_CONFIG policy = "insecure" @@ -58,7 +58,7 @@ def test_going_insecure_reconfig_step1(zone, alg, size, servers): "cds-delete": True, "check-keytimes": False, } - isctest.kasp.check_rollover_step(servers["ns6"], config, policy, step) + isctest.kasp.check_rollover_step(ns6, config, policy, step) @pytest.mark.parametrize( @@ -68,7 +68,7 @@ def test_going_insecure_reconfig_step1(zone, alg, size, servers): "going-insecure-dynamic.kasp", ], ) -def test_going_insecure_reconfig_step2(zone, alg, size, servers): +def test_going_insecure_reconfig_step2(zone, alg, size, ns6): config = DEFAULT_CONFIG policy = "insecure" @@ -90,4 +90,4 @@ def test_going_insecure_reconfig_step2(zone, alg, size, servers): "zone-signed": False, "check-keytimes": False, } - isctest.kasp.check_rollover_step(servers["ns6"], config, policy, step) + isctest.kasp.check_rollover_step(ns6, config, policy, step) diff --git a/bin/tests/system/rollover-ksk-3crowd/tests_rollover_three_is_a_crowd.py b/bin/tests/system/rollover-ksk-3crowd/tests_rollover_three_is_a_crowd.py index f30c2061d2f..c43d318aaa0 100644 --- a/bin/tests/system/rollover-ksk-3crowd/tests_rollover_three_is_a_crowd.py +++ b/bin/tests/system/rollover-ksk-3crowd/tests_rollover_three_is_a_crowd.py @@ -33,9 +33,8 @@ OFFSET2 = -int(timedelta(hours=27).total_seconds()) TTL = int(KSK_CONFIG["dnskey-ttl"].total_seconds()) -def test_rollover_ksk_three_is_a_crowd(alg, size, servers): +def test_rollover_ksk_three_is_a_crowd(alg, size, ns3): """Test #2375: Scheduled rollovers are happening faster than they can finish.""" - server = servers["ns3"] zone = "three-is-a-crowd.kasp" step = { @@ -48,16 +47,16 @@ def test_rollover_ksk_three_is_a_crowd(alg, size, servers): ], "keyrelationships": [0, 1], } - isctest.kasp.check_rollover_step(servers["ns3"], KSK_CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns3, KSK_CONFIG, POLICY, step) # Rollover successor KSK (with DS in rumoured state). expected = isctest.kasp.policy_to_properties(TTL, step["keyprops"]) - keys = isctest.kasp.keydir_to_keylist(zone, server.identifier) + keys = isctest.kasp.keydir_to_keylist(zone, ns3.identifier) isctest.kasp.check_keys(zone, keys, expected) key = expected[1].key now = KeyTimingMetadata.now() - with server.watch_log_from_here() as watcher: - server.rndc(f"dnssec -rollover -key {key.tag} -when {now} {zone}") + with ns3.watch_log_from_here() as watcher: + ns3.rndc(f"dnssec -rollover -key {key.tag} -when {now} {zone}") watcher.wait_for_line(f"keymgr: {zone} done") # We now expect four keys (3x KSK, 1x ZSK). @@ -72,10 +71,10 @@ def test_rollover_ksk_three_is_a_crowd(alg, size, servers): ], "check-keytimes": False, # checked manually with modified values } - isctest.kasp.check_rollover_step(servers["ns3"], KSK_CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns3, KSK_CONFIG, POLICY, step) expected = isctest.kasp.policy_to_properties(TTL, step["keyprops"]) - keys = isctest.kasp.keydir_to_keylist(zone, server.identifier) + keys = isctest.kasp.keydir_to_keylist(zone, ns3.identifier) isctest.kasp.check_keys(zone, keys, expected) expected[0].metadata["Successor"] = expected[1].key.tag diff --git a/bin/tests/system/rollover-ksk-doubleksk/tests_rollover_ksk_doubleksk.py b/bin/tests/system/rollover-ksk-doubleksk/tests_rollover_ksk_doubleksk.py index 4b0652c7f4a..76df1fb7102 100644 --- a/bin/tests/system/rollover-ksk-doubleksk/tests_rollover_ksk_doubleksk.py +++ b/bin/tests/system/rollover-ksk-doubleksk/tests_rollover_ksk_doubleksk.py @@ -45,7 +45,7 @@ OFFSETS["step6-p"] = OFFSETS["step5-p"] - int(KSK_CONFIG["purge-keys"].total_sec OFFSETS["step6-s"] = OFFSETS["step5-s"] - int(KSK_CONFIG["purge-keys"].total_seconds()) -def test_ksk_doubleksk_step1(alg, size, servers): +def test_ksk_doubleksk_step1(alg, size, ns3): step = { # Introduce the first key. This will immediately be active. "zone": "step1.ksk-doubleksk.autosign", @@ -59,10 +59,10 @@ def test_ksk_doubleksk_step1(alg, size, servers): # already passed). "nextev": KSK_LIFETIME - KSK_IPUB - timedelta(days=7), } - isctest.kasp.check_rollover_step(servers["ns3"], KSK_CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns3, KSK_CONFIG, POLICY, step) -def test_ksk_doubleksk_step2(alg, size, servers): +def test_ksk_doubleksk_step2(alg, size, ns3): step = { # Successor KSK is prepublished (and signs DNSKEY RRset). # KSK1 goal: omnipresent -> hidden @@ -80,10 +80,10 @@ def test_ksk_doubleksk_step2(alg, size, servers): # Next key event is when the successor KSK becomes OMNIPRESENT. "nextev": KSK_IPUB, } - isctest.kasp.check_rollover_step(servers["ns3"], KSK_CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns3, KSK_CONFIG, POLICY, step) -def test_ksk_doubleksk_step3(alg, size, servers): +def test_ksk_doubleksk_step3(alg, size, ns3): step = { # The successor DNSKEY RRset has become omnipresent. The # predecessor DS can be withdrawn and the successor DS can be @@ -106,10 +106,10 @@ def test_ksk_doubleksk_step3(alg, size, servers): # successor DS. This is the the retire interval. "nextev": KSK_IRET, } - isctest.kasp.check_rollover_step(servers["ns3"], KSK_CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns3, KSK_CONFIG, POLICY, step) -def test_ksk_doubleksk_step4(alg, size, servers): +def test_ksk_doubleksk_step4(alg, size, ns3): step = { # The predecessor DNSKEY may be removed, the successor DS is # omnipresent. @@ -129,10 +129,10 @@ def test_ksk_doubleksk_step4(alg, size, servers): # This is the DNSKEY TTL plus zone propagation delay. "nextev": KSK_KEYTTLPROP, } - isctest.kasp.check_rollover_step(servers["ns3"], KSK_CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns3, KSK_CONFIG, POLICY, step) -def test_ksk_doubleksk_step5(alg, size, servers): +def test_ksk_doubleksk_step5(alg, size, ns3): step = { # The predecessor DNSKEY is long enough removed from the zone it # has become hidden. @@ -150,10 +150,10 @@ def test_ksk_doubleksk_step5(alg, size, servers): # This is the KSK lifetime minus Ipub minus Iret minus time elapsed. "nextev": KSK_LIFETIME - KSK_IPUB - KSK_IRET - KSK_KEYTTLPROP, } - isctest.kasp.check_rollover_step(servers["ns3"], KSK_CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns3, KSK_CONFIG, POLICY, step) -def test_ksk_doubleksk_step6(alg, size, servers): +def test_ksk_doubleksk_step6(alg, size, ns3): step = { # Predecessor KSK is now purged. "zone": "step6.ksk-doubleksk.autosign", @@ -164,4 +164,4 @@ def test_ksk_doubleksk_step6(alg, size, servers): ], "nextev": None, } - isctest.kasp.check_rollover_step(servers["ns3"], KSK_CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns3, KSK_CONFIG, POLICY, step) diff --git a/bin/tests/system/rollover-lifetime/tests_rollover_lifetime_initial.py b/bin/tests/system/rollover-lifetime/tests_rollover_lifetime_initial.py index 29764dca17d..28010738425 100644 --- a/bin/tests/system/rollover-lifetime/tests_rollover_lifetime_initial.py +++ b/bin/tests/system/rollover-lifetime/tests_rollover_lifetime_initial.py @@ -34,7 +34,7 @@ from common import ( param("unlimit-lifetime", "short-lifetime", "P6M"), ], ) -def test_lifetime_initial(zone, policy, lifetime, alg, size, servers): +def test_lifetime_initial(zone, policy, lifetime, alg, size, ns6): config = DEFAULT_CONFIG step = { @@ -45,4 +45,4 @@ def test_lifetime_initial(zone, policy, lifetime, alg, size, servers): ], "nextev": None, } - isctest.kasp.check_rollover_step(servers["ns6"], config, policy, step) + isctest.kasp.check_rollover_step(ns6, config, policy, step) diff --git a/bin/tests/system/rollover-lifetime/tests_rollover_lifetime_reconfig.py b/bin/tests/system/rollover-lifetime/tests_rollover_lifetime_reconfig.py index 6689721edc9..1765c88590c 100644 --- a/bin/tests/system/rollover-lifetime/tests_rollover_lifetime_reconfig.py +++ b/bin/tests/system/rollover-lifetime/tests_rollover_lifetime_reconfig.py @@ -26,9 +26,9 @@ from common import ( @pytest.fixture(scope="module", autouse=True) -def reconfigure_policy(servers, templates): +def reconfigure_policy(ns6, templates): templates.render("ns6/named.conf", {"change_lifetime": True}) - servers["ns6"].reconfigure() + ns6.reconfigure() @pytest.mark.parametrize( @@ -44,7 +44,7 @@ def reconfigure_policy(servers, templates): param("unlimit-lifetime", "unlimited-lifetime", 0), ], ) -def test_lifetime_reconfig(zone, policy, lifetime, alg, size, servers): +def test_lifetime_reconfig(zone, policy, lifetime, alg, size, ns6): config = DEFAULT_CONFIG step = { @@ -55,4 +55,4 @@ def test_lifetime_reconfig(zone, policy, lifetime, alg, size, servers): ], "nextev": None, } - isctest.kasp.check_rollover_step(servers["ns6"], config, policy, step) + isctest.kasp.check_rollover_step(ns6, config, policy, step) diff --git a/bin/tests/system/rollover-multisigner/tests_rollover_multisigner.py b/bin/tests/system/rollover-multisigner/tests_rollover_multisigner.py index 9c2403ca689..dce4bbc5c0f 100644 --- a/bin/tests/system/rollover-multisigner/tests_rollover_multisigner.py +++ b/bin/tests/system/rollover-multisigner/tests_rollover_multisigner.py @@ -28,8 +28,7 @@ from common import ( ) -def test_rollover_multisigner(servers, alg, size): - server = servers["ns3"] +def test_rollover_multisigner(ns3, alg, size): policy = "multisigner-model2" config = { "dnskey-ttl": timedelta(hours=1), @@ -63,7 +62,7 @@ def test_rollover_multisigner(servers, alg, size): zone = "multisigner-model2.kasp" - isctest.kasp.check_dnssec_verify(server, zone) + isctest.kasp.check_dnssec_verify(ns3, zone) key_properties = [ f"ksk unlimited {alg} {size} goal:omnipresent dnskey:rumoured krrsig:rumoured ds:hidden tag-range:32768-65535", @@ -77,7 +76,7 @@ def test_rollover_multisigner(servers, alg, size): expected2[0].properties["legacy"] = True expected = expected + expected2 - ownkeys = isctest.kasp.keydir_to_keylist(zone, server.identifier) + ownkeys = isctest.kasp.keydir_to_keylist(zone, ns3.identifier) extkeys = isctest.kasp.keydir_to_keylist(zone) keys = ownkeys + extkeys ksks = [k for k in ownkeys if k.is_ksk()] @@ -88,9 +87,9 @@ def test_rollover_multisigner(servers, alg, size): for kp in expected: kp.set_expected_keytimes(config) isctest.kasp.check_keytimes(keys, expected) - isctest.kasp.check_dnssecstatus(server, zone, keys, policy=policy) - isctest.kasp.check_apex(server, zone, ksks, zsks) - isctest.kasp.check_subdomain(server, zone, ksks, zsks) + isctest.kasp.check_dnssecstatus(ns3, zone, keys, policy=policy) + isctest.kasp.check_apex(ns3, zone, ksks, zsks) + isctest.kasp.check_subdomain(ns3, zone, ksks, zsks) # Update zone with ZSK from another provider for zone. out = keygen(zone) @@ -106,15 +105,15 @@ def test_rollover_multisigner(servers, alg, size): update_msg = dns.update.UpdateMessage(zone) update_msg.add(f"{dnskey[0]}", 3600, "DNSKEY", rdata) - server.nsupdate(update_msg) + ns3.nsupdate(update_msg) - isctest.kasp.check_dnssec_verify(server, zone) + isctest.kasp.check_dnssec_verify(ns3, zone) keys = keys + newkeys zsks = zsks + newkeys isctest.kasp.check_keys(zone, keys, expected) - isctest.kasp.check_apex(server, zone, ksks, zsks) - isctest.kasp.check_subdomain(server, zone, ksks, zsks) + isctest.kasp.check_apex(ns3, zone, ksks, zsks) + isctest.kasp.check_subdomain(ns3, zone, ksks, zsks) # Remove ZSKs from the other providers for zone. dnskey2 = extkeys[0].dnskey().split() @@ -122,24 +121,24 @@ def test_rollover_multisigner(servers, alg, size): update_msg = dns.update.UpdateMessage(zone) update_msg.delete(f"{dnskey[0]}", "DNSKEY", rdata) update_msg.delete(f"{dnskey2[0]}", "DNSKEY", rdata2) - server.nsupdate(update_msg) + ns3.nsupdate(update_msg) - isctest.kasp.check_dnssec_verify(server, zone) + isctest.kasp.check_dnssec_verify(ns3, zone) expected = isctest.kasp.policy_to_properties(ttl, key_properties) keys = ownkeys ksks = [k for k in ownkeys if k.is_ksk()] zsks = [k for k in ownkeys if not k.is_ksk()] isctest.kasp.check_keys(zone, keys, expected) - isctest.kasp.check_apex(server, zone, ksks, zsks) - isctest.kasp.check_subdomain(server, zone, ksks, zsks) + isctest.kasp.check_apex(ns3, zone, ksks, zsks) + isctest.kasp.check_subdomain(ns3, zone, ksks, zsks) # A zone transitioning from single-signed to multi-signed. We should have # the old omnipresent keys outside of the desired key range and the new # keys in the desired key range. zone = "single-to-multisigner.kasp" - isctest.kasp.check_dnssec_verify(server, zone) + isctest.kasp.check_dnssec_verify(ns3, zone) key_properties = [ f"ksk unlimited {alg} {size} goal:omnipresent dnskey:rumoured krrsig:rumoured ds:hidden tag-range:32768-65535", @@ -148,7 +147,7 @@ def test_rollover_multisigner(servers, alg, size): f"zsk unlimited {alg} {size} goal:hidden dnskey:omnipresent zrrsig:omnipresent tag-range:0-32767 offset:{offval}", ] expected = isctest.kasp.policy_to_properties(ttl, key_properties) - keys = isctest.kasp.keydir_to_keylist(zone, server.identifier) + keys = isctest.kasp.keydir_to_keylist(zone, ns3.identifier) ksks = [k for k in keys if k.is_ksk()] zsks = [k for k in keys if not k.is_ksk()] @@ -168,6 +167,6 @@ def test_rollover_multisigner(servers, alg, size): ) isctest.kasp.check_keytimes(keys, expected) - isctest.kasp.check_dnssecstatus(server, zone, keys, policy=policy) - isctest.kasp.check_apex(server, zone, ksks, zsks) - isctest.kasp.check_subdomain(server, zone, ksks, zsks) + isctest.kasp.check_dnssecstatus(ns3, zone, keys, policy=policy) + isctest.kasp.check_apex(ns3, zone, ksks, zsks) + isctest.kasp.check_subdomain(ns3, zone, ksks, zsks) diff --git a/bin/tests/system/rollover-straight2none/tests_rollver_straight2none_initial.py b/bin/tests/system/rollover-straight2none/tests_rollver_straight2none_initial.py index 15f1253f9a7..538766bffc1 100644 --- a/bin/tests/system/rollover-straight2none/tests_rollver_straight2none_initial.py +++ b/bin/tests/system/rollover-straight2none/tests_rollver_straight2none_initial.py @@ -31,7 +31,7 @@ from common import ( "going-straight-to-none-dynamic.kasp", ], ) -def test_straight2none_initial(zone, servers, alg, size): +def test_straight2none_initial(zone, ns6, alg, size): config = DEFAULT_CONFIG policy = "default" @@ -43,4 +43,4 @@ def test_straight2none_initial(zone, servers, alg, size): ], "nextev": None, } - isctest.kasp.check_rollover_step(servers["ns6"], config, policy, step) + isctest.kasp.check_rollover_step(ns6, config, policy, step) diff --git a/bin/tests/system/rollover-straight2none/tests_rollver_straight2none_reconfig.py b/bin/tests/system/rollover-straight2none/tests_rollver_straight2none_reconfig.py index 58663f5e374..81dd240f2c4 100644 --- a/bin/tests/system/rollover-straight2none/tests_rollver_straight2none_reconfig.py +++ b/bin/tests/system/rollover-straight2none/tests_rollver_straight2none_reconfig.py @@ -25,9 +25,9 @@ from common import ( @pytest.fixture(scope="module", autouse=True) -def reconfigure_policy(servers, templates): +def reconfigure_policy(ns6, templates): templates.render("ns6/named.conf", {"policy": "none"}) - servers["ns6"].reconfigure() + ns6.reconfigure() @pytest.mark.parametrize( @@ -37,7 +37,7 @@ def reconfigure_policy(servers, templates): "going-straight-to-none-dynamic.kasp", ], ) -def test_straight2none_reconfig(zone, servers, alg, size): +def test_straight2none_reconfig(zone, ns6, alg, size): config = DEFAULT_CONFIG policy = None @@ -51,4 +51,4 @@ def test_straight2none_reconfig(zone, servers, alg, size): ], "nextev": None, } - isctest.kasp.check_rollover_step(servers["ns6"], config, policy, step) + isctest.kasp.check_rollover_step(ns6, config, policy, step) diff --git a/bin/tests/system/rollover-zsk-prepub/tests_rollover_zsk_prepublication.py b/bin/tests/system/rollover-zsk-prepub/tests_rollover_zsk_prepublication.py index 24cb04fd8be..bd57f4cb9e7 100644 --- a/bin/tests/system/rollover-zsk-prepub/tests_rollover_zsk_prepublication.py +++ b/bin/tests/system/rollover-zsk-prepub/tests_rollover_zsk_prepublication.py @@ -54,7 +54,7 @@ OFFSETS["step6-p"] = OFFSETS["step5-p"] - int(CONFIG["purge-keys"].total_seconds OFFSETS["step6-s"] = OFFSETS["step5-s"] - int(CONFIG["purge-keys"].total_seconds()) -def test_zsk_prepub_step1(alg, size, servers): +def test_zsk_prepub_step1(alg, size, ns3): step = { # Introduce the first key. This will immediately be active. "zone": "step1.zsk-prepub.autosign", @@ -67,10 +67,10 @@ def test_zsk_prepub_step1(alg, size, servers): # already passed). "nextev": ZSK_LIFETIME - IPUB - timedelta(days=7), } - isctest.kasp.check_rollover_step(servers["ns3"], CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns3, CONFIG, POLICY, step) -def test_zsk_prepub_step2(alg, size, servers): +def test_zsk_prepub_step2(alg, size, ns3): step = { # it is time to pre-publish the successor zsk. # zsk1 goal: omnipresent -> hidden @@ -87,10 +87,10 @@ def test_zsk_prepub_step2(alg, size, servers): # that is the dnskey ttl plus the zone propagation delay "nextev": IPUB, } - isctest.kasp.check_rollover_step(servers["ns3"], CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns3, CONFIG, POLICY, step) -def test_zsk_prepub_step3(alg, size, servers): +def test_zsk_prepub_step3(alg, size, ns3): step = { # predecessor zsk is no longer actively signing. successor zsk is # now actively signing. @@ -112,10 +112,10 @@ def test_zsk_prepub_step3(alg, size, servers): # from the predecessor zsk. "smooth": True, } - isctest.kasp.check_rollover_step(servers["ns3"], CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns3, CONFIG, POLICY, step) -def test_zsk_prepub_step4(alg, size, servers): +def test_zsk_prepub_step4(alg, size, ns3): step = { # predecessor zsk is no longer needed. all rrsets are signed with # the successor zsk. @@ -133,10 +133,10 @@ def test_zsk_prepub_step4(alg, size, servers): # this is the dnskey ttl plus zone propagation delay. "nextev": KEYTTLPROP, } - isctest.kasp.check_rollover_step(servers["ns3"], CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns3, CONFIG, POLICY, step) -def test_zsk_prepub_step5(alg, size, servers): +def test_zsk_prepub_step5(alg, size, ns3): step = { # predecessor zsk is now removed. # zsk1 dnskey: unretentive -> hidden @@ -152,10 +152,10 @@ def test_zsk_prepub_step5(alg, size, servers): # elapsed. "nextev": ZSK_LIFETIME - IRET - IPUB - KEYTTLPROP, } - isctest.kasp.check_rollover_step(servers["ns3"], CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns3, CONFIG, POLICY, step) -def test_zsk_prepub_step6(alg, size, servers): +def test_zsk_prepub_step6(alg, size, ns3): step = { # predecessor zsk is now purged. "zone": "step6.zsk-prepub.autosign", @@ -165,4 +165,4 @@ def test_zsk_prepub_step6(alg, size, servers): ], "nextev": None, } - isctest.kasp.check_rollover_step(servers["ns3"], CONFIG, POLICY, step) + isctest.kasp.check_rollover_step(ns3, CONFIG, POLICY, step) diff --git a/bin/tests/system/rollover/tests_rollover_manual.py b/bin/tests/system/rollover/tests_rollover_manual.py index 78723dfa16f..41698e62252 100644 --- a/bin/tests/system/rollover/tests_rollover_manual.py +++ b/bin/tests/system/rollover/tests_rollover_manual.py @@ -18,8 +18,7 @@ from isctest.kasp import KeyTimingMetadata, Ipub, Iret from common import pytestmark # pylint: disable=unused-import -def test_rollover_manual(servers): - server = servers["ns3"] +def test_rollover_manual(ns3): policy = "manual-rollover" config = { "dnskey-ttl": timedelta(hours=1), @@ -37,17 +36,17 @@ def test_rollover_manual(servers): size = os.environ["DEFAULT_BITS"] zone = "manual-rollover.kasp" - with server.watch_log_from_start() as watcher: + with ns3.watch_log_from_start() as watcher: watcher.wait_for_line(f"keymgr: {zone} done") - isctest.kasp.check_dnssec_verify(server, zone) + isctest.kasp.check_dnssec_verify(ns3, zone) key_properties = [ f"ksk unlimited {alg} {size} goal:omnipresent dnskey:omnipresent krrsig:omnipresent ds:omnipresent", f"zsk unlimited {alg} {size} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent", ] expected = isctest.kasp.policy_to_properties(ttl, key_properties) - keys = isctest.kasp.keydir_to_keylist(zone, server.identifier) + keys = isctest.kasp.keydir_to_keylist(zone, ns3.identifier) ksks = [k for k in keys if k.is_ksk()] zsks = [k for k in keys if not k.is_ksk()] @@ -58,9 +57,9 @@ def test_rollover_manual(servers): kp.set_expected_keytimes(config, offset=offset) isctest.kasp.check_keytimes(keys, expected) - isctest.kasp.check_dnssecstatus(server, zone, keys, policy=policy) - isctest.kasp.check_apex(server, zone, ksks, zsks) - isctest.kasp.check_subdomain(server, zone, ksks, zsks) + isctest.kasp.check_dnssecstatus(ns3, zone, keys, policy=policy) + isctest.kasp.check_apex(ns3, zone, ksks, zsks) + isctest.kasp.check_subdomain(ns3, zone, ksks, zsks) # Schedule KSK rollover in six months. assert len(ksks) == 1 @@ -71,24 +70,24 @@ def test_rollover_manual(servers): config, zsk=False, ksk=True ) - with server.watch_log_from_here() as watcher: - server.rndc(f"dnssec -rollover -key {ksk.tag} -when {startroll} {zone}") + with ns3.watch_log_from_here() as watcher: + ns3.rndc(f"dnssec -rollover -key {ksk.tag} -when {startroll} {zone}") watcher.wait_for_line(f"keymgr: {zone} done") - isctest.kasp.check_dnssec_verify(server, zone) + isctest.kasp.check_dnssec_verify(ns3, zone) isctest.kasp.check_keys(zone, keys, expected) isctest.kasp.check_keytimes(keys, expected) - isctest.kasp.check_dnssecstatus(server, zone, keys, policy=policy) - isctest.kasp.check_apex(server, zone, ksks, zsks) - isctest.kasp.check_subdomain(server, zone, ksks, zsks) + isctest.kasp.check_dnssecstatus(ns3, zone, keys, policy=policy) + isctest.kasp.check_apex(ns3, zone, ksks, zsks) + isctest.kasp.check_subdomain(ns3, zone, ksks, zsks) # Schedule KSK rollover now. now = KeyTimingMetadata.now() - with server.watch_log_from_here() as watcher: - server.rndc(f"dnssec -rollover -key {ksk.tag} -when {now} {zone}") + with ns3.watch_log_from_here() as watcher: + ns3.rndc(f"dnssec -rollover -key {ksk.tag} -when {now} {zone}") watcher.wait_for_line(f"keymgr: {zone} done") - isctest.kasp.check_dnssec_verify(server, zone) + isctest.kasp.check_dnssec_verify(ns3, zone) key_properties = [ f"ksk unlimited {alg} {size} goal:hidden dnskey:omnipresent krrsig:omnipresent ds:omnipresent", @@ -96,7 +95,7 @@ def test_rollover_manual(servers): f"zsk unlimited {alg} {size} goal:omnipresent dnskey:omnipresent zrrsig:omnipresent", ] expected = isctest.kasp.policy_to_properties(ttl, key_properties) - keys = isctest.kasp.keydir_to_keylist(zone, server.identifier) + keys = isctest.kasp.keydir_to_keylist(zone, ns3.identifier) ksks = [k for k in keys if k.is_ksk()] zsks = [k for k in keys if not k.is_ksk()] @@ -118,19 +117,19 @@ def test_rollover_manual(servers): ) isctest.kasp.check_keytimes(keys, expected) - isctest.kasp.check_dnssecstatus(server, zone, keys, policy=policy) - isctest.kasp.check_apex(server, zone, ksks, zsks) - isctest.kasp.check_subdomain(server, zone, ksks, zsks) + isctest.kasp.check_dnssecstatus(ns3, zone, keys, policy=policy) + isctest.kasp.check_apex(ns3, zone, ksks, zsks) + isctest.kasp.check_subdomain(ns3, zone, ksks, zsks) # Schedule ZSK rollover now. assert len(zsks) == 1 zsk = zsks[0] now = KeyTimingMetadata.now() - with server.watch_log_from_here() as watcher: - server.rndc(f"dnssec -rollover -key {zsk.tag} -when {now} {zone}") + with ns3.watch_log_from_here() as watcher: + ns3.rndc(f"dnssec -rollover -key {zsk.tag} -when {now} {zone}") watcher.wait_for_line(f"keymgr: {zone} done") - isctest.kasp.check_dnssec_verify(server, zone) + isctest.kasp.check_dnssec_verify(ns3, zone) key_properties = [ f"ksk unlimited {alg} {size} goal:hidden dnskey:omnipresent krrsig:omnipresent ds:omnipresent", @@ -139,7 +138,7 @@ def test_rollover_manual(servers): f"zsk unlimited {alg} {size} goal:omnipresent dnskey:rumoured zrrsig:hidden", ] expected = isctest.kasp.policy_to_properties(ttl, key_properties) - keys = isctest.kasp.keydir_to_keylist(zone, server.identifier) + keys = isctest.kasp.keydir_to_keylist(zone, ns3.identifier) ksks = [k for k in keys if k.is_ksk()] zsks = [k for k in keys if not k.is_ksk()] @@ -153,5 +152,5 @@ def test_rollover_manual(servers): # Try to schedule a ZSK rollover for an inactive key (should fail). zsk = expected[3].key - response = server.rndc(f"dnssec -rollover -key {zsk.tag} {zone}") + response = ns3.rndc(f"dnssec -rollover -key {zsk.tag} {zone}") assert "key is not actively signing" in response diff --git a/bin/tests/system/spf/tests_spf_zones.py b/bin/tests/system/spf/tests_spf_zones.py index 550704ba51f..bcb08e9e5bf 100644 --- a/bin/tests/system/spf/tests_spf_zones.py +++ b/bin/tests/system/spf/tests_spf_zones.py @@ -13,7 +13,7 @@ import pytest @pytest.mark.requires_zones_loaded("ns1") -def test_spf_log(servers): +def test_spf_log(ns1): for msg in ( "zone spf/IN: 'y.spf' found type SPF record but no SPF TXT record found", "zone warn/IN: 'y.warn' found type SPF record but no SPF TXT record found", @@ -21,7 +21,7 @@ def test_spf_log(servers): "zone warn/IN: loaded serial 0", "zone nowarn/IN: loaded serial 0", ): - servers["ns1"].log.expect(msg) + ns1.log.expect(msg) for msg in ( "zone nowarn/IN: 'y.nowarn' found type SPF record but no SPF TXT record found", @@ -29,4 +29,4 @@ def test_spf_log(servers): "zone warn/IN: 'warn' found type SPF record but no SPF TXT record found", "zone nowarn/IN: 'nowarn' found type SPF record but no SPF TXT record found", ): - servers["ns1"].log.prohibit(msg) + ns1.log.prohibit(msg) diff --git a/bin/tests/system/stub/tests_stub.py b/bin/tests/system/stub/tests_stub.py index a456a911ba9..89df5bdce05 100644 --- a/bin/tests/system/stub/tests_stub.py +++ b/bin/tests/system/stub/tests_stub.py @@ -26,7 +26,7 @@ pytestmark = pytest.mark.extra_artifacts( ) -def test_stub_zones_availability(servers): +def test_stub_zones_availability(ns3): # check that the stub zone has been saved to disk assert os.path.exists("ns3/child.example.st") @@ -65,8 +65,8 @@ def test_stub_zones_availability(servers): stub_zone_lookout_without_recursion() stub_zone_lookout_with_recursion() - servers["ns3"].stop() - servers["ns3"].start(["--noclean", "--restart", "--port", os.environ["PORT"]]) + ns3.stop() + ns3.start(["--noclean", "--restart", "--port", os.environ["PORT"]]) axfr_denied() stub_zone_lookout_without_recursion() diff --git a/bin/tests/system/tsig/tests_tsig_hypothesis.py b/bin/tests/system/tsig/tests_tsig_hypothesis.py index 39dcc8914f9..06ff5452a02 100644 --- a/bin/tests/system/tsig/tests_tsig_hypothesis.py +++ b/bin/tests/system/tsig/tests_tsig_hypothesis.py @@ -101,11 +101,10 @@ def test_tsig_fuzz_rdata( error, mangle_orig_id, other, - servers, + ns1, named_port, ): alg, mac = alg_and_mac - ns1 = servers["ns1"] msg = dns.message.make_query("example.com.", "AXFR") msg.keyring = False # don't validate received TSIG diff --git a/bin/tests/system/xferquota/tests_xferquota.py b/bin/tests/system/xferquota/tests_xferquota.py index c31700e4a26..d64ed588689 100644 --- a/bin/tests/system/xferquota/tests_xferquota.py +++ b/bin/tests/system/xferquota/tests_xferquota.py @@ -33,14 +33,14 @@ pytestmark = pytest.mark.extra_artifacts( ) -def test_xferquota(named_port, servers): +def test_xferquota(named_port, ns1, ns2): # Changing test zone ensuring that the time stamp changes time.sleep(1) shutil.copyfile("ns1/changing2.db", "ns1/changing.db") with open("ns1/named.pid", "r", encoding="utf-8") as pidfile: pid = int(pidfile.read()) os.kill(pid, signal.SIGHUP) - with servers["ns1"].watch_log_from_start() as watcher: + with ns1.watch_log_from_start() as watcher: watcher.wait_for_line("received SIGHUP signal to reload zones") def check_line_count(): @@ -75,6 +75,6 @@ def test_xferquota(named_port, servers): f"transfer of 'changing/IN' from 10.53.0.1#{named_port}: " f"Transfer completed: .*\\(serial 2\\)" ) - with servers["ns2"].watch_log_from_start(timeout=30) as watcher: + with ns2.watch_log_from_start(timeout=30) as watcher: watcher.wait_for_line(pattern) query_and_compare(a_msg)