Test ACL from template

Add an acl system test case where the ACL comes from a template. It
should override the ACL from the options.

diff --git a/bin/tests/system/acl/ns3/named.conf.j2 b/bin/tests/system/acl/ns3/named.conf.j2
index 763949c84f85f164d7dc17722de31a16ba57a4e4..c05a0d7953a46f8985df1817e1bd029092a93272 100644 (file)
--- a/bin/tests/system/acl/ns3/named.conf.j2
+++ b/bin/tests/system/acl/ns3/named.conf.j2
@@ -21,3 +21,8 @@ key rndc_key {
        secret "1234abcd8765";
        algorithm @DEFAULT_HMAC@;
 };
+
+template "allow-xfr" {
+       type primary;
+       allow-transfer { any; };
+};

diff --git a/bin/tests/system/acl/ns3/example.db b/bin/tests/system/acl/ns3/template.db
similarity index 100%
rename from bin/tests/system/acl/ns3/example.db
rename to bin/tests/system/acl/ns3/template.db

diff --git a/bin/tests/system/acl/tests.sh b/bin/tests/system/acl/tests.sh
index 50ff78a0aa722f8f64ff3bb2d49e678f6b061c91..e8adeccf2cde83c12455c3720983326f6d187b22 100644 (file)
--- a/bin/tests/system/acl/tests.sh
+++ b/bin/tests/system/acl/tests.sh
@@ -226,7 +226,8 @@ status=$((status + ret))
 echo_i "testing allow-transfer ACLs against ns3 (no existing zones)"
 
 echo_i "calling addzone example.com on ns3"
-$RNDCCMD 10.53.0.3 addzone 'example.com {type primary; file "example.db"; }; '
+cp ns3/template.db ns3/example.com.db
+$RNDCCMD 10.53.0.3 addzone 'example.com {type primary; file "example.com.db"; }; '
 sleep 1
 
 t=$((t + 1))
@@ -237,6 +238,32 @@ grep "Transfer failed." dig.out.${t} >/dev/null 2>&1 || ret=1
 [ $ret -eq 0 ] || echo_i "failed"
 status=$((status + ret))
 
+echo_i "calling addzone allow.example on ns3"
+cp ns3/template.db ns3/allow.example.db
+$RNDCCMD 10.53.0.3 addzone 'allow.example {type primary; file "allow.example.db"; allow-transfer { any; }; }; '
+sleep 1
+
+t=$((t + 1))
+ret=0
+echo_i "checking AXFR of allow.example from ns3 with ACL allow-transfer { any; }; (${t})"
+$DIG -p ${PORT} @10.53.0.3 allow.example axfr >dig.out.${t} 2>&1
+grep "Transfer failed." dig.out.${t} >/dev/null 2>&1 && ret=1
+[ $ret -eq 0 ] || echo_i "failed"
+status=$((status + ret))
+
+echo_i "calling addzone template.example on ns3"
+cp ns3/template.db ns3/template.example.db
+$RNDCCMD 10.53.0.3 addzone 'template.example {file "template.example.db"; template "allow-xfr"; }; '
+sleep 1
+
+t=$((t + 1))
+ret=0
+echo_i "checking AXFR of template.example from ns3 with ACL allow-transfer from template (${t})"
+$DIG -p ${PORT} @10.53.0.3 template.example axfr >dig.out.${t} 2>&1
+grep "Transfer failed." dig.out.${t} >/dev/null 2>&1 && ret=1
+[ $ret -eq 0 ] || echo_i "failed"
+status=$((status + ret))
+
 echo_i "calling rndc reconfig"
 rndc_reconfig ns3 10.53.0.3
 

diff --git a/bin/tests/system/acl/tests_sh_acl.py b/bin/tests/system/acl/tests_sh_acl.py
index 9a6bc91e39275eb225db9cd306c43663b6c87fee..fc8ff379e9753697348594a29ae7d2654770d831 100644 (file)
--- a/bin/tests/system/acl/tests_sh_acl.py
+++ b/bin/tests/system/acl/tests_sh_acl.py
@@ -18,6 +18,9 @@ pytestmark = pytest.mark.extra_artifacts(
         "ns*/_default.nzf*",
         "ns2/example.db",
         "ns2/tsigzone.db",
+        "ns3/example.com.db",
+        "ns3/allow.example.db",
+        "ns3/template.example.db",
     ]
 )