Wait until zones are signed before reconfig

author Matthijs Mekking <matthijs@isc.org>

Fri, 21 Nov 2025 08:47:08 +0000 (09:47 +0100)

committer Matthijs Mekking (GitLab job 6509612) <matthijs@isc.org>

Fri, 21 Nov 2025 14:17:43 +0000 (14:17 +0000)
author Matthijs Mekking <matthijs@isc.org>
Fri, 21 Nov 2025 08:47:08 +0000 (09:47 +0100)
committer Matthijs Mekking (GitLab job 6509612) <matthijs@isc.org>
Fri, 21 Nov 2025 14:17:43 +0000 (14:17 +0000)
diff --git a/bin/tests/system/nsec3/tests_nsec3_reconfig.py b/bin/tests/system/nsec3/tests_nsec3_reconfig.py

index 666ba320b4f75371f7289a47db7d236c42bd5fad..47cd77ecf2fe1a26c86d5aa1426591bb8ae90027 100644 (file)
--- a/bin/tests/system/nsec3/tests_nsec3_reconfig.py
+++ b/bin/tests/system/nsec3/tests_nsec3_reconfig.py
@@ -65,6 +65,13 @@ def bootstrap():
  
  @pytest.fixture(scope="module", autouse=True)
  def after_servers_start(ns3, templates):
+    # First make sure all zones are properly signed. Here we specifically need
+    # to wait until all zones have finished key management before we can
+    # reconfigure the server, because changing the DNSSEC policy relies on
+    # zones having finished applying their initial policy.
+    for zone in ZONES:
+        isctest.kasp.wait_keymgr_done(ns3, zone)
+
      # Ensure rsasha1-to-nsec3-wait.kasp is fully signed prior to reconfig.
      with_rsasha1 = "RSASHA1_SUPPORTED"
      assert with_rsasha1 in os.environ, f"{with_rsasha1} env variable undefined"
author	Matthijs Mekking <matthijs@isc.org>
	Fri, 21 Nov 2025 08:47:08 +0000 (09:47 +0100)
committer	Matthijs Mekking (GitLab job 6509612) <matthijs@isc.org>
	Fri, 21 Nov 2025 14:17:43 +0000 (14:17 +0000)