Fix view-related issues in the "keymgr2kasp" test

Due to the lack of "match-clients" clauses in ns4/named2.conf.in, the
same view is incorrectly chosen for all queries received by ns4 in the
"keymgr2kasp" system test.  This causes only one version of the
"view-rsasha256.kasp" zone to actually be checked.  Add "match-clients"
clauses to ns4/named2.conf.in to ensure the test really checks what it
claims to.

Use identical view names ("ext", "int") in ns4/named.conf.in and
ns4/named2.conf.in so that it is easier to quickly identify the
differences between these two files.

Update tests.sh to account for the above changes.  Also fix a copy-paste
error in a comment to prevent confusion.

(cherry picked from commit 0de5a576c5ceb1c9494cc14d0d8de153cd5ccd55)

diff --git a/bin/tests/system/keymgr2kasp/ns4/named.conf.in b/bin/tests/system/keymgr2kasp/ns4/named.conf.in
index c2751a321b244013df717aa3e6e1cb391519f241..a74f3851cc12eaf043ff9173f1487ffdcf44607b 100644 (file)
--- a/bin/tests/system/keymgr2kasp/ns4/named.conf.in
+++ b/bin/tests/system/keymgr2kasp/ns4/named.conf.in
@@ -34,13 +34,13 @@ controls {
 };
 
 key "external" {
-        algorithm "hmac-sha1";
-        secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
+       algorithm "hmac-sha1";
+       secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
 };
 
 key "internal" {
-        algorithm "hmac-sha1";
-        secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
+       algorithm "hmac-sha1";
+       secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
 };
 
 view "ext" {

diff --git a/bin/tests/system/keymgr2kasp/ns4/named2.conf.in b/bin/tests/system/keymgr2kasp/ns4/named2.conf.in
index c7e7cad2a9542abd2fd9df00e57f2650a40bfdca..d9a23f865715778089d06c884ab770dc3cc6fe6c 100644 (file)
--- a/bin/tests/system/keymgr2kasp/ns4/named2.conf.in
+++ b/bin/tests/system/keymgr2kasp/ns4/named2.conf.in
@@ -33,16 +33,6 @@ controls {
        inet 10.53.0.4 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
 };
 
-key "external" {
-       algorithm "hmac-sha1";
-       secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
-};
-
-key "internal" {
-       algorithm "hmac-sha1";
-       secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
-};
-
 dnssec-policy "rsasha256" {
        keys {
                zsk key-directory lifetime P3M algorithm 8 1024;
@@ -64,7 +54,19 @@ dnssec-policy "rsasha256" {
        parent-propagation-delay 3h;
 };
 
-view "external-view" {
+key "external" {
+       algorithm "hmac-sha1";
+       secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
+};
+
+key "internal" {
+       algorithm "hmac-sha1";
+       secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
+};
+
+view "ext" {
+        match-clients { key "external"; };
+
        zone "view-rsasha256.kasp" {
                type master;
                file "view-rsasha256.kasp.ext.db";
@@ -72,7 +74,9 @@ view "external-view" {
        };
 };
 
-view "internal-view" {
+view "int" {
+        match-clients { key "internal"; };
+
        zone "view-rsasha256.kasp" {
                type master;
                file "view-rsasha256.kasp.int.db";

diff --git a/bin/tests/system/keymgr2kasp/tests.sh b/bin/tests/system/keymgr2kasp/tests.sh
index cd4812da4b07c2ef08487a9acb17ae299ff7a453..342b000bdf61de505c499eacef5c62f2d10f512e 100644 (file)
--- a/bin/tests/system/keymgr2kasp/tests.sh
+++ b/bin/tests/system/keymgr2kasp/tests.sh
@@ -866,7 +866,7 @@ set_keystate     "KEY3" "STATE_ZRRSIG" "hidden"
 TSIG="hmac-sha1:external:$VIEW1"
 check_keys
 wait_for_done_signing
-check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" "external-view"
+check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" "ext"
 set_keytimes_view_migration
 
 # Set expected key times:
@@ -923,11 +923,11 @@ check_keytimes
 check_apex
 dnssec_verify
 
-# Various signing policy checks (external).
+# Various signing policy checks (internal).
 TSIG="hmac-sha1:internal:$VIEW2"
 check_keys
 wait_for_done_signing
-check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" "internal-view"
+check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" "int"
 set_keytimes_view_migration
 check_keytimes
 check_apex