convert TAT tests to python

the trust-anchor-telemetry tests have been moved to a new
python subtest, dnssec/tests_tat.py.

diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh
index 6bfd910da738a2432c921c858d2dd9192bab47e7..dc5f77bb742ed7b04d1607a6dd49b3a45c5a006c 100644 (file)
--- a/bin/tests/system/dnssec/tests.sh
+++ b/bin/tests/system/dnssec/tests.sh
@@ -2510,54 +2510,6 @@ n=$((n + 1))
 test "$ret" -eq 0 || echo_i "failed"
 status=$((status + ret))
 
-echo_i "check that trust-anchor-telemetry queries are logged ($n)"
-ret=0
-grep "sending trust-anchor-telemetry query '_ta-[0-9a-f]*/NULL" ns6/named.run >/dev/null || ret=1
-n=$((n + 1))
-test "$ret" -eq 0 || echo_i "failed"
-status=$((status + ret))
-
-echo_i "check that _ta-XXXX trust-anchor-telemetry queries are logged ($n)"
-ret=0
-grep "trust-anchor-telemetry '_ta-[0-9a-f]*/IN' from" ns1/named.run >/dev/null || ret=1
-n=$((n + 1))
-test "$ret" -eq 0 || echo_i "failed"
-status=$((status + ret))
-
-echo_i "check that _ta-AAAA trust-anchor-telemetry are not sent when disabled ($n)"
-ret=0
-grep "sending trust-anchor-telemetry query '_ta-[0-9a-f]*/IN" ns1/named.run >/dev/null && ret=1
-n=$((n + 1))
-test "$ret" -eq 0 || echo_i "failed"
-status=$((status + ret))
-
-echo_i "check that KEY-TAG trust-anchor-telemetry queries are logged ($n)"
-ret=0
-dig_with_opts . dnskey +ednsopt=KEY-TAG:ffff @10.53.0.1 >dig.out.ns1.test$n || ret=1
-grep "trust-anchor-telemetry './IN' from .* 65535" ns1/named.run >/dev/null || ret=1
-n=$((n + 1))
-test "$ret" -eq 0 || echo_i "failed"
-status=$((status + ret))
-
-echo_i "check that multiple KEY-TAG trust-anchor-telemetry options don't leak memory ($n)"
-ret=0
-dig_with_opts . dnskey +ednsopt=KEY-TAG:fffe +ednsopt=KEY-TAG:fffd @10.53.0.1 >dig.out.ns1.test$n || ret=1
-grep "trust-anchor-telemetry './IN' from .* 65534" ns1/named.run >/dev/null || ret=1
-grep "trust-anchor-telemetry './IN' from .* 65533" ns1/named.run >/dev/null && ret=1
-stop_server ns1 || ret=1
-nextpart ns1/named.run >/dev/null
-start_server --noclean --restart --port ${PORT} ns1 || ret=1
-n=$(($n + 1))
-test "$ret" -eq 0 || echo_i "failed"
-status=$((status + ret))
-
-echo_i "waiting for root server to finish reloading ($n)"
-ret=0
-wait_for_log 20 "all zones loaded" ns1/named.run || ret=1
-n=$(($n + 1))
-test "$ret" -eq 0 || echo_i "failed"
-status=$((status + ret))
-
 echo_i "check that the view is logged in messages from the validator when using views ($n)"
 ret=0
 grep "view rec: *validat" ns4/named.run >/dev/null || ret=1

diff --git a/bin/tests/system/dnssec/tests_tat.py b/bin/tests/system/dnssec/tests_tat.py
new file mode 100644 (file)
index 0000000..5f527d0
--- /dev/null
+++ b/bin/tests/system/dnssec/tests_tat.py
@@ -0,0 +1,61 @@
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0.  If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+import os
+import re
+
+from dns import edns
+
+import isctest
+
+
+def test_tat_queries(servers):
+    ns1 = servers["ns1"]
+    ns6 = servers["ns6"]
+
+    # check that trust-anchor-telemetry queries are logged
+    with ns6.watch_log_from_start() as watcher:
+        watcher.wait_for_line("sending trust-anchor-telemetry query '_ta-")
+
+    # check that _ta-XXXX trust-anchor-telemetry queries are logged
+    with ns1.watch_log_from_start() as watcher:
+        watcher.wait_for_line("trust-anchor-telemetry '_ta-")
+
+    # check that _ta-AAAA trust-anchor-telemetry are not sent when disabled
+    ns1.log.prohibit("sending trust-anchor-telemetry query '_ta")
+
+    # check that KEY-TAG (ednsopt 14) trust-anchor-telemetry queries are
+    # logged. this matches "dig . dnskey +ednsopt=KEY-TAG:ffff":
+    msg = isctest.query.create(".", "DNSKEY")
+    opt = edns.GenericOption(14, b"\xff\xff")
+    msg.use_edns(edns=True, options=[opt])
+    pattern = re.compile("trust-anchor-telemetry './IN' from .* 65535")
+    with ns1.watch_log_from_here() as watcher:
+        res = isctest.query.tcp(msg, "10.53.0.1")
+        watcher.wait_for_line(pattern)
+
+    # check that multiple KEY-TAG trust-anchor-telemetry options don't
+    # leak memory, by stopping and restarting the server (a memory leak
+    # would trigger a core dump).
+    msg = isctest.query.create(".", "DNSKEY")
+    opt1 = edns.GenericOption(14, b"\xff\xff")
+    opt2 = edns.GenericOption(14, b"\xff\xfe")
+    msg.use_edns(edns=True, options=[opt2, opt1])
+    pattern = re.compile("trust-anchor-telemetry './IN' from .* 65534")
+    with ns1.watch_log_from_here() as watcher:
+        res = isctest.query.tcp(msg, "10.53.0.1")
+        isctest.check.noerror(res)
+        watcher.wait_for_line(pattern)
+
+    ns1.stop()
+    with ns1.watch_log_from_here() as watcher:
+        ns1.start(["--noclean", "--restart", "--port", os.environ["PORT"]])
+        watcher.wait_for_line("all zones loaded")