Rewrite stub system test to pytest

2026-03-06 07:20:40 -05:00 · 2024-07-30 09:12:39 +02:00 · 2024-07-30 09:12:39 +02:00 · 1069eb1969
commit 1069eb1969
parent b19fb37080
6 changed files with 109 additions and 163 deletions
--- a/bin/tests/system/stub/knowngood.dig.out.norec
+++ b/bin/tests/system/stub/knowngood.dig.out.norec
@ -1,21 +0,0 @@
-
-; <<>> DiG 8.2 <<>> -p @10.53.0.3 +norec data.child.example txt
-; (1 server found)
-;; res options: init defnam dnsrch
-;; got answer:
-;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 216
-;; flags: qr ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
-;; QUERY SECTION:
-;;	data.child.example, type = TXT, class = IN
-
-;; AUTHORITY SECTION:
-child.example.		5M IN NS	ns2.child.example.
-
-;; ADDITIONAL SECTION:
-ns2.child.example.	5M IN A		10.53.0.2
-
-;; Total query time: 3 msec
-;; FROM: draco to SERVER: 10.53.0.3
-;; WHEN: Wed Jun 21 10:58:37 2000
-;; MSG SIZE  sent: 36  rcvd: 70
-
--- a/bin/tests/system/stub/knowngood.dig.out.rec
+++ b/bin/tests/system/stub/knowngood.dig.out.rec
@ -1,18 +0,0 @@
-
-; <<>> DiG 8.2 <<>> -p @10.53.0.3 data.child.example txt
-; (1 server found)
-;; res options: init recurs defnam dnsrch
-;; got answer:
-;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
-;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
-;; QUERY SECTION:
-;;	data.child.example, type = TXT, class = IN
-
-;; ANSWER SECTION:
-data.child.example.	5M IN TXT	"some" "test" "data"
-
-;; Total query time: 8 msec
-;; FROM: draco to SERVER: 10.53.0.3
-;; WHEN: Wed Jun 21 10:58:54 2000
-;; MSG SIZE  sent: 36  rcvd: 97
-
--- a/bin/tests/system/stub/ns3/named.conf.in
+++ b/bin/tests/system/stub/ns3/named.conf.in
@ -25,6 +25,15 @@ options {
 	minimal-responses no;
 };

+key rndc_key {
+	secret "1234abcd8765";
+	algorithm @DEFAULT_HMAC@;
+};
+
+controls {
+	inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
 zone "." {
 	type hint;
 	file "../../_common/root.hint";
--- a/bin/tests/system/stub/tests.sh
+++ b/bin/tests/system/stub/tests.sh
@ -1,100 +0,0 @@
-#!/bin/sh
-
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-#
-# SPDX-License-Identifier: MPL-2.0
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0.  If a copy of the MPL was not distributed with this
-# file, you can obtain one at https://mozilla.org/MPL/2.0/.
-#
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
-
-set -e
-
-. ../conf.sh
-
-DIGOPTS="+tcp -p ${PORT}"
-
-status=0
-echo_i "check that the stub zone has been saved to disk"
-for i in 1 2 3 4 5 6 7 8 9 20; do
-  [ -f ns3/child.example.st ] && break
-  sleep 1
-done
-[ -f ns3/child.example.st ] || {
-  status=1
-  echo_i "failed"
-}
-
-for pass in 1 2; do
-
-  echo_i "trying an axfr that should be denied (NOTAUTH) (pass=$pass)"
-  ret=0
-  $DIG $DIGOPTS child.example. @10.53.0.3 axfr >dig.out.ns3 || ret=1
-  grep "; Transfer failed." dig.out.ns3 >/dev/null || ret=1
-  [ $ret = 0 ] || {
-    status=1
-    echo_i "failed"
-  }
-
-  echo_i "look for stub zone data without recursion (should not be found) (pass=$pass)"
-  for i in 1 2 3 4 5 6 7 8 9; do
-    ret=0
-    $DIG $DIGOPTS +norec data.child.example. \
-      @10.53.0.3 txt >dig.out.ns3 || ret=1
-    grep "status: NOERROR" dig.out.ns3 >/dev/null || ret=1
-    [ $ret = 0 ] && break
-    sleep 1
-  done
-  digcomp knowngood.dig.out.norec dig.out.ns3 || ret=1
-  [ $ret = 0 ] || {
-    status=1
-    echo_i "failed"
-  }
-
-  echo_i "look for stub zone data with recursion (should be found) (pass=$pass)"
-  ret=0
-  $DIG $DIGOPTS +noauth +noadd data.child.example. @10.53.0.3 txt >dig.out.ns3 || ret=1
-  digcomp knowngood.dig.out.rec dig.out.ns3 || ret=1
-  [ $ret = 0 ] || {
-    status=1
-    echo_i "failed"
-  }
-
-  [ $pass = 1 ] && {
-    echo_i "stopping stub server"
-    stop_server ns3
-
-    echo_i "re-starting stub server"
-    start_server --noclean --restart --port ${PORT} ns3
-  }
-done
-
-echo_i "check that glue record is correctly transferred from primary when minimal-responses is on"
-ret=0
-# First ensure that zone data was transfered.
-for i in 1 2 3 4 5 6 7; do
-  [ -f ns5/example.db ] && break
-  sleep 1
-done
-
-if [ -f ns5/example.db ]; then
-  # If NS glue wasn't transferred,  this query would fail.
-  $DIG $DIGOPTS +nodnssec @10.53.0.5 target.example. txt >dig.out.ns5 || ret=1
-  grep 'target\.example.*TXT.*"test"' dig.out.ns5 >/dev/null || ret=1
-  # Ensure both ipv4 and ipv6 glue records were transferred.
-  grep -E 'ns4.example.[[:space:]]+300 IN A[[:space:]]+10.53.0.4' ns5/example.db >/dev/null || ret=1
-  grep -E 'ns4.example.[[:space:]]+300 IN AAAA[[:space:]]+fd92:7065:b8e:ffff::4' ns5/example.db >/dev/null || ret=1
-  [ $ret = 0 ] || {
-    status=1
-    echo_i "failed"
-  }
-else
-  status=1
-  echo_i "failed: stub zone transfer failed ns4(primary) <---> ns5/example.db"
-fi
-
-echo_i "exit status: $status"
-[ $status -eq 0 ] || exit 1
--- a/bin/tests/system/stub/tests_sh_stub.py
+++ b/bin/tests/system/stub/tests_sh_stub.py
@ -1,24 +0,0 @@
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-#
-# SPDX-License-Identifier: MPL-2.0
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0.  If a copy of the MPL was not distributed with this
-# file, you can obtain one at https://mozilla.org/MPL/2.0/.
-#
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
-
-import pytest
-
-pytestmark = pytest.mark.extra_artifacts(
-    [
-        "dig.out.*",
-        "ns3/child.example.st",
-        "ns5/example.db",
-    ]
-)
-
-
-def test_stub(run_tests_sh):
-    run_tests_sh()
--- a/bin/tests/system/stub/tests_stub.py
+++ b/bin/tests/system/stub/tests_stub.py
@ -0,0 +1,100 @@
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0.  If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+
+import os
+
+import dns.message
+import pytest
+
+import isctest
+
+pytestmark = pytest.mark.extra_artifacts(
+    [
+        "dig.out.*",
+        "ns3/child.example.st",
+        "ns5/example.db",
+    ]
+)
+
+
+def test_stub_zones_availability(servers):
+    # check that the stub zone has been saved to disk
+    assert os.path.exists("ns3/child.example.st")
+
+    # try an AXFR that should be denied (NOTAUTH)
+    def axfr_denied():
+        msg = dns.message.make_query("child.example.", "AXFR")
+        res = isctest.query.tcp(msg, "10.53.0.3")
+        isctest.check.notauth(res)
+
+    # look for stub zone data without recursion (should not be found)
+    def stub_zone_lookout_without_recursion():
+        # drop all flags (dns.flags.RD is set by default)
+        msg = dns.message.make_query("data.child.example.", "TXT")
+        msg.flags = 0
+        res = isctest.query.tcp(msg, "10.53.0.3")
+        isctest.check.noerror(res)
+        assert not res.answer
+        assert res.authority[0] == dns.rrset.from_text(
+            "child.example.", "300", "IN", "NS", "ns2.child.example."
+        )
+        assert res.additional[0] == dns.rrset.from_text(
+            "ns2.child.example.", "300", "IN", "A", "10.53.0.2"
+        )
+
+    # look for stub zone data with recursion (should be found)
+    def stub_zone_lookout_with_recursion():
+        # dns.flags.RD is set by default
+        msg = dns.message.make_query("data.child.example.", "TXT")
+        res = isctest.query.tcp(msg, "10.53.0.3")
+        isctest.check.noerror(res)
+        assert res.answer[0] == dns.rrset.from_text(
+            "data.child.example.", "300", "IN", "TXT", '"some" "test" "data"'
+        )
+
+    axfr_denied()
+    stub_zone_lookout_without_recursion()
+    stub_zone_lookout_with_recursion()
+
+    servers["ns3"].stop()
+    servers["ns3"].start(["--noclean", "--restart", "--port", os.environ["PORT"]])
+
+    axfr_denied()
+    stub_zone_lookout_without_recursion()
+    stub_zone_lookout_with_recursion()
+
+
+# check that glue record is correctly transferred from primary when the "minimal-responses" option is on
+def test_stub_glue_record_with_minimal_response():
+    # ensure zone data were transfered
+    assert os.path.exists("ns5/example.db")
+
+    # this query would fail if NS glue wasn't transferred
+    msg_txt = dns.message.make_query("target.example.", "TXT", want_dnssec=False)
+    res_txt = isctest.query.tcp(msg_txt, "10.53.0.5")
+    isctest.check.noerror(res_txt)
+    assert res_txt.answer[0] == dns.rrset.from_text(
+        "target.example.", "300", "IN", "TXT", '"test"'
+    )
+
+    # ensure both IPv4 and IPv6 glue records were transferred
+    msg_a = dns.message.make_query("ns4.example.", "A")
+    res_a = isctest.query.tcp(msg_a, "10.53.0.5")
+    assert res_a.answer[0] == dns.rrset.from_text(
+        "ns4.example.", "300", "IN", "A", "10.53.0.4"
+    )
+
+    msg_aaaa = dns.message.make_query("ns4.example.", "AAAA")
+    res_aaaa = isctest.query.tcp(msg_aaaa, "10.53.0.5")
+    assert res_aaaa.answer[0] == dns.rrset.from_text(
+        "ns4.example.", "300", "IN", "AAAA", "fd92:7065:b8e:ffff::4"
+    )