IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

test_dnssec: re-add named-pkcs11 workarounds

Browse Source 
DNSSEC tests starrted to fail again, probably due to a bug in
some underlaying component.

This reverts commit 8bc6775122
and makes the xfail test check less strict - it will no longer
mark the test suite red if it passes.

Run DNSSEC tests on PR-CI

Co-authored-by: Felipe Barreto <fbarreto@redhat.com>
Related https://pagure.io/freeipa/issue/5348

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
Tomas Krizek 2017-08-15 10:27:03 +02:00 committed by Christian Heimes
parent 4b3bc490d3
commit 6fb45d2f56
1 changed files with 80 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
ipatests/test_integration/test_dnssec.py
View File

@ -11,6 +11,7 @@ import dns.dnssec
import dns.resolver import dns.resolver
import dns.name import dns.name
import time import time
import pytest
from ipatests.test_integration.base import IntegrationTest from ipatests.test_integration.base import IntegrationTest
from ipatests.pytest_plugins.integration import tasks from ipatests.pytest_plugins.integration import tasks
@ -64,7 +65,6 @@ def wait_until_record_is_signed(nameserver, record, rtype="SOA",
Returns True if record is signed, or False on timeout Returns True if record is signed, or False on timeout
:param nameserver: nameserver to query :param nameserver: nameserver to query
:param record: query :param record: query
:param log: logger
:param rtype: record type :param rtype: record type
:param timeout: :param timeout:
:return: True if records is signed, False if timeout :return: True if records is signed, False if timeout
@ -113,6 +113,7 @@ class TestInstallDNSSECLast(IntegrationTest):
] ]
self.master.run_command(args) self.master.run_command(args)
tasks.restart_named(self.master, self.replicas[0])
# test master # test master
assert wait_until_record_is_signed( assert wait_until_record_is_signed(
self.master.ip, test_zone, timeout=100 self.master.ip, test_zone, timeout=100
@ -133,6 +134,7 @@ class TestInstallDNSSECLast(IntegrationTest):
] ]
self.replicas[0].run_command(args) self.replicas[0].run_command(args)
tasks.restart_named(self.replicas[0])
# test replica # test replica
assert wait_until_record_is_signed( assert wait_until_record_is_signed(
self.replicas[0].ip, test_zone_repl, timeout=300 self.replicas[0].ip, test_zone_repl, timeout=300
@ -179,6 +181,7 @@ class TestInstallDNSSECLast(IntegrationTest):
] ]
self.master.run_command(args) self.master.run_command(args)
tasks.restart_named(self.master)
# test master # test master
assert wait_until_record_is_signed( assert wait_until_record_is_signed(
self.master.ip, test_zone, timeout=100 self.master.ip, test_zone, timeout=100
@ -227,6 +230,8 @@ class TestInstallDNSSECLast(IntegrationTest):
] ]
self.master.run_command(args) self.master.run_command(args)
tasks.restart_named(self.master, self.replicas[0])
# test master # test master
assert wait_until_record_is_signed( assert wait_until_record_is_signed(
self.master.ip, test_zone_repl, timeout=100 self.master.ip, test_zone_repl, timeout=100
@ -242,6 +247,75 @@ class TestInstallDNSSECLast(IntegrationTest):
assert dnskey_old != dnskey_new, "DNSKEY should be different" assert dnskey_old != dnskey_new, "DNSKEY should be different"
class TestZoneSigningWithoutNamedRestart(IntegrationTest):
"""Test if https://pagure.io/freeipa/issue/5348 is already fixed.
"""
num_replicas = 1
topology = 'star'
@classmethod
def install(cls, mh):
tasks.install_master(cls.master, setup_dns=False)
args = [
"ipa-dns-install",
"--dnssec-master",
"--forwarder", cls.master.config.dns_forwarder,
"-U",
]
cls.master.run_command(args)
tasks.install_replica(cls.master, cls.replicas[0], setup_dns=True)
# backup trusted key
tasks.backup_file(cls.master, paths.DNSSEC_TRUSTED_KEY)
tasks.backup_file(cls.replicas[0], paths.DNSSEC_TRUSTED_KEY)
@classmethod
def uninstall(cls, mh):
# restore trusted key
tasks.restore_files(cls.master)
tasks.restore_files(cls.replicas[0])
super(TestZoneSigningWithoutNamedRestart, cls).uninstall(mh)
def test_sign_root_zone_no_named_restart(self):
args = [
"ipa", "dnszone-add", root_zone, "--dnssec", "true",
"--skip-overlap-check",
]
self.master.run_command(args)
# make BIND happy: add the glue record and delegate zone
args = [
"ipa", "dnsrecord-add", root_zone, self.master.hostname,
"--a-rec=" + self.master.ip
]
self.master.run_command(args)
args = [
"ipa", "dnsrecord-add", root_zone, self.replicas[0].hostname,
"--a-rec=" + self.replicas[0].ip
]
self.master.run_command(args)
# sleep a bit until data are provided by bind-dyndb-ldap
time.sleep(10)
args = [
"ipa", "dnsrecord-add", root_zone, self.master.domain.name,
"--ns-rec=" + self.master.hostname
]
self.master.run_command(args)
# test master
assert wait_until_record_is_signed(
self.master.ip, root_zone, timeout=100
), "Zone %s is not signed (master)" % root_zone
# test replica
assert wait_until_record_is_signed(
self.replicas[0].ip, root_zone, timeout=300
), "Zone %s is not signed (replica)" % root_zone
class TestInstallDNSSECFirst(IntegrationTest): class TestInstallDNSSECFirst(IntegrationTest):
"""Simple DNSSEC test """Simple DNSSEC test
@ -300,6 +374,7 @@ class TestInstallDNSSECFirst(IntegrationTest):
"--ns-rec=" + self.master.hostname "--ns-rec=" + self.master.hostname
] ]
self.master.run_command(args) self.master.run_command(args)
tasks.restart_named(self.master, self.replicas[0])
# test master # test master
assert wait_until_record_is_signed( assert wait_until_record_is_signed(
self.master.ip, root_zone, timeout=100 self.master.ip, root_zone, timeout=100
@ -331,6 +406,7 @@ class TestInstallDNSSECFirst(IntegrationTest):
"--ns-rec=" + self.master.hostname "--ns-rec=" + self.master.hostname
] ]
self.master.run_command(args) self.master.run_command(args)
tasks.restart_named(self.master, self.replicas[0])
# wait until zone is signed # wait until zone is signed
assert wait_until_record_is_signed( assert wait_until_record_is_signed(
self.master.ip, example_test_zone, timeout=100 self.master.ip, example_test_zone, timeout=100
@ -468,6 +544,7 @@ class TestMigrateDNSSECMaster(IntegrationTest):
self.master.run_command(args) self.master.run_command(args)
tasks.restart_named(self.master, self.replicas[0])
# wait until zone is signed # wait until zone is signed
assert wait_until_record_is_signed( assert wait_until_record_is_signed(
self.master.ip, example_test_zone, timeout=100 self.master.ip, example_test_zone, timeout=100
@ -524,6 +601,7 @@ class TestMigrateDNSSECMaster(IntegrationTest):
"--skip-overlap-check", "--skip-overlap-check",
] ]
self.replicas[0].run_command(args) self.replicas[0].run_command(args)
tasks.restart_named(self.master, self.replicas[0])
# wait until zone is signed # wait until zone is signed
assert wait_until_record_is_signed( assert wait_until_record_is_signed(
self.replicas[0].ip, example2_test_zone, timeout=100 self.replicas[0].ip, example2_test_zone, timeout=100
@ -556,6 +634,7 @@ class TestMigrateDNSSECMaster(IntegrationTest):
"--skip-overlap-check", "--skip-overlap-check",
] ]
self.replicas[1].run_command(args) self.replicas[1].run_command(args)
tasks.restart_named(self.replicas[0], self.replicas[1])
# wait until zone is signed # wait until zone is signed
assert wait_until_record_is_signed( assert wait_until_record_is_signed(
self.replicas[1].ip, example3_test_zone, timeout=200 self.replicas[1].ip, example3_test_zone, timeout=200