Commit 58a5e6fb authored by Mark Andrews's avatar Mark Andrews

Merge branch '1715-kasp-system-test-timing-issue-with-view-zones-2' into 'master'

Resolve "kasp system test timing issue with view zones"

Closes #1715

See merge request !3334
parents 73d42681 78746cfa
Pipeline #38612 failed with stages
in 35 minutes and 4 seconds
...@@ -490,6 +490,24 @@ dnssec_verify() ...@@ -490,6 +490,24 @@ dnssec_verify()
status=$((status+ret)) status=$((status+ret))
} }
# Wait for the zone to be signed.
# The apex NSEC record indicates that it is signed.
_wait_for_nsec() {
dig_with_opts "@${SERVER}" -y "$TSIG" "$ZONE" NSEC > "dig.out.nsec.test$n" || return 1
grep "NS SOA" "dig.out.nsec.test$n" > /dev/null || return 1
grep "${ZONE}\..*IN.*RRSIG" "dig.out.nsec.test$n" > /dev/null || return 1
return 0
}
wait_for_nsec() {
n=$((n+1))
ret=0
echo_i "wait for ${ZONE} to be signed ($n)"
retry_quiet 10 _wait_for_nsec || log_error "wait for ${ZONE} to be signed failed"
test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret))
}
# Default next key event threshold. May be extended by wait periods. # Default next key event threshold. May be extended by wait periods.
next_key_event_threshold=100 next_key_event_threshold=100
...@@ -1854,6 +1872,7 @@ set_zone "inherit.inherit.signed" ...@@ -1854,6 +1872,7 @@ set_zone "inherit.inherit.signed"
set_policy "test" "1" "3600" set_policy "test" "1" "3600"
set_server "ns4" "10.53.0.4" set_server "ns4" "10.53.0.4"
TSIG="hmac-sha1:sha1:$SHA1" TSIG="hmac-sha1:sha1:$SHA1"
wait_for_nsec
check_keys check_keys
check_apex check_apex
check_subdomain check_subdomain
...@@ -1863,6 +1882,7 @@ set_zone "override.override.signed" ...@@ -1863,6 +1882,7 @@ set_zone "override.override.signed"
set_policy "test" "1" "3600" set_policy "test" "1" "3600"
set_server "ns4" "10.53.0.4" set_server "ns4" "10.53.0.4"
TSIG="hmac-sha224:sha224:$SHA224" TSIG="hmac-sha224:sha224:$SHA224"
wait_for_nsec
check_keys check_keys
check_apex check_apex
check_subdomain check_subdomain
...@@ -1872,6 +1892,7 @@ set_zone "override.none.signed" ...@@ -1872,6 +1892,7 @@ set_zone "override.none.signed"
set_policy "test" "1" "3600" set_policy "test" "1" "3600"
set_server "ns4" "10.53.0.4" set_server "ns4" "10.53.0.4"
TSIG="hmac-sha256:sha256:$SHA256" TSIG="hmac-sha256:sha256:$SHA256"
wait_for_nsec
check_keys check_keys
check_apex check_apex
check_subdomain check_subdomain
...@@ -1881,6 +1902,7 @@ set_zone "override.override.unsigned" ...@@ -1881,6 +1902,7 @@ set_zone "override.override.unsigned"
set_policy "test" "1" "3600" set_policy "test" "1" "3600"
set_server "ns5" "10.53.0.5" set_server "ns5" "10.53.0.5"
TSIG="hmac-sha224:sha224:$SHA224" TSIG="hmac-sha224:sha224:$SHA224"
wait_for_nsec
check_keys check_keys
check_apex check_apex
check_subdomain check_subdomain
...@@ -1890,6 +1912,7 @@ set_zone "override.none.unsigned" ...@@ -1890,6 +1912,7 @@ set_zone "override.none.unsigned"
set_policy "test" "1" "3600" set_policy "test" "1" "3600"
set_server "ns5" "10.53.0.5" set_server "ns5" "10.53.0.5"
TSIG="hmac-sha256:sha256:$SHA256" TSIG="hmac-sha256:sha256:$SHA256"
wait_for_nsec
check_keys check_keys
check_apex check_apex
check_subdomain check_subdomain
...@@ -1898,6 +1921,7 @@ dnssec_verify ...@@ -1898,6 +1921,7 @@ dnssec_verify
set_zone "example.net" set_zone "example.net"
set_server "ns4" "10.53.0.4" set_server "ns4" "10.53.0.4"
TSIG="hmac-sha1:keyforview1:$VIEW1" TSIG="hmac-sha1:keyforview1:$VIEW1"
wait_for_nsec
check_keys check_keys
check_apex check_apex
dnssec_verify dnssec_verify
...@@ -1913,6 +1937,7 @@ test "$ret" -eq 0 || echo_i "failed" ...@@ -1913,6 +1937,7 @@ test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret)) status=$((status+ret))
TSIG="hmac-sha1:keyforview2:$VIEW2" TSIG="hmac-sha1:keyforview2:$VIEW2"
wait_for_nsec
check_keys check_keys
check_apex check_apex
dnssec_verify dnssec_verify
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment