Mirrors/coredns
1
0
Fork 0
mirror of https://github.com/coredns/coredns.git synced 2025-11-03 18:53:13 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
6f966eed41912ce5eeae7584f9f220f824f8815e
coredns/plugin/dnssec/setup_test.go

123 lines
4.4 KiB
Go
Raw Normal View History

Make CoreDNS a server type plugin for Caddy (#220) * Make CoreDNS a server type plugin for Caddy Remove code we don't need and port all middleware over. Fix all tests and rework the documentation. Also make `go generate` build a caddy binary which we then copy into our directory. This means `go build`-builds remain working as-is. And new etc instances in each etcd test for better isolation. Fix more tests and rework test.Server with the newer support Caddy offers. Fix Makefile to support new mode of operation.
2016-08-19 17:14:17 -07:00
package dnssec
Add middleware/dnssec (#133) This adds an online dnssec middleware. The middleware will sign responses on the fly. Negative responses are signed with NSEC black lies.
2016-04-26 17:57:11 +01:00
import (
mw/dnssec: warn when keys don't sign zones (#1011) fail startup when dnssec middleware has keys configured that can't be used to sign any of the responses it should sign. More tests added, including ones that actually trigger setup failures.
2017-09-01 08:52:13 +02:00
"io/ioutil"
"os"
Add middleware/dnssec (#133) This adds an online dnssec middleware. The middleware will sign responses on the fly. Negative responses are signed with NSEC black lies.
2016-04-26 17:57:11 +01:00
"strings"
"testing"
Make CoreDNS a server type plugin for Caddy (#220) * Make CoreDNS a server type plugin for Caddy Remove code we don't need and port all middleware over. Fix all tests and rework the documentation. Also make `go generate` build a caddy binary which we then copy into our directory. This means `go build`-builds remain working as-is. And new etc instances in each etcd test for better isolation. Fix more tests and rework test.Server with the newer support Caddy offers. Fix Makefile to support new mode of operation.
2016-08-19 17:14:17 -07:00
"github.com/mholt/caddy"
Add middleware/dnssec (#133) This adds an online dnssec middleware. The middleware will sign responses on the fly. Negative responses are signed with NSEC black lies.
2016-04-26 17:57:11 +01:00
)
Make CoreDNS a server type plugin for Caddy (#220) * Make CoreDNS a server type plugin for Caddy Remove code we don't need and port all middleware over. Fix all tests and rework the documentation. Also make `go generate` build a caddy binary which we then copy into our directory. This means `go build`-builds remain working as-is. And new etc instances in each etcd test for better isolation. Fix more tests and rework test.Server with the newer support Caddy offers. Fix Makefile to support new mode of operation.
2016-08-19 17:14:17 -07:00
func TestSetupDnssec(t *testing.T) {
mw/dnssec: warn when keys don't sign zones (#1011) fail startup when dnssec middleware has keys configured that can't be used to sign any of the responses it should sign. More tests added, including ones that actually trigger setup failures.
2017-09-01 08:52:13 +02:00
if err := ioutil.WriteFile("Kcluster.local.key", []byte(keypub), 0644); err != nil {
t.Fatalf("Failed to write pub key file: %s", err)
}
defer func() { os.Remove("Kcluster.local.key") }()
if err := ioutil.WriteFile("Kcluster.local.private", []byte(keypriv), 0644); err != nil {
t.Fatalf("Failed to write private key file: %s", err)
}
defer func() { os.Remove("Kcluster.local.private") }()
Add middleware/dnssec (#133) This adds an online dnssec middleware. The middleware will sign responses on the fly. Negative responses are signed with NSEC black lies.
2016-04-26 17:57:11 +01:00
tests := []struct {
input string
shouldErr bool
expectedZones []string
expectedKeys []string
Add `cache_capacity` option to dnssec middleware for the capacity of LRU cache (#339) This fix adds a `cache_capacity` option to dnssec middleware, so that it is possible to specify the capacity of the LRU cache used by dnssec middleware. Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-10-18 13:33:23 -07:00
expectedCapacity int
Add middleware/dnssec (#133) This adds an online dnssec middleware. The middleware will sign responses on the fly. Negative responses are signed with NSEC black lies.
2016-04-26 17:57:11 +01:00
expectedErrContent string
}{
mw/dnssec: warn when keys don't sign zones (#1011) fail startup when dnssec middleware has keys configured that can't be used to sign any of the responses it should sign. More tests added, including ones that actually trigger setup failures.
2017-09-01 08:52:13 +02:00
{`dnssec`, false, nil, nil, defaultCap, ""},
{`dnssec example.org`, false, []string{"example.org."}, nil, defaultCap, ""},
{`dnssec 10.0.0.0/8`, false, []string{"10.in-addr.arpa."}, nil, defaultCap, ""},
Add middleware/dnssec (#133) This adds an online dnssec middleware. The middleware will sign responses on the fly. Negative responses are signed with NSEC black lies.
2016-04-26 17:57:11 +01:00
{
mw/dnssec: warn when keys don't sign zones (#1011) fail startup when dnssec middleware has keys configured that can't be used to sign any of the responses it should sign. More tests added, including ones that actually trigger setup failures.
2017-09-01 08:52:13 +02:00
`dnssec example.org {
cache_capacity 100
}`, false, []string{"example.org."}, nil, 100, "",
Add middleware/dnssec (#133) This adds an online dnssec middleware. The middleware will sign responses on the fly. Negative responses are signed with NSEC black lies.
2016-04-26 17:57:11 +01:00
},
{
mw/dnssec: warn when keys don't sign zones (#1011) fail startup when dnssec middleware has keys configured that can't be used to sign any of the responses it should sign. More tests added, including ones that actually trigger setup failures.
2017-09-01 08:52:13 +02:00
`dnssec cluster.local {
key file Kcluster.local
}`, false, []string{"cluster.local."}, nil, defaultCap, "",
Add `cache_capacity` option to dnssec middleware for the capacity of LRU cache (#339) This fix adds a `cache_capacity` option to dnssec middleware, so that it is possible to specify the capacity of the LRU cache used by dnssec middleware. Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-10-18 13:33:23 -07:00
},
{
mw/dnssec: warn when keys don't sign zones (#1011) fail startup when dnssec middleware has keys configured that can't be used to sign any of the responses it should sign. More tests added, including ones that actually trigger setup failures.
2017-09-01 08:52:13 +02:00
`dnssec example.org cluster.local {
key file Kcluster.local
}`, false, []string{"example.org.", "cluster.local."}, nil, defaultCap, "",
cidr everywhere: check all middleware (#915) * cidr everywhere: check all middleware Add tests for cidr in only that middleware that already tests for this. Check the other ones manually (and put reverse in the tests cases anyway). Make etcd setup_test run without +build etcd tag - it is not needed for this test - move rest of the code to lookup_test.go. Cleanup proxy test a bit and remove TempDir as there is test.TempFile that does the same thing. Fixes #909 * coredns package * Fix test compile
2017-08-13 18:16:25 +01:00
},
mw/dnssec: warn when keys don't sign zones (#1011) fail startup when dnssec middleware has keys configured that can't be used to sign any of the responses it should sign. More tests added, including ones that actually trigger setup failures.
2017-09-01 08:52:13 +02:00
// fails
cidr everywhere: check all middleware (#915) * cidr everywhere: check all middleware Add tests for cidr in only that middleware that already tests for this. Check the other ones manually (and put reverse in the tests cases anyway). Make etcd setup_test run without +build etcd tag - it is not needed for this test - move rest of the code to lookup_test.go. Cleanup proxy test a bit and remove TempDir as there is test.TempFile that does the same thing. Fixes #909 * coredns package * Fix test compile
2017-08-13 18:16:25 +01:00
{
`dnssec example.org {
mw/dnssec: warn when keys don't sign zones (#1011) fail startup when dnssec middleware has keys configured that can't be used to sign any of the responses it should sign. More tests added, including ones that actually trigger setup failures.
2017-09-01 08:52:13 +02:00
key file Kcluster.local
}`, true, []string{"example.org."}, nil, defaultCap, "can not sign any",
},
{
`dnssec example.org {
key
}`, true, []string{"example.org."}, nil, defaultCap, "argument count",
},
{
`dnssec example.org {
key file
}`, true, []string{"example.org."}, nil, defaultCap, "argument count",
Add middleware/dnssec (#133) This adds an online dnssec middleware. The middleware will sign responses on the fly. Negative responses are signed with NSEC black lies.
2016-04-26 17:57:11 +01:00
},
return an error for multiple use of some plugins (#1559) * plugins: Return error for multiple use of some Return plugin.ErrOnce when a plugin that doesn't support it, is called mutliple times. This now adds it for: cache, dnssec, errors, forward, hosts, nsid. And changes it slightly in kubernetes, pprof, reload, root. * more tests
2018-02-28 18:16:05 -08:00
{`dnssec
dnssec`, true, nil, nil, defaultCap, ""},
Add middleware/dnssec (#133) This adds an online dnssec middleware. The middleware will sign responses on the fly. Negative responses are signed with NSEC black lies.
2016-04-26 17:57:11 +01:00
}
for i, test := range tests {
Make CoreDNS a server type plugin for Caddy (#220) * Make CoreDNS a server type plugin for Caddy Remove code we don't need and port all middleware over. Fix all tests and rework the documentation. Also make `go generate` build a caddy binary which we then copy into our directory. This means `go build`-builds remain working as-is. And new etc instances in each etcd test for better isolation. Fix more tests and rework test.Server with the newer support Caddy offers. Fix Makefile to support new mode of operation.
2016-08-19 17:14:17 -07:00
c := caddy.NewTestController("dns", test.input)
Add `cache_capacity` option to dnssec middleware for the capacity of LRU cache (#339) This fix adds a `cache_capacity` option to dnssec middleware, so that it is possible to specify the capacity of the LRU cache used by dnssec middleware. Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-10-18 13:33:23 -07:00
zones, keys, capacity, err := dnssecParse(c)
Add middleware/dnssec (#133) This adds an online dnssec middleware. The middleware will sign responses on the fly. Negative responses are signed with NSEC black lies.
2016-04-26 17:57:11 +01:00
if test.shouldErr && err == nil {
t.Errorf("Test %d: Expected error but found %s for input %s", i, err, test.input)
}
if err != nil {
if !test.shouldErr {
t.Errorf("Test %d: Expected no error but found one for input %s. Error was: %v", i, test.input, err)
}
if !strings.Contains(err.Error(), test.expectedErrContent) {
t.Errorf("Test %d: Expected error to contain: %v, found error: %v, input: %s", i, test.expectedErrContent, err, test.input)
}
}
if !test.shouldErr {
for i, z := range test.expectedZones {
if zones[i] != z {
t.Errorf("Dnssec not correctly set for input %s. Expected: %s, actual: %s", test.input, z, zones[i])
}
}
for i, k := range test.expectedKeys {
if k != keys[i].K.Header().Name {
t.Errorf("Dnssec not correctly set for input %s. Expected: '%s', actual: '%s'", test.input, k, keys[i].K.Header().Name)
}
}
Add `cache_capacity` option to dnssec middleware for the capacity of LRU cache (#339) This fix adds a `cache_capacity` option to dnssec middleware, so that it is possible to specify the capacity of the LRU cache used by dnssec middleware. Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-10-18 13:33:23 -07:00
if capacity != test.expectedCapacity {
t.Errorf("Dnssec not correctly set capacity for input '%s' Expected: '%d', actual: '%d'", test.input, capacity, test.expectedCapacity)
}
Add middleware/dnssec (#133) This adds an online dnssec middleware. The middleware will sign responses on the fly. Negative responses are signed with NSEC black lies.
2016-04-26 17:57:11 +01:00
}
}
}
mw/dnssec: warn when keys don't sign zones (#1011) fail startup when dnssec middleware has keys configured that can't be used to sign any of the responses it should sign. More tests added, including ones that actually trigger setup failures.
2017-09-01 08:52:13 +02:00
const keypub = `; This is a zone-signing key, keyid 45330, for cluster.local.
; Created: 20170901060531 (Fri Sep 1 08:05:31 2017)
; Publish: 20170901060531 (Fri Sep 1 08:05:31 2017)
; Activate: 20170901060531 (Fri Sep 1 08:05:31 2017)
cluster.local. IN DNSKEY 256 3 5 AwEAAcFpDv+Cb23kFJowu+VU++b2N1uEHi6Ll9H0BzLasFOdJjEEclCO q/KlD4682vOMXxJNN8ZwOyiCa7Y0TEYqSwWvhHyn3bHCwuy4I6fss4Wd 7Y9dU+6QTgJ8LimGG40Iizjc9zqoU8Q+q81vIukpYWOHioHoY7hsWBvS RSlzDJk3`
const keypriv = `Private-key-format: v1.3
Algorithm: 5 (RSASHA1)
Modulus: wWkO/4JvbeQUmjC75VT75vY3W4QeLouX0fQHMtqwU50mMQRyUI6r8qUPjrza84xfEk03xnA7KIJrtjRMRipLBa+EfKfdscLC7Lgjp+yzhZ3tj11T7pBOAnwuKYYbjQiLONz3OqhTxD6rzW8i6SlhY4eKgehjuGxYG9JFKXMMmTc=
PublicExponent: AQAB
PrivateExponent: K5XyZFBPrjMVFX5gCZlyPyVDamNGrfSVXSIiMSqpS96BSdCXtmHAjCj4bZFPwkzi6+vs4tJN8p4ZifEVM0a6qwPZyENBrc2qbsweOXE6l8BaPVWFX30xvVRzGXuNtXxlBXE17zoHty5r5mRyRou1bc2HUS5otdkEjE30RiocQVk=
Prime1: 7RRFUxaZkVNVH1DaT/SV5Sb8kABB389qLwU++argeDCVf+Wm9BBlTrsz2U6bKlfpaUmYZKtCCd+CVxqzMyuu0w==
Prime2: 0NiY3d7Fa08IGY9L4TaFc02A721YcDNBBf95BP31qGvwnYsLFM/1xZwaEsIjohg8g+m/GpyIlvNMbK6pywIVjQ==
Exponent1: XjXO8pype9mMmvwrNNix9DTQ6nxfsQugW30PMHGZ78kGr6NX++bEC0xS50jYWjRDGcbYGzD+9iNujSScD3qNZw==
Exponent2: wkoOhLIfhUIj7etikyUup2Ld5WAbW15DSrotstg0NrgcQ+Q7reP96BXeJ79WeREFE09cyvv/EjdLzPv81/CbbQ==
Coefficient: ah4LL0KLTO8kSKHK+X9Ud8grYi94QSNdbX11ge/eFcS/41QhDuZRTAFv4y0+IG+VWd+XzojLsQs+jzLe5GzINg==
Created: 20170901060531
Publish: 20170901060531
Activate: 20170901060531
`
Reference in New Issue Copy Permalink