summaryrefslogtreecommitdiffstats
path: root/modules/daf/daf.test.lua
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-08 20:37:50 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-08 20:37:50 +0000
commitc1f743ab2e4a7046d5500875a47d1f62c8624603 (patch)
tree709946d52f5f3bbaeb38be9e3f1d56d11f058237 /modules/daf/daf.test.lua
parentInitial commit. (diff)
downloadknot-resolver-c1f743ab2e4a7046d5500875a47d1f62c8624603.tar.xz
knot-resolver-c1f743ab2e4a7046d5500875a47d1f62c8624603.zip
Adding upstream version 5.7.1.upstream/5.7.1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'modules/daf/daf.test.lua')
-rw-r--r--modules/daf/daf.test.lua80
1 files changed, 80 insertions, 0 deletions
diff --git a/modules/daf/daf.test.lua b/modules/daf/daf.test.lua
new file mode 100644
index 0000000..2a46393
--- /dev/null
+++ b/modules/daf/daf.test.lua
@@ -0,0 +1,80 @@
+-- SPDX-License-Identifier: GPL-3.0-or-later
+
+-- do not attempt to contact outside world, operate only on cache
+net.ipv4 = false
+net.ipv6 = false
+-- do not listen, test is driven by config code
+env.KRESD_NO_LISTEN = true
+
+local path = worker.cwd..'/control/'..worker.pid
+same(true, net.listen(path, nil, {kind = 'control'}),
+ 'new control sockets were created so map() can work')
+
+modules.load('hints > iterate')
+modules.load('daf')
+
+hints['pass.'] = '127.0.0.1'
+hints['deny.'] = '127.0.0.1'
+hints['deny.'] = '127.0.0.1'
+hints['drop.'] = '127.0.0.1'
+hints['del.'] = '127.0.0.1'
+hints['del2.'] = '127.0.0.1'
+hints['toggle.'] = '127.0.0.1'
+
+local check_answer = require('test_utils').check_answer
+
+local function test_sanity()
+ check_answer('daf sanity (no rules)', 'pass.', kres.type.A, kres.rcode.NOERROR)
+ check_answer('daf sanity (no rules)', 'deny.', kres.type.A, kres.rcode.NOERROR)
+ check_answer('daf sanity (no rules)', 'drop.', kres.type.A, kres.rcode.NOERROR)
+ check_answer('daf sanity (no rules)', 'del.', kres.type.A, kres.rcode.NOERROR)
+ check_answer('daf sanity (no rules)', 'del2.', kres.type.A, kres.rcode.NOERROR)
+ check_answer('daf sanity (no rules)', 'toggle.', kres.type.A, kres.rcode.NOERROR)
+end
+
+local function test_basic_actions()
+ daf.add('qname = pass. pass')
+ daf.add('qname = deny. deny')
+ daf.add('qname = drop. drop')
+
+ check_answer('daf pass action', 'pass.', kres.type.A, kres.rcode.NOERROR)
+ check_answer('daf deny action', 'deny.', kres.type.A, kres.rcode.NXDOMAIN)
+ check_answer('daf drop action', 'drop.', kres.type.A, kres.rcode.SERVFAIL)
+end
+
+local function test_del()
+ -- first matching rule is used
+ local first = daf.add('qname = del. deny')
+ local second = daf.add('qname = del2. deny')
+
+ check_answer('daf del - first rule active',
+ 'del.', kres.type.A, kres.rcode.NXDOMAIN)
+ check_answer('daf del - second rule active',
+ 'del2.', kres.type.A, kres.rcode.NXDOMAIN)
+ daf.del(first.rule.id)
+ check_answer('daf del - first rule deleted',
+ 'del.', kres.type.A, kres.rcode.NOERROR)
+ daf.del(second.rule.id)
+ check_answer('daf del - second rule deleted',
+ 'del2.', kres.type.A, kres.rcode.NOERROR)
+end
+
+local function test_toggle()
+ local toggle = daf.add('qname = toggle. deny')
+
+ check_answer('daf - toggle active',
+ 'toggle.', kres.type.A, kres.rcode.NXDOMAIN)
+ daf.disable(toggle.rule.id)
+ check_answer('daf - toggle disabled',
+ 'toggle.', kres.type.A, kres.rcode.NOERROR)
+ daf.enable(toggle.rule.id)
+ check_answer('daf - toggle enabled',
+ 'toggle.', kres.type.A, kres.rcode.NXDOMAIN)
+end
+
+return {
+ test_sanity, -- must be first, expects no daf rules
+ test_basic_actions,
+ test_del,
+ test_toggle,
+}