summaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
Diffstat (limited to 'tests')
-rw-r--r--tests/config/meson.build4
-rw-r--r--tests/dnstap/src/dnstap-test/go.mod2
-rw-r--r--tests/dnstap/src/dnstap-test/go.sum44
-rwxr-xr-xtests/dnstap/src/dnstap-test/run.sh17
-rw-r--r--tests/integration/deckard/.gitignore20
-rw-r--r--tests/integration/deckard/.gitlab-ci.yml130
-rw-r--r--tests/integration/deckard/.gitmodules3
-rw-r--r--tests/pytests/conftest.py2
-rw-r--r--tests/pytests/test_tls.py47
-rw-r--r--tests/pytests/utils.py19
-rw-r--r--tests/unit/meson.build7
11 files changed, 175 insertions, 120 deletions
diff --git a/tests/config/meson.build b/tests/config/meson.build
index a739222..dc345a8 100644
--- a/tests/config/meson.build
+++ b/tests/config/meson.build
@@ -1,7 +1,7 @@
# SPDX-License-Identifier: GPL-3.0-or-later
config_tests += [
- ['basic', files('basic.test.lua'), ['skip_asan']],
- ['cache', files('cache.test.lua'), ['skip_asan']],
+ ['basic', files('basic.test.lua')],
+ ['cache', files('cache.test.lua')],
['net', files('net.test.lua'), ['config_net']],
['doh2', files('doh2.test.lua')],
['lru', files('lru.test.lua')],
diff --git a/tests/dnstap/src/dnstap-test/go.mod b/tests/dnstap/src/dnstap-test/go.mod
index 6b65088..2eb7287 100644
--- a/tests/dnstap/src/dnstap-test/go.mod
+++ b/tests/dnstap/src/dnstap-test/go.mod
@@ -1,6 +1,6 @@
module gitlab.nic.cz/knot/knot-resolver/tests/dnstap-test
-go 1.17
+go 1.15
require (
github.com/cloudflare/dns v0.0.0-20151007113418-e20ffa3da443
diff --git a/tests/dnstap/src/dnstap-test/go.sum b/tests/dnstap/src/dnstap-test/go.sum
deleted file mode 100644
index 1860f9e..0000000
--- a/tests/dnstap/src/dnstap-test/go.sum
+++ /dev/null
@@ -1,44 +0,0 @@
-github.com/cloudflare/dns v0.0.0-20151007113418-e20ffa3da443 h1:dYR6/V5rx/uaHsy4m1JuWfKYZO0r+G89BLD+XN7s9AI=
-github.com/cloudflare/dns v0.0.0-20151007113418-e20ffa3da443/go.mod h1:pa4p3oKOxzbXjrV5AGD1v5xjL7skv9BvO4J0Llo3P+s=
-github.com/dnstap/golang-dnstap v0.4.0 h1:KRHBoURygdGtBjDI2w4HifJfMAhhOqDuktAokaSa234=
-github.com/dnstap/golang-dnstap v0.4.0/go.mod h1:FqsSdH58NAmkAvKcpyxht7i4FoBjKu8E4JUPt8ipSUs=
-github.com/farsightsec/golang-framestream v0.3.0 h1:/spFQHucTle/ZIPkYqrfshQqPe2VQEzesH243TjIwqA=
-github.com/farsightsec/golang-framestream v0.3.0/go.mod h1:eNde4IQyEiA5br02AouhEHCu3p3UzrCdFR4LuQHklMI=
-github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
-github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
-github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
-github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
-github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
-github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/miekg/dns v1.1.31 h1:sJFOl9BgwbYAWOGEwr61FU28pqsBNdpRBnhGXtO06Oo=
-github.com/miekg/dns v1.1.31/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq69pTHfNouLtWZG7j9rPN8=
-golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190923162816-aa69164e4478 h1:l5EDrHhldLYb3ZRHDUhXF7Om7MvYXnkV9/iQNo1lX6g=
-golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe h1:6fAMxZRR6sl1Uq8U61gxU+kPTs2tR8uOySCbBP7BN/M=
-golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
-google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
-google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
-google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
-google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
-google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
-google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
-google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
diff --git a/tests/dnstap/src/dnstap-test/run.sh b/tests/dnstap/src/dnstap-test/run.sh
index 37822b7..70d8225 100755
--- a/tests/dnstap/src/dnstap-test/run.sh
+++ b/tests/dnstap/src/dnstap-test/run.sh
@@ -8,16 +8,13 @@ echo "$GOPATH"
cd "$(dirname $0)"
DNSTAP_TEST=dnstap-test
-if [ -z "$GITLAB_CI" ]; then
- type -P go >/dev/null || exit 77
- echo "Building the dnstap test and its dependencies..."
- # some packages may be missing on the system right now
- go get .
-else
- # In CI we've prebuilt dependencies into the default GOPATH.
- # We're in a scratch container, so we just add the dnstap test inside.
- export GOPATH=/root/go
-fi
+go mod tidy
+
+type -P go >/dev/null || exit 77
+echo "Building the dnstap test and its dependencies..."
+# some packages may be missing on the system right now
+go get .
+
DTAP_DIR="$GOPATH/src"
DTAP="$DTAP_DIR/$DNSTAP_TEST"
mkdir -p "$DTAP_DIR"
diff --git a/tests/integration/deckard/.gitignore b/tests/integration/deckard/.gitignore
new file mode 100644
index 0000000..f8109bf
--- /dev/null
+++ b/tests/integration/deckard/.gitignore
@@ -0,0 +1,20 @@
+*.swp
+/env.sh
+
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+.hypothesis/
+.pytest_cache/
+.mypy_cache/
diff --git a/tests/integration/deckard/.gitlab-ci.yml b/tests/integration/deckard/.gitlab-ci.yml
new file mode 100644
index 0000000..2034cdd
--- /dev/null
+++ b/tests/integration/deckard/.gitlab-ci.yml
@@ -0,0 +1,130 @@
+image: $CI_REGISTRY/knot/knot-resolver/ci/debian-buster:knot-3.0
+variables:
+ LC_ALL: C.UTF-8
+
+stages:
+ - test
+
+.test: &test
+ stage: test
+ tags:
+ - docker
+ - linux
+ - amd64
+
+.privileged_test: &privileged_test
+ stage: test
+ tags:
+ - privileged
+
+test:augeas:
+ <<: *test
+ script:
+ - augparse pydnstest/deckard.aug
+
+test:flake8:
+ <<: *test
+ script:
+ - python3 -m flake8 --max-line-length=100 . && echo "OK, no flake8 errors detected"
+
+test:mypy:
+ <<: *test
+ script:
+ - ci/mypy-run.sh && echo "OK, no mypy error detected"
+
+test:pylint:
+ <<: *test
+ script:
+ - ci/pylint-run.sh
+
+test:rplint:
+ <<: *test
+ script:
+ - cp ci/common.sh /tmp
+ - cp ci/compare-rplint.sh /tmp
+ - /tmp/compare-rplint.sh
+
+test:unittests:
+ <<: *privileged_test
+ script:
+ - python3 -m pytest
+
+# There are no tests in the repo which use this feature but others do
+# and do not want to cause them breakage
+test:sanity:raw_id:
+ <<: *privileged_test
+ script:
+ - unshare -rn ci/raw_id_check.sh
+
+# changes in Deckard itself must not change result of tests
+test:comparative:kresd:
+ <<: *privileged_test
+ script:
+ # test kresd binary
+ - git clone --recurse-submodules -j8 --depth=1 https://gitlab.nic.cz/knot/knot-resolver.git /tmp/kresd-local-build
+ - pushd /tmp/kresd-local-build
+ - git log -1
+ - meson build_local --default-library=static --prefix=/tmp/.local
+ - ninja -C build_local install
+ - popd
+ # compare results from latest Deckard with results from merge base
+ - cp ci/common.sh /tmp
+ - cp ci/compare-tests.sh /tmp
+ - cp ci/junit-compare.py /tmp
+ - PATH=/tmp/.local/sbin:$PATH /tmp/compare-tests.sh $(pwd)/kresd_run.sh
+ artifacts:
+ when: always
+ expire_in: '1 hour'
+ paths:
+ - modified_tests
+ - base.xml
+ - head.xml
+
+# Run all tests on the latest kresd version to ensure that we not push tests
+# which do not work on latest kresd. It would lead to breakage in kresd CI.
+test:latest:kresd:
+ <<: *privileged_test
+ script:
+ - git clone --recurse-submodules -j8 --depth=1 https://gitlab.nic.cz/knot/knot-resolver.git kresd-local-build
+ - pushd kresd-local-build
+ - git log -1
+ - meson build_local --default-library=static --prefix="$PWD/../.local"
+ - ninja -C build_local install
+ - popd
+ - TMPDIR=$(pwd) PATH=$(pwd)/.local/sbin:$PATH ./kresd_run.sh -n $(nproc)
+ artifacts:
+ when: on_failure
+ expire_in: 1 week
+ paths:
+ - tmpdeckard*
+
+# sanity check that Unbound under Deckard still works
+# I've selected the only tests which are working
+# on kresd and Unbound 1.5.8 as well as 1.6.0
+test:sanity:unbound:
+ <<: *privileged_test
+ script:
+ - TMPDIR=$(pwd) ./unbound_run.sh --scenarios=sets/resolver/iter_hint_lame.rpl
+ - TMPDIR=$(pwd) ./unbound_run.sh --scenarios=sets/resolver/iter_lame_root.rpl
+ # these do not work with Unbound 1.5.8 which is in CI container
+ #- TESTS=sets/resolver/nsec_wildcard_answer_response.rpl ./unbound_run.sh
+ #- TESTS=sets/resolver/world_cz_lidovky_www.rpl ./unbound_run.sh
+ artifacts:
+ when: on_failure
+ expire_in: 1 week
+ paths:
+ - tmpdeckard*
+
+# sanity check that PowerDNS recursor under Deckard still works
+# I've selected couple tests which are working
+# on kresd and PowerDNS recursor 4.0.0~alpha2 as well as 4.0.4
+test:sanity:pdnsrecursor:
+ <<: *privileged_test
+ script:
+ - TMPDIR=$(pwd) ./pdns_run.sh --scenarios=sets/resolver/iter_recurse.rpl
+ - TMPDIR=$(pwd) ./pdns_run.sh --scenarios=sets/resolver/iter_tcbit.rpl
+ artifacts:
+ when: on_failure
+ expire_in: 1 week
+ paths:
+ - tmpdeckard*
diff --git a/tests/integration/deckard/.gitmodules b/tests/integration/deckard/.gitmodules
new file mode 100644
index 0000000..7a3c587
--- /dev/null
+++ b/tests/integration/deckard/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "contrib/libfaketime"]
+ path = contrib/libfaketime
+ url = git://github.com/wolfcw/libfaketime.git
diff --git a/tests/pytests/conftest.py b/tests/pytests/conftest.py
index 4c711f8..fcf4b05 100644
--- a/tests/pytests/conftest.py
+++ b/tests/pytests/conftest.py
@@ -86,7 +86,7 @@ def query_before(request): # whether to send an initial query
return request.param
-@pytest.mark.optionalhook
+@pytest.hookimpl(optionalhook=True)
def pytest_metadata(metadata): # filter potentially sensitive data from GitLab CI
keys_to_delete = []
for key in metadata.keys():
diff --git a/tests/pytests/test_tls.py b/tests/pytests/test_tls.py
index 3e1328a..2187efb 100644
--- a/tests/pytests/test_tls.py
+++ b/tests/pytests/test_tls.py
@@ -1,15 +1,8 @@
# SPDX-License-Identifier: GPL-3.0-or-later
"""TLS-specific tests"""
-import itertools
-import os
-from socket import AF_INET, AF_INET6
import ssl
-import sys
-
import pytest
-
-from kresd import make_kresd
import utils
@@ -41,43 +34,3 @@ def test_tls_cert_hostname_mismatch(kresd_tt, sock_family):
with pytest.raises(ssl.CertificateError):
ssock.connect(dest)
-
-
-@pytest.mark.skipif(sys.version_info < (3, 6),
- reason="requires python3.6 or higher")
-@pytest.mark.parametrize('sf1, sf2, sf3', itertools.product(
- [AF_INET, AF_INET6], [AF_INET, AF_INET6], [AF_INET, AF_INET6]))
-def test_tls_session_resumption(tmpdir, sf1, sf2, sf3):
- """Attempt TLS session resumption against the same kresd instance and a different one."""
- # TODO ensure that session can't be resumed after session ticket key regeneration
- # at the first kresd instance
-
- # NOTE TLS 1.3 is intentionally disabled for session resumption tests,
- # because python's SSLSocket.session isn't compatible with TLS 1.3
- # https://docs.python.org/3/library/ssl.html?highlight=ssl%20ticket#tls-1-3
-
- def connect(kresd, ctx, sf, session=None):
- sock, dest = kresd.stream_socket(sf, tls=True)
- ssock = ctx.wrap_socket(
- sock, server_hostname='transport-test-server.com', session=session)
- ssock.connect(dest)
- new_session = ssock.session
- assert new_session.has_ticket
- assert ssock.session_reused == (session is not None)
- utils.ping_alive(ssock)
- ssock.close()
- return new_session
-
- workdir = os.path.join(str(tmpdir), 'kresd')
- os.makedirs(workdir)
-
- with make_kresd(workdir, 'tt') as kresd:
- ctx = utils.make_ssl_context(
- verify_location=kresd.tls_cert_path, extra_options=[ssl.OP_NO_TLSv1_3])
- session = connect(kresd, ctx, sf1) # initial conn
- connect(kresd, ctx, sf2, session) # resume session on the same instance
-
- workdir2 = os.path.join(str(tmpdir), 'kresd2')
- os.makedirs(workdir2)
- with make_kresd(workdir2, 'tt') as kresd2:
- connect(kresd2, ctx, sf3, session) # resume session on a different instance
diff --git a/tests/pytests/utils.py b/tests/pytests/utils.py
index 4b995d4..8af71aa 100644
--- a/tests/pytests/utils.py
+++ b/tests/pytests/utils.py
@@ -99,7 +99,7 @@ def ping_alive(sock, msgid=None):
@contextmanager
def expect_kresd_close(rst_ok=False):
- with pytest.raises(BrokenPipeError):
+ with pytest.raises((BrokenPipeError, ssl.SSLEOFError)):
try:
time.sleep(0.2) # give kresd time to close connection with TCP FIN
yield
@@ -110,17 +110,12 @@ def expect_kresd_close(rst_ok=False):
pytest.fail("kresd didn't close the connection")
-def make_ssl_context(insecure=False, verify_location=None, extra_options=None):
- # set TLS v1.2+
- context = ssl.SSLContext(ssl.PROTOCOL_TLS)
- context.options |= ssl.OP_NO_SSLv2
- context.options |= ssl.OP_NO_SSLv3
- context.options |= ssl.OP_NO_TLSv1
- context.options |= ssl.OP_NO_TLSv1_1
-
- if extra_options is not None:
- for option in extra_options:
- context.options |= option
+def make_ssl_context(insecure=False, verify_location=None,
+ minimum_tls=ssl.TLSVersion.TLSv1_2,
+ maximum_tls=ssl.TLSVersion.MAXIMUM_SUPPORTED):
+ context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+ context.minimum_version = minimum_tls
+ context.maximum_version = maximum_tls
if insecure:
# turn off certificate verification
diff --git a/tests/unit/meson.build b/tests/unit/meson.build
index b10789c..747f1d3 100644
--- a/tests/unit/meson.build
+++ b/tests/unit/meson.build
@@ -10,7 +10,7 @@ mock_cmodule_mod = shared_module(
'mock_cmodule',
mock_cmodule_src,
name_prefix: '',
- dependencies: libknot,
+ dependencies: mod_deps,
include_directories: mod_inc_dir,
)
@@ -20,10 +20,11 @@ foreach unit_test : unit_tests
unit_test[0],
unit_test[1],
dependencies: [
+ cmocka,
contrib_dep,
- libkres_dep,
libknot,
- cmocka,
+ libkres_dep,
+ libuv,
lmdb,
],
)