diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md index de22b9f..1e87823 100644 --- a/DEVELOPMENT.md +++ b/DEVELOPMENT.md @@ -59,3 +59,10 @@ NOTE: This is also needed before development because the command generates `./sr Run [pylint](https://pylint.readthedocs.io/en/stable/) in error-only mode to check any problems: `pipenv run pylint src/nsupdate` NOTE: The project does not use pylint for formatting. Disabling the `errors-only` mode in `.pylintrc` will show a lot of warnings. + +# Run tests + +Tests need to run inside Docker because they depend on specific bind9 config on 127.0.0.1:53. + +1. Build the docker image using: `docker build -t nsupdate scripts/docker/` once +2. Then run tests via `docker run --dns 127.0.0.1 -v $PWD:/app nsupdate` diff --git a/scripts/docker/Dockerfile b/scripts/docker/Dockerfile new file mode 100644 index 0000000..9d08a60 --- /dev/null +++ b/scripts/docker/Dockerfile @@ -0,0 +1,9 @@ +FROM python:3.11-alpine +WORKDIR /app + +RUN apk add bind git +COPY bind/named.conf.local /etc/bind/named.conf.local +COPY bind/zones/ /var/lib/bind/pri/ +RUN chown named -R /var/lib/bind/pri/ + +CMD /app/scripts/docker/test.sh diff --git a/scripts/docker/bind/named.conf.local b/scripts/docker/bind/named.conf.local new file mode 100644 index 0000000..77a78b0 --- /dev/null +++ b/scripts/docker/bind/named.conf.local @@ -0,0 +1,49 @@ +// +// Do any local configuration here +// + +key "nsupdate.info." { + algorithm hmac-sha512; + secret "YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYQ=="; +}; + +key "tests.nsupdate.info." { + algorithm hmac-sha512; + secret "YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYQ=="; +}; + +zone "nsupdate.info" { + type master; + file "/var/lib/bind/pri/nsupdate.info"; + update-policy { + // these "deny" entries are needed for the service domain, + // if you add another domain, you may want to check the need + // for other "deny" entries if the zone is not fully available. + // we don't allow updates to the infrastructure hosts: + deny nsupdate.info. name nsupdate.info; + deny nsupdate.info. name www.nsupdate.info; + deny nsupdate.info. name ipv4.nsupdate.info; + deny nsupdate.info. name ipv6.nsupdate.info; + // this host is for testing if the nameserver is configured correctly and reachable + grant nsupdate.info. name connectivity-test.nsupdate.info A; + // but we allow updates to any other host: + grant nsupdate.info. subdomain nsupdate.info; + }; +}; + +zone "tests.nsupdate.info" { + type master; + file "/var/lib/bind/pri/tests.nsupdate.info"; + update-policy { + // these "deny" entries are needed for the service domain, + // if you add another domain, you may want to check the need + // for other "deny" entries if the zone is not fully available. + // we don't allow updates to the infrastructure hosts: + deny tests.nsupdate.info. name tests.nsupdate.info; + deny tests.nsupdate.info. name www.tests.nsupdate.info; + deny tests.nsupdate.info. name ipv4.tests.nsupdate.info; + deny tests.nsupdate.info. name ipv6.tests.nsupdate.info; + // but we allow updates to any other host: + grant tests.nsupdate.info. subdomain tests.nsupdate.info; + }; +}; diff --git a/scripts/docker/bind/zones/nsupdate.info b/scripts/docker/bind/zones/nsupdate.info new file mode 100644 index 0000000..f476411 --- /dev/null +++ b/scripts/docker/bind/zones/nsupdate.info @@ -0,0 +1,20 @@ +$ORIGIN . +$TTL 3600 ; 1 hour +nsupdate.info IN SOA ns1.nsupdate.info. root.nsupdate.info. ( + 2016081401 ; serial + 7200 ; refresh (2 hours) + 1800 ; retry (30 minutes) + 604800 ; expire (1 week) + 60 ; minimum (1 minute) + ) + NS 127.0.0.1. + A 127.0.0.1 + AAAA ::1 + +$ORIGIN nsupdate.info. +$TTL 3600 ; 1 hour +ipv4 A 127.0.0.1 +ipv6 AAAA ::1 +www A 127.0.0.1 + AAAA ::1 + A 127.0.0.1 diff --git a/scripts/docker/bind/zones/tests.nsupdate.info b/scripts/docker/bind/zones/tests.nsupdate.info new file mode 100644 index 0000000..61277d4 --- /dev/null +++ b/scripts/docker/bind/zones/tests.nsupdate.info @@ -0,0 +1,18 @@ +$ORIGIN . +$TTL 3600 ; 1 hour +tests.nsupdate.info IN SOA ns1.tests.nsupdate.info. root.tests.nsupdate.info. ( + 2016081401 ; serial + 7200 ; refresh (2 hours) + 1800 ; retry (30 minutes) + 604800 ; expire (1 week) + 60 ; minimum (1 minute) + ) + NS 127.0.0.1. + A 127.0.0.1 + AAAA ::1 + +$ORIGIN tests.nsupdate.info. +ipv4 A 1.2.3.4 +ipv6 AAAA ::1 +www A 1.2.3.4 + AAAA ::1 diff --git a/scripts/docker/test.sh b/scripts/docker/test.sh new file mode 100755 index 0000000..02787b6 --- /dev/null +++ b/scripts/docker/test.sh @@ -0,0 +1,12 @@ +#!/bin/sh + +set -euxo pipefail + +cd /tmp && named -g -u named -c /etc/bind/named.conf.local & + +cd /app +pip install -e . +pip install -r requirements.txt + +pylint src/nsupdate +pytest src/nsupdate