From a60f830927bcb3525470422a11cbee2265042b89 Mon Sep 17 00:00:00 2001 From: Florian Eitel Date: Sat, 14 Jan 2023 20:46:50 +0100 Subject: [PATCH] Add testing in docker I can't run tests in travis and due to the bind9 dependency it's difficult to run on the local machine. Docker is tricky due to changing the nameserver to 127.0.0.1 but with the right parameter it works. There are still a handful of tests failing. I couldn't figure out why yet. --- DEVELOPMENT.md | 7 +++ scripts/docker/Dockerfile | 9 ++++ scripts/docker/bind/named.conf.local | 49 +++++++++++++++++++ scripts/docker/bind/zones/nsupdate.info | 20 ++++++++ scripts/docker/bind/zones/tests.nsupdate.info | 18 +++++++ scripts/docker/test.sh | 12 +++++ 6 files changed, 115 insertions(+) create mode 100644 scripts/docker/Dockerfile create mode 100644 scripts/docker/bind/named.conf.local create mode 100644 scripts/docker/bind/zones/nsupdate.info create mode 100644 scripts/docker/bind/zones/tests.nsupdate.info create mode 100755 scripts/docker/test.sh diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md index de22b9f..1e87823 100644 --- a/DEVELOPMENT.md +++ b/DEVELOPMENT.md @@ -59,3 +59,10 @@ NOTE: This is also needed before development because the command generates `./sr Run [pylint](https://pylint.readthedocs.io/en/stable/) in error-only mode to check any problems: `pipenv run pylint src/nsupdate` NOTE: The project does not use pylint for formatting. Disabling the `errors-only` mode in `.pylintrc` will show a lot of warnings. + +# Run tests + +Tests need to run inside Docker because they depend on specific bind9 config on 127.0.0.1:53. + +1. Build the docker image using: `docker build -t nsupdate scripts/docker/` once +2. Then run tests via `docker run --dns 127.0.0.1 -v $PWD:/app nsupdate` diff --git a/scripts/docker/Dockerfile b/scripts/docker/Dockerfile new file mode 100644 index 0000000..9d08a60 --- /dev/null +++ b/scripts/docker/Dockerfile @@ -0,0 +1,9 @@ +FROM python:3.11-alpine +WORKDIR /app + +RUN apk add bind git +COPY bind/named.conf.local /etc/bind/named.conf.local +COPY bind/zones/ /var/lib/bind/pri/ +RUN chown named -R /var/lib/bind/pri/ + +CMD /app/scripts/docker/test.sh diff --git a/scripts/docker/bind/named.conf.local b/scripts/docker/bind/named.conf.local new file mode 100644 index 0000000..77a78b0 --- /dev/null +++ b/scripts/docker/bind/named.conf.local @@ -0,0 +1,49 @@ +// +// Do any local configuration here +// + +key "nsupdate.info." { + algorithm hmac-sha512; + secret "YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYQ=="; +}; + +key "tests.nsupdate.info." { + algorithm hmac-sha512; + secret "YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYQ=="; +}; + +zone "nsupdate.info" { + type master; + file "/var/lib/bind/pri/nsupdate.info"; + update-policy { + // these "deny" entries are needed for the service domain, + // if you add another domain, you may want to check the need + // for other "deny" entries if the zone is not fully available. + // we don't allow updates to the infrastructure hosts: + deny nsupdate.info. name nsupdate.info; + deny nsupdate.info. name www.nsupdate.info; + deny nsupdate.info. name ipv4.nsupdate.info; + deny nsupdate.info. name ipv6.nsupdate.info; + // this host is for testing if the nameserver is configured correctly and reachable + grant nsupdate.info. name connectivity-test.nsupdate.info A; + // but we allow updates to any other host: + grant nsupdate.info. subdomain nsupdate.info; + }; +}; + +zone "tests.nsupdate.info" { + type master; + file "/var/lib/bind/pri/tests.nsupdate.info"; + update-policy { + // these "deny" entries are needed for the service domain, + // if you add another domain, you may want to check the need + // for other "deny" entries if the zone is not fully available. + // we don't allow updates to the infrastructure hosts: + deny tests.nsupdate.info. name tests.nsupdate.info; + deny tests.nsupdate.info. name www.tests.nsupdate.info; + deny tests.nsupdate.info. name ipv4.tests.nsupdate.info; + deny tests.nsupdate.info. name ipv6.tests.nsupdate.info; + // but we allow updates to any other host: + grant tests.nsupdate.info. subdomain tests.nsupdate.info; + }; +}; diff --git a/scripts/docker/bind/zones/nsupdate.info b/scripts/docker/bind/zones/nsupdate.info new file mode 100644 index 0000000..f476411 --- /dev/null +++ b/scripts/docker/bind/zones/nsupdate.info @@ -0,0 +1,20 @@ +$ORIGIN . +$TTL 3600 ; 1 hour +nsupdate.info IN SOA ns1.nsupdate.info. root.nsupdate.info. ( + 2016081401 ; serial + 7200 ; refresh (2 hours) + 1800 ; retry (30 minutes) + 604800 ; expire (1 week) + 60 ; minimum (1 minute) + ) + NS 127.0.0.1. + A 127.0.0.1 + AAAA ::1 + +$ORIGIN nsupdate.info. +$TTL 3600 ; 1 hour +ipv4 A 127.0.0.1 +ipv6 AAAA ::1 +www A 127.0.0.1 + AAAA ::1 + A 127.0.0.1 diff --git a/scripts/docker/bind/zones/tests.nsupdate.info b/scripts/docker/bind/zones/tests.nsupdate.info new file mode 100644 index 0000000..61277d4 --- /dev/null +++ b/scripts/docker/bind/zones/tests.nsupdate.info @@ -0,0 +1,18 @@ +$ORIGIN . +$TTL 3600 ; 1 hour +tests.nsupdate.info IN SOA ns1.tests.nsupdate.info. root.tests.nsupdate.info. ( + 2016081401 ; serial + 7200 ; refresh (2 hours) + 1800 ; retry (30 minutes) + 604800 ; expire (1 week) + 60 ; minimum (1 minute) + ) + NS 127.0.0.1. + A 127.0.0.1 + AAAA ::1 + +$ORIGIN tests.nsupdate.info. +ipv4 A 1.2.3.4 +ipv6 AAAA ::1 +www A 1.2.3.4 + AAAA ::1 diff --git a/scripts/docker/test.sh b/scripts/docker/test.sh new file mode 100755 index 0000000..02787b6 --- /dev/null +++ b/scripts/docker/test.sh @@ -0,0 +1,12 @@ +#!/bin/sh + +set -euxo pipefail + +cd /tmp && named -g -u named -c /etc/bind/named.conf.local & + +cd /app +pip install -e . +pip install -r requirements.txt + +pylint src/nsupdate +pytest src/nsupdate