flo/nsupdate.info
1
0
Fork 0
Code Issues 1 Pull Requests 2 Packages Releases Activity

Add testing in docker

Browse Source 
I can't run tests in travis and due to the bind9 dependency it's
difficult to run on the local machine. Docker is tricky due to changing
the nameserver to 127.0.0.1 but with the right parameter it works.

There are still a handful of tests failing. I couldn't figure out why
yet.
This commit is contained in:
Florian Eitel 2023-01-14 20:46:50 +01:00
parent a9883d69d2
commit e1b3eb95ae
Signed by: flo
GPG Key ID: 9987EAFEF6F686BB
5 changed files with 108 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
scripts/docker/Dockerfile Normal file
View File

@ -0,0 +1,9 @@
FROM python:3.10-alpine
WORKDIR /app
RUN apk add bind git
COPY bind/named.conf.local /etc/bind/named.conf.local
COPY bind/zones/ /var/lib/bind/pri/
RUN chown named -R /var/lib/bind/pri/
CMD /app/scripts/docker/test.sh

49
scripts/docker/bind/named.conf.local Normal file
View File

@ -0,0 +1,49 @@
//
// Do any local configuration here
//
key "nsupdate.info." {
algorithm hmac-sha512;
secret "YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYQ==";
};
key "tests.nsupdate.info." {
algorithm hmac-sha512;
secret "YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYQ==";
};
zone "nsupdate.info" {
type master;
file "/var/lib/bind/pri/nsupdate.info";
update-policy {
// these "deny" entries are needed for the service domain,
// if you add another domain, you may want to check the need
// for other "deny" entries if the zone is not fully available.
// we don't allow updates to the infrastructure hosts:
deny nsupdate.info. name nsupdate.info;
deny nsupdate.info. name www.nsupdate.info;
deny nsupdate.info. name ipv4.nsupdate.info;
deny nsupdate.info. name ipv6.nsupdate.info;
// this host is for testing if the nameserver is configured correctly and reachable
grant nsupdate.info. name connectivity-test.nsupdate.info A;
// but we allow updates to any other host:
grant nsupdate.info. subdomain nsupdate.info;
};
};
zone "tests.nsupdate.info" {
type master;
file "/var/lib/bind/pri/tests.nsupdate.info";
update-policy {
// these "deny" entries are needed for the service domain,
// if you add another domain, you may want to check the need
// for other "deny" entries if the zone is not fully available.
// we don't allow updates to the infrastructure hosts:
deny tests.nsupdate.info. name tests.nsupdate.info;
deny tests.nsupdate.info. name www.tests.nsupdate.info;
deny tests.nsupdate.info. name ipv4.tests.nsupdate.info;
deny tests.nsupdate.info. name ipv6.tests.nsupdate.info;
// but we allow updates to any other host:
grant tests.nsupdate.info. subdomain tests.nsupdate.info;
};
};

20
scripts/docker/bind/zones/nsupdate.info Normal file
View File

@ -0,0 +1,20 @@
$ORIGIN .
$TTL 3600 ; 1 hour
nsupdate.info IN SOA ns1.nsupdate.info. root.nsupdate.info. (
2016081401 ; serial
7200 ; refresh (2 hours)
1800 ; retry (30 minutes)
604800 ; expire (1 week)
60 ; minimum (1 minute)
)
NS 127.0.0.1.
A 127.0.0.1
AAAA ::1
$ORIGIN nsupdate.info.
$TTL 3600 ; 1 hour
ipv4 A 127.0.0.1
ipv6 AAAA ::1
www A 127.0.0.1
AAAA ::1
A 127.0.0.1

18
scripts/docker/bind/zones/tests.nsupdate.info Normal file
View File

@ -0,0 +1,18 @@
$ORIGIN .
$TTL 3600 ; 1 hour
tests.nsupdate.info IN SOA ns1.tests.nsupdate.info. root.tests.nsupdate.info. (
2016081401 ; serial
7200 ; refresh (2 hours)
1800 ; retry (30 minutes)
604800 ; expire (1 week)
60 ; minimum (1 minute)
)
NS 127.0.0.1.
A 127.0.0.1
AAAA ::1
$ORIGIN tests.nsupdate.info.
ipv4 A 1.2.3.4
ipv6 AAAA ::1
www A 1.2.3.4
AAAA ::1

12
scripts/docker/test.sh Executable file
View File

@ -0,0 +1,12 @@
#!/bin/sh
set -euxo pipefail
cd /tmp && named -g -u named -c /etc/bind/named.conf.local &
cd /app
pip install -e .
pip install -r requirements.txt
pytest src/nsupdate || true
pylint src/nsupdate || true