dns-rfc2136: add test coverage for PR #9672 (#9684)

* dns-rfc2136: add test coverage for PR #9672 * fix compatibility with oldest dnspython * rename test to be more descriptive Co-authored-by: ohemorange <ebportnoy@gmail.com> --------- Co-authored-by: ohemorange <ebportnoy@gmail.com>
2026-01-26 07:41:33 +03:00 · 2023-05-09 07:34:40 +10:00
parent 5b5a2efdc9
commit 6e52695faa
1 changed files with 27 additions and 2 deletions
--- a/certbot-dns-rfc2136/certbot_dns_rfc2136/_internal/tests/dns_rfc2136_test.py
+++ b/certbot-dns-rfc2136/certbot_dns_rfc2136/_internal/tests/dns_rfc2136_test.py
@@ -40,8 +40,19 @@ class AuthenticatorTest(test_util.TempDirTestCase, dns_test_common.BaseAuthentic

        self.mock_client = mock.MagicMock()
        # _get_rfc2136_client | pylint: disable=protected-access
+        self.orig_get_client = self.auth._get_rfc2136_client
        self.auth._get_rfc2136_client = mock.MagicMock(return_value=self.mock_client)

+    def test_get_client_default_conf_values(self):
+        # algorithm and sign_query are intentionally absent to test that the default (None)
+        # value does not crash Certbot.
+        creds = { "server": SERVER, "port": PORT, "name": NAME, "secret": SECRET }
+        self.auth.credentials = mock.MagicMock()
+        self.auth.credentials.conf = lambda key: creds.get(key, None)
+        client = self.orig_get_client()
+        assert client.algorithm == self.auth.ALGORITHMS["HMAC-MD5"]
+        assert client.sign_query == False
+
    @test_util.patch_display_util()
    def test_perform(self, unused_mock_get_utility):
        self.auth.perform([self.achall])
@@ -100,7 +111,7 @@ class RFC2136ClientTest(unittest.TestCase):
        from certbot_dns_rfc2136._internal.dns_rfc2136 import _RFC2136Client

        self.rfc2136_client = _RFC2136Client(SERVER, PORT, NAME, SECRET, dns.tsig.HMAC_MD5,
-        TIMEOUT)
+        False, TIMEOUT)

    @mock.patch("dns.query.tcp")
    def test_add_txt_record(self, query_mock):
@@ -177,14 +188,17 @@ class RFC2136ClientTest(unittest.TestCase):
            self.rfc2136_client._find_domain('foo.bar.'+DOMAIN)

    @mock.patch("dns.query.tcp")
-    def test_query_soa_found(self, query_mock):
+    @mock.patch("dns.message.make_query")
+    def test_query_soa_found(self, mock_make_query, query_mock):
        query_mock.return_value = mock.MagicMock(answer=[mock.MagicMock()], flags=dns.flags.AA)
        query_mock.return_value.rcode.return_value = dns.rcode.NOERROR
+        mock_make_query.return_value = mock.MagicMock()

        # _query_soa | pylint: disable=protected-access
        result = self.rfc2136_client._query_soa(DOMAIN)

        query_mock.assert_called_with(mock.ANY, SERVER, TIMEOUT, PORT)
+        mock_make_query.return_value.use_tsig.assert_not_called()
        assert result

    @mock.patch("dns.query.tcp")
@@ -218,6 +232,17 @@ class RFC2136ClientTest(unittest.TestCase):
        udp_mock.assert_called_with(mock.ANY, SERVER, TIMEOUT, PORT)
        assert result

+    @mock.patch("dns.query.tcp")
+    @mock.patch("dns.message.make_query")
+    def test_query_soa_signed(self, mock_make_query, unused_mock_query):
+        mock_make_query.return_value = mock.MagicMock()
+        self.rfc2136_client.sign_query = True
+        self.rfc2136_client.algorithm = "alg0"
+
+        self.rfc2136_client._query_soa(DOMAIN)
+
+        mock_make_query.return_value.use_tsig.assert_called_with(mock.ANY, algorithm="alg0")
+

 if __name__ == "__main__":
    sys.exit(pytest.main(sys.argv[1:] + [__file__]))  # pragma: no cover