Merge pull request #198 from akquinet/regex-records-permission

rwxd · web-flow · commit a3d26cd5a152 · 2026-03-26T11:20:17.000+01:00
tests: added tests for .* regex zone
diff --git a/tests/unit/config_test.py b/tests/unit/config_test.py
@@ -300,6 +300,72 @@ def test_check_rrset_not_allowed_single_entries():
         assert not check_rrset_allowed(zone, rrset)
 
 
+def test_check_rrset_allowed_regex_zone_with_regex_records():
+    zone = ProxyConfigZone(
+        name=".*",
+        regex=True,
+        regex_records=["^_acme-challenge\\..*"],
+    )
+
+    rrset_allowed: RRSET = {
+        "name": "_acme-challenge.example.com.",
+        "type": "TXT",
+        "changetype": "REPLACE",
+        "ttl": 3600,
+        "records": [],
+        "comments": [],
+    }
+    assert check_rrset_allowed(zone, rrset_allowed)
+
+    rrset_denied: RRSET = {
+        "name": "www.example.com.",
+        "type": "TXT",
+        "changetype": "REPLACE",
+        "ttl": 3600,
+        "records": [],
+        "comments": [],
+    }
+    assert not check_rrset_allowed(zone, rrset_denied)
+
+
+def test_check_rrset_allowed_regex_zone_with_multiple_regex_records():
+    zone = ProxyConfigZone(
+        name=".*\\.example\\.com",
+        regex=True,
+        regex_records=["^_.*", "^test-.*"],
+    )
+
+    rrset1: RRSET = {
+        "name": "_acme-challenge.sub.example.com.",
+        "type": "TXT",
+        "changetype": "REPLACE",
+        "ttl": 3600,
+        "records": [],
+        "comments": [],
+    }
+    assert check_rrset_allowed(zone, rrset1)
+
+    rrset2: RRSET = {
+        "name": "test-server.example.com.",
+        "type": "CNAME",
+        "changetype": "REPLACE",
+        "ttl": 3600,
+        "records": [],
+        "comments": [],
+    }
+    assert check_rrset_allowed(zone, rrset2)
+
+    rrset3: RRSET = {
+        "name": "www.example.com.",
+        "type": "A",
+        "changetype": "REPLACE",
+        "ttl": 3600,
+        "records": [],
+        "comments": [],
+    }
+    assert not check_rrset_allowed(zone, rrset3)
+
+
 def test_check_rrsets_request_allowed_no_raise():
     zone = ProxyConfigZone(
         name="test-zone.example.com.",
