readme: more tests (#1184)

* readme: more tests

Add dnssec and file plugin to the test readme. This requires creating a
bunch of files with the right content. Doing so already unconvered an
unconditional type assertion in DNSSEC. This PR will include the fix for
that as well.

Also extended the snippets in the file plugin README, so that they are
whole Corefile - showing more value and checking all corefile snippets.

Create outliner right now is the kubernetes plugin, because even setting
the right env vars will result in:

open /var/run/secrets/kubernetes.io/serviceaccount/token: no such file or directory":

Which we can't create for a test.

* lint

2 files changed, 17 insertions, 15 deletions

diff --git a/plugin/dnssec/README.md b/plugin/dnssec/README.md
index bf560464d..372e9d971 100644
--- a/plugin/dnssec/README.md
+++ b/plugin/dnssec/README.md
@@ -47,10 +47,10 @@ If monitoring is enabled (via the *prometheus* directive) then the following met
 
 Sign responses for `example.org` with the key "Kexample.org.+013+45330.key".
 
-~~~
-example.org:53 {
+~~~ corefile
+example.org {
     dnssec {
-        key file /etc/coredns/Kexample.org.+013+45330
+        key file Kexample.org.+013+45330
     }
     whoami
 }
@@ -59,10 +59,10 @@ example.org:53 {
 Sign responses for a kubernetes zone with the key "Kcluster.local+013+45129.key".
 
 ~~~
-cluster.local:53 {
-    kubernetes cluster.local
-    dnssec cluster.local {
-      key file /etc/coredns/Kcluster.local+013+45129
+cluster.local {
+    kubernetes
+    dnssec {
+      key file Kcluster.local+013+45129
     }
 }
 ~~~
@@ -70,17 +70,16 @@ cluster.local:53 {
 ## Bugs
 
 Multiple *dnssec* plugins inside one server stanza will silently overwrite earlier ones, here
-`example.local` will overwrite the one for `cluster.local`.
+`example.local` will overwrite the one for `cluster.org`.
 
 ~~~
-.:53 {
+. {
     kubernetes cluster.local
     dnssec cluster.local {
-      key file /etc/coredns/cluster.local
+      key file Kcluster.local+013+45129
     }
-    dnssec example.local {
-      key file /etc/coredns/example.local
+    dnssec example.org {
+      key file Kexample.org.+013+45330
     }
-    whoami
 }
 ~~~
diff --git a/plugin/dnssec/dnskey.go b/plugin/dnssec/dnskey.go
index 885538fbf..5c326d9a9 100644
--- a/plugin/dnssec/dnskey.go
+++ b/plugin/dnssec/dnskey.go
@@ -38,7 +38,10 @@ func ParseKeyFile(pubFile, privFile string) (*DNSKEY, error) {
 		return nil, e
 	}
 
-	dk := k.(*dns.DNSKEY)
+	dk, ok := k.(*dns.DNSKEY)
+	if !ok {
+		return nil, errors.New("no public key found")
+	}
 	p, e := dk.ReadPrivateKey(f, privFile)
 	if e != nil {
 		return nil, e
@@ -50,7 +53,7 @@ func ParseKeyFile(pubFile, privFile string) (*DNSKEY, error) {
 	if s, ok := p.(*ecdsa.PrivateKey); ok {
 		return &DNSKEY{K: dk, D: dk.ToDS(dns.SHA256), s: s, tag: dk.KeyTag()}, nil
 	}
-	return &DNSKEY{K: dk, D: dk.ToDS(dns.SHA256), s: nil, tag: 0}, errors.New("no known private key found")
+	return &DNSKEY{K: dk, D: dk.ToDS(dns.SHA256), s: nil, tag: 0}, errors.New("no private key found")
 }
 
 // getDNSKEY returns the correct DNSKEY to the client. Signatures are added when do is true.